Time is money when it comes to AWS implementations.
It is important to move things quickly and efficiently from the beginning. But where do you begin when you are working with Infrastructure as a Service functions in the public cloud? Let’s take a look at an example AWS implementation guide. IaaS refers the use of the cloud to host the servers, networking, and other devices necessary to provide a complete Information Technology (IT). IaaS is only one of many ‘as-a-service’ options that we have today, but it is a common one.
The AWS root account, and IAM
This email address is the most powerful account in AWS’ Identity and Access Management (IAM). It can configure all aspects of AWS services and manage billing and payment.
This account is extremely powerful and you should use it sparingly. You can create a second account in AWS IAM for yourself and make it an AWS administrator account.
That account can be used to manage your infrastructure. You might also create additional accounts with different privilege levels.
For example, if you have an account that you can use to access the Simple Storage Service (S3), you could use that account whenever you need to work with S3. This is part of the Least Privilege security design.
Figure 1: The IAM Dashboard
In this example, you can see how I have:
My root account access keys were deleted from the cloud so that there is less chance for compromise
Activated Multifactor Authentication on root account
I have created individual IAM users with which I can log in and that have a reduced privileges than the root account.
My IAM approach is scalable because I used groups to assign permissions
I have implemented an IAM password policy to ensure that my users don’t compromise security by using easy-to-crack passwords
We can help you find the best people for your AWS implementation. Tell us what you are looking for and we will create a job description that will attract professionals with the right skills.
Upload a job
Your own Virtual Private Cloud Amazon offers this capability through the Virtual Private Cloud (VPC).
When you create your AWS account, AWS creates your default VPC for you. These components make up the default VPC:
A private IPv4 address space that can accommodate 65,536 private IPv4 accounts
Each Availability Zone in your AWS Region has a default subnet. Each subnet can accommodate 4,096 addresses
An Internet Gateway that is connected to your default VPC
A default Security Group that is associated with the default VPC. This Security Group allows you to control traffic flows between virtual machines (EC2 instances), you might create in AWS.
You can control traffic into and from your subnets by creating a default Network Access Control List. This security structure is associated with your default VPC.
A default set DHCP options to your VPC
These default constructs should be left intact by some AWS architects so that they can be used for other purposes.
They create a custom VPC with all the specifications they require. Others will happily use the default VPC, but they can modify it to suit their needs. I have done both with great success in the past.
Figure 2:
