AWS Accounts

AWS Accounts are a fundamental part of AWS and enable you to create, access, and manage cloud resources. Each account functions as a secure, isolated environment for running services, with its own billing and access controls.

Accounts are used to separate concerns and can be done in multiple fashions. For example you might have an account for each:

  • Environment such as production, development and testing

  • Product or service

  • Team or client

Creating an AWS Account

When creating an AWS account you will need:

  • An account name, such as `Production` or `Client X`

  • A unique email address (plus addressing will work just fine)

  • A billing card that will be used to pay for any usage over the free allowance

The email address used becomes the root account user and will always have full unrestricted access to everything within this account container and much like Linux servers its considered best practice to avoid using this account for everyday tasks and being extremely cautious on who has access to the root user account.

Setting up MFA on Accounts

More about what Multi Factor Authentication is and how it is used can be found in the Multi Factor Authentication page.

  1. Click the dropdown in the top right of the account with the user profile you wish to secure with MFA

  2. Click on Security Credentials

  3. Enter a name to identify the Authenticator Device or App

  4. Select the appropriate MFA device type for the device being used.

  5. On the next page click to show the QR code and scan with the device

  6. Provide two sample codes.

Repeat this process for each of the Account’s users you wish to secure.

For production level apps, its considered best practice to use a hardware token, rather than the app on your phone or laptop.

Creating a budget

Creating a budge for each account will help ensure your project says within its means. Budgets are soft limits that trigger notification emails as you are approaching. Without manual intervention your bill can exceed this budget.

TIP: Enable Monthly Email Invoices
By default AWS alerts you via email your invoice is ready, but you will need to login to view it.

To enable the invoice PDF to be attached to the email:

  • Click the top right drop down in the Root Users’s profile

  • Click billing & cost management

  • Click billing preferences in the sidebar

  • Check the boxes for:

    • PDF invoiced delivered by email

    • Receive AWS Free Tier alerts

    • Receive CloudWatch billing alerts

Now to set up a budget on the account:

  • Click the top right dropdown in the Root user’s profile

  • Click billing & cost management

  • Then click the budget option in the sidebar

  • Click the create budge button and then select a template that suits your ideal budget.

CHECKLIST FOR CREATING A NEW ACCOUNT

  • **EMAIL - **Figure out the unique email address you want to use for the new account. Using the email plusing trick if required.

  • MFA - Setup a brand new MFA on the root user profile for the new account and test it works

  • BUDGET - Set up a spend budget for the new AWS account. Remembering to set the invoice and free tier notifications from above.

  • **UPDATE - **Update alternative contacts

  • **IAM BILLING **- Enable IAM users access to billing, which can be found a little further down from the Alternate contacts section.

Updated on
Key Terminology
Multi Factor Authentication