Part 1: Setting Up AWS Free Tier account

1. Most of the labs in this option has been developed using AWS Free Tier account.

2. In this page you can learn how to set up an AWS Account.

a. Use your @my.bcit.ca email address.

b. When asked to select an AWS Service Plan, choose Basic (Free).

3. Log back into aws.amazon.com to verify your account has been created.

Part 2: Activating MFA (Multi-Factor Authentication) on your account

1. This part requires that you have a mobile (cell) phone.

2. Log into your AWS with your root account (...@ mybcit.ca account )

3. Download and install a virtual MFA application to your mobile device. See list in the

screen shot below. Given the choice, you may select Google Authenticator.

4. On the AWS Console, click on your root account (your name) and select “My Security

Credentials”

1
5. Under “Multi-factor authentication (MFA)” click on Activate MFA.

6. Choose “virtual MFA device”.

7. From the wizard, choose Show QR code and use the authenticator on your mobile device

to scan the barcode.

8. You will be required to enter two numbers. Wait up to 30 seconds for your mobile to

generate second MFA code.

9. Refresh the webpage to verify that MFA was successful.

10. Now, when you log into your root account, you will be asked to enter your

Authentication Code generated from your mobile device:

2
11. After logging, on the AWS Console, click on your root account (your name) and select

“My Security Credentials” again.

12. Click on Access keys (access key ID and secret access key) and then click on Create

New Access key.

3
 13. Download Key file and SAVE it in a secure place, we need it for all the three cloud

courses. Don’t share it with anyone.

Downloaded file contains access key ID and secret access key for your root user.

Part 3: AWS Billing Alarm

1. Log into your AWS account.

2. In the top right corner, click on the drop down menu next to your name.

3. Select “My Billing Dashboard.”

4. On the left side of the screen, click on “Billing preferences".

5. Under Preferences, turn on “Receive PDF Invoice by Email”, Receive Free Tier Usage

Alerts, and “Receive Billing Alerts”.

4
6. Save the Preferences.

7. Click “Manage Billing Alerts” under the “Receive Billing Alerts” paragraph.

8. This will take you to the CloudWatch area of the AWS Console. We will go into more

detail on this in later labs.

9. If necessary, change the Region to US East (N. Virginia). Billing metric data is stored in

this Region and represents worldwide charges.

10. On the left side, click Alarms.

11. Click “Create Alarm.”

12. Choose “Select metric”. In the All metrics tab, choose “Billing”, “Total Estimated

Charge” and USD for currency.

13. Select the check box next to EstimatedCharges, and choose Select metric.

5
14. We want to receive an email when we receive ANY charges. Under Whenever Estimated

Charges is, select Greater and enter the monetary amount (“0.01” USD) that must be

exceeded to trigger the alarm and send an email.

Click on next.

15. Under Select a SNS topic, select create new topic.

16. Enter your email address and click on Create topic.

17. Make sure to confirm your email address when you get confirmation email.

6
18. Click next and set the name as Billing Alarm.

19. Click on Create alarm.

20. You should see your alarm.

7
Part 4: Create new IAM user and Customize sign in link for new IAM user

1. To customize sign in link for new IAM user:

a. Type “IAM “into the AWS Services search window and go to the IAM

dashboard.

b. Click on customize to the right of IAM user sign-in link.

c. Change the name of the sign-in link to make it easy to remember. I used “comp

3962-bcit”. Use your student Id, A00… . Must be unique across all regions!

2. Create a new, AWS individual IAM user:

a. This will be the user you may use most of the time to sign in.

b. You will use it in combination with the IAM user’s sign-in link.

c. On the left, select Users and click “Add user.”

8
d. Enter a user name. I suggest CCO-your first name. CCO stands for Cloud

Computing Option.

e. Select Programmatic access and AWS Management console access.

f. Enter a custom password and uncheck “require password reset.

g. Click Next:Permissions.

9
h. Click “Attach existing policies directly.

i. Click the policy “AdministratorAccess”.

j. Click “Next:Tag” in lower right corner.

k. Click “Next:Review” in lower right corner.

l. Then click “Create user.”

m. Download the CSV file containing the Access key ID and Secret access key.

It also contains the sign-in link. Save this in a secure place!

If you lose this file, you will have to delete the user and recreate the user.

10
n. Click the “Send email” button the right. It will contain the login link for your new

user.

Email it to yourself to have the information.

11
3. Enable MFA for this new user:

a. Click Users on the left.

b. Click on the user.

c. Click the “Security credentials” tab.

d. In the middle of the screen, look at “Assigned MFA device.” Currently set to No.

e. Click on Manage to enable MFA on this account.

12
f. When you sign in using the IAM sign-in URL and the user name, you will not

receive a text message with the authentication code. You must go to the

Authenticator app and use the six-digit code that is displayed in the app.

g. Finally, sign in using the link in your email and the new user.

h. You will be prompted to enter an MFA Code as before.

13
Part 5: Use the AWS CLI (your challenge)

1. Install and configure the AWS CLI on your local system (Windows, Mac). Configure it

by running aws configure command. You may configure it with root or IAM user.

2. Using AWS CLI, create an s3 bucket. Bucket name should be globally unique.

3. Copy a simple file from your machine into your new bucket.

4. Lists the buckets that currently exist in your account.

To get you started here are some basic CLI commands:

aws --version

aws configure

aws s3 ls

aws s3api create-bucket

14
Lab deliverables:

After finishing all parts of this lab, call your instructor and show your work:

1. [2 mark] Login to AWS console using your root account with MFA

2. [2 mark] Login to AWS console using your customize IAM user link with MFA

3. [2 mark] Billing Alarm on your root account

4. [1 mark] Confirm that you have saved Access Key ID and Secret Access Key for the root

and IAM user.

5. [1 mark] Show your work for part 6-AWS CLI.

6. [2 mark] Copy the AWS CLI commands for part 5 in a text file and submit it on learning

hub-lab1 before indicated due date.

Cleanup:

After getting your mark, delete any s3 bucket in your account.

15