AWS & GCP Account Setup

AWS & GCP Account Setup

1. AWS Account Creation

1.1 Account Creation Steps

  1. Access AWS Sign-up Page
  2. Click "Create an AWS Account" at https://aws.amazon.com/

  3. Enter Account Information

  4. Email address (for Root account)
  5. AWS account name
  6. Password

  7. Contact Information

  8. Account type: Personal or Business
  9. Name, address, phone number

  10. Billing Information

  11. Credit card registration (required even for free tier)
  12. $1 verification charge (refunded)

  13. Identity Verification

  14. PIN verification via SMS or voice call

  15. Select Support Plan

  16. Recommended: Basic Support (free)

1.2 Root Account Security

The Root account has full permissions, so security hardening is essential.

⚠️ Root Account Security Checklist Set strong password (16+ characters with special characters) Enable MFA (Multi-Factor Authentication) Do not create access keys Do not use Root account for daily tasks Create and use IAM users instead

1.3 MFA Setup (AWS)

Activate MFA from Console:

  1. AWS Console → Top-right account name → "Security credentials"
  2. "Multi-factor authentication (MFA)" section
  3. Click "Activate MFA"
  4. Select MFA device type:
  5. Virtual MFA device: Use Google Authenticator, Authy app
  6. Hardware TOTP token: Physical token
  7. Security key: FIDO security key

Virtual MFA Setup:

1. Install app: Google Authenticator or Authy
2. Scan QR code in app
3. Enter two consecutive MFA codes
4. Click "Assign MFA"

2. GCP Account Creation

2.1 Account Creation Steps

  1. Access GCP Console
  2. https://console.cloud.google.com/

  3. Google Account Login

  4. Use existing Google account or create new one

  5. Accept GCP Terms

  6. Select country
  7. Agree to terms of service

  8. Set Up Billing Account (for free trial)

  9. Enter credit card information
  10. Activate $300 free credit (90 days)

  11. Create First Project

  12. Specify project name
  13. Select organization (select "No organization" for personal use)

2.2 GCP Security Settings

Strengthen Google Account Security:

⚠️ GCP Account Security Checklist Enable 2-Step Verification for Google account Strengthen password security Set up recovery email/phone number Review organization policies (for business) Use service accounts (recommended)

2.3 2-Step Verification Setup (GCP)

  1. Google Account Settings → "Security"
  2. Enable "2-Step Verification"
  3. Select authentication method:
  4. Google prompts
  5. Authenticator app (Google Authenticator)
  6. Security key
  7. Backup codes

3. Console Navigation

3.1 AWS Management Console

Main UI Components:

┌─────────────────────────────────────────────────────────────┐
  [AWS Logo]  Service Search Bar        Region   Account   
├─────────────────────────────────────────────────────────────┤
                                                             
  [Services Menu]                                            
   ├── Compute (EC2, Lambda, ECS...)                         
   ├── Storage (S3, EBS, EFS...)                             
   ├── Database (RDS, DynamoDB...)                           
   ├── Networking (VPC, Route 53...)                         
   ├── Security (IAM, KMS...)                                
   └── Management (CloudWatch, CloudFormation...)            
                                                             
  [Recently Visited Services]                                
  [Favorite Services]                                        
                                                             
└─────────────────────────────────────────────────────────────┘

Useful Features: - Service Search: Enter service name in top search bar - Region Selection: Select working region from top-right - CloudShell: Browser-based terminal (AWS CLI pre-installed) - Resource Groups: Group resources and manage tags

3.2 GCP Console

Main UI Components:

┌─────────────────────────────────────────────────────────────┐
  [GCP Logo]  [Project Select ]  Search Bar    [Account Icon]
├──────────────┬──────────────────────────────────────────────┤
  [Navigation]                                              
               [Dashboard]                                 
   ├─ Compute    ├── Project info                           
   ├─ Storage    ├── Resource summary                       
   ├─ Networking  ├── API activity                          
   ├─ Database   └── Billing summary                        
   ├─ Security                                              
   ├─ Tools                                                 
   └─ Billing                                               
                                                            
└──────────────┴──────────────────────────────────────────────┘

Useful Features: - Project Selection: Switch projects from top-left - Cloud Shell: Terminal icon at top-right (gcloud pre-installed) - Pin Services: Pin frequently used services to menu - APIs & Services: Manage API activation


4. First Project/Resource Group

4.1 AWS: Resource Management with Tags

AWS manages resources with tags instead of a project concept.

# Example of tagging resources during creation
aws ec2 run-instances \
    --image-id ami-12345678 \
    --instance-type t2.micro \
    --tag-specifications 'ResourceType=instance,Tags=[{Key=Project,Value=MyApp},{Key=Environment,Value=dev}]'

Tag Best Practices:

Tag Key Example Value Purpose
Project MyApp Track costs by project
Environment dev, staging, prod Distinguish environments
Owner john@example.com Identify owner
CostCenter IT-001 Assign cost center

4.2 GCP: Project Creation

GCP isolates resources and billing by project.

Create Project: 1. Console top → Project selection dropdown 2. Click "New Project" 3. Enter project name (unique ID auto-generated) 4. Link billing account 5. Click "Create"

# Create project with gcloud
gcloud projects create my-project-id \
    --name="My Project" \
    --labels=env=dev

# Switch project
gcloud config set project my-project-id

Recommended Project Structure:

Organization (optional)
├── Folder: Development
│   ├── Project: dev-frontend
│   └── Project: dev-backend
├── Folder: Production
│   ├── Project: prod-frontend
│   └── Project: prod-backend
└── Folder: Shared
    └── Project: shared-services

5. Cost Alerting Setup

5.1 AWS Budget Alerts

Set Up AWS Budgets:

  1. AWS Console → "Billing and Cost Management" → "Budgets"
  2. Click "Create budget"
  3. Select budget type: "Cost budget"
  4. Configure budget:
  5. Name: "Monthly Budget"
  6. Amount: Desired limit (e.g., $50)
  7. Period: Monthly

  8. Alert conditions:

  9. Alert when actual cost reaches 80% of budget
  10. Alert when forecasted cost exceeds 100%

  11. Alert recipients:

  12. Enter email addresses
  13. Link SNS topic (optional)
# Create budget with AWS CLI
aws budgets create-budget \
    --account-id 123456789012 \
    --budget '{
        "BudgetName": "Monthly-50USD",
        "BudgetLimit": {"Amount": "50", "Unit": "USD"},
        "TimeUnit": "MONTHLY",
        "BudgetType": "COST"
    }' \
    --notifications-with-subscribers '[{
        "Notification": {
            "NotificationType": "ACTUAL",
            "ComparisonOperator": "GREATER_THAN",
            "Threshold": 80
        },
        "Subscribers": [{
            "SubscriptionType": "EMAIL",
            "Address": "your@email.com"
        }]
    }]'

5.2 GCP Budget Alerts

Set Up GCP Billing Budget:

  1. Console → "Billing" → "Budgets & alerts"
  2. Click "Create budget"
  3. Configure budget:
  4. Name: "Monthly Budget"
  5. Projects: All or specific projects
  6. Amount: Specified amount (e.g., $50)

  7. Alert thresholds:

  8. Set alerts at 50%, 90%, 100%

  9. Alert channels:

  10. Email recipients
  11. Cloud Monitoring (optional)
  12. Pub/Sub topic (for automation)
# Create budget with gcloud
gcloud billing budgets create \
    --billing-account=BILLING_ACCOUNT_ID \
    --display-name="Monthly Budget" \
    --budget-amount=50USD \
    --threshold-rule=percent=0.5 \
    --threshold-rule=percent=0.9 \
    --threshold-rule=percent=1.0

6. Free Tier Utilization

6.1 AWS Free Tier

Type Service Free Limit
12 Months Free EC2 t2.micro 750 hours/month
S3 5GB storage
RDS db.t2.micro 750 hours/month
CloudFront 50GB data transfer
Always Free Lambda 1M requests/month
DynamoDB 25GB storage, 25 WCU/RCU
SNS 1M requests/month
CloudWatch Basic monitoring

Monitor Free Tier: - Console → "Billing" → "Free Tier" tab to check usage

6.2 GCP Free Tier

Type Service Free Limit
$300 Credit All services 90 days (new accounts)
Always Free Compute Engine 1 e2-micro (specific regions)
Cloud Storage 5GB (US region)
Cloud Functions 2M invocations/month
BigQuery 1TB queries/month, 10GB storage
Cloud Run 2M requests/month
Firestore 1GB storage, 50K reads/day

Always Free Region Restrictions: - Compute Engine e2-micro: Only us-west1, us-central1, us-east1


7. Initial Security Setup Summary

7.1 AWS Initial Security Checklist

□ Enable Root account MFA
□ Verify Root access keys are deleted
□ Create IAM users and enable MFA
□ Strengthen IAM password policy
□ Enable CloudTrail (audit logs)
□ Set up budget alerts
□ Verify S3 public access block settings

7.2 GCP Initial Security Checklist

 Enable 2-Step Verification for Google account Review organization policies (if applicable) Create service accounts (for applications) Grant least privilege IAM roles Enable Cloud Audit Logs Set up budget alerts Review VPC firewall rules

8. Next Steps


References

to navigate between lessons