- Watch Week-0 Video
Week 0 - Generate Credentials, AWS CLI, Budget and Billing Alarm via CLI
AWS Organizations & AWS IAM Tutorial For Beginners - Cloud BootCamp - Week 0
- Read all the necessary information
-
Creat All needed for project account
- AWS
- Lucidcharts
- Github/Codespace
- Gitpod
- Momento
- AWS Route 53 (delyourhistory.link)
- HoneyComb
- Rollbar
-
Clone main branch for cruddur app
- Create week-0 branch for Homework submissions
- Install AWS CLI for SDE
- Create AWS Credentials
- Secure Account with MFA and AWS Organizations
- Create Custom AWS OU SCP Best Practice Policy
https://github.com/hashishrajan/aws-scp-best-practice-policies
- Enable Billing and Billing alarm for AWS Account
- Create Napkin Diagramm
- Create Conceptual Diagramm
- Create Logical Diagramm
- Create AWS Budget
- Activate AWS CloudTrail Services (free tier for 90 days)
My Example
My Conceptual Diagramm Conceptual Diagramm
My example for this project Lucid Charts Share Link
- Secure and add MFA for root user What is MFA
- Create additional user at the IAM Dashboard (Optinal: you can creat user with AWS portall or AD login with granular access policy)
- Set account alias and region
gp init # for initialize our .gitpod.yml conf file
tasks:
- name: aws-cli
env:
AWS_CLI_AUTO_PROMPT: on-partial
init: |
cd /workspace
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
cd $THEIA_WORKSPACE_ROOT
You can get these ENV Variable via command line or programmatic access link
We will set these credentials for the current bash terminal
export AWS_ACCESS_KEY_ID=""
export AWS_SECRET_ACCESS_KEY=""
export AWS_DEFAULT_REGION=us-east-1
We'll tell Gitpod to remember these credentials if we relaunch our workspaces
gp env AWS_ACCESS_KEY_ID=""
gp env AWS_SECRET_ACCESS_KEY=""
gp env AWS_DEFAULT_REGION=us-east-1
aws sts get-caller-identity
You should see something like this:
{
"UserId": "AIFBZRJIQN2ONP4ET4EK4",
"Account": "655602346534",
"Arn": "arn:aws:iam::655602346534:user/andrewcloudcamp"
}
In my case lools like this:
We need to turn on Billing Alerts to recieve alerts...
- In your Root Account
- go to the Billing Page
- Under
Billing Preferences
ChooseReceive Billing Alerts
- Save Preferences
- We need an SNS topic before we create an alarm.
- The SNS topic is what will delivery us an alert when we get overbilled
- aws sns create-topic
We'll create a SNS Topic
aws sns create-topic --name billing-alarm
which will return a TopicARN
We'll create a subscription supply the TopicARN and our Email
aws sns subscribe \
--topic-arn TopicARN \
--protocol email \
--notification-endpoint your@email.com
Check your email and confirm the subscription
- aws cloudwatch put-metric-alarm
- Create an Alarm via AWS CLI
- We need to update the configuration json script with the TopicARN we generated earlier
- We are just a json file because --metrics is is required for expressions and so its easier to us a JSON file.
aws cloudwatch put-metric-alarm --cli-input-json file://aws/json/alarm_config.json
Get your AWS Account ID
aws sts get-caller-identity --query Account --output text
- Supply your AWS Account ID
- Update the json files
- This is another case with AWS CLI its just much easier to json files due to lots of nested json
aws budgets create-budget \
--account-id AccountID \
--budget file://aws/json/budget.json \
--notifications-with-subscribers file://aws/json/budget-notifications-with-subscribers.json
- AWS OU Configuration
- AWS SCP Recommendation
- AWS CloudTrail