AWS Fundamentals: IAM, GitHub, and AWS CLI
Table of Contents
AWS Fundamentals: Create an Account, Billing Alarm, and Budgets
AWS Fundamentals: IAM user, GitHub, and AWS CLI
Introduction
In this article, we will create an Admin user in AWS. We will also install the AWS CLI to create AWS Billing Alarms and Budgets.
You can do many things with the AWS CLI, but I want to start with something to get a simple understanding of it.
We will use gitpod to install the AWS CLI to make it accessible for everyone following along.
Create a new Admin user
Create a new user in the IAM Users Console by searching IAM or going to https://us-east-1.console.aws.amazon.com/iamv2/home?region=us-east-1#/users
Click Add users
In step 1, Enable AWS Management Console access, choose I want to create an IAM user, choose your password preferences, then click Next.
Step 2 is used to set the user’s permissions. We want to add the user to an Administrator group.
If you don’t have a group, create one by clicking Create group.
- Give the group a name, such as Admin and check AdministratorAccess
- Click Create user group at the bottom.
Check the Admin group you want to add the user to.
Click Next, then Create User.
Create IAM User Access Key
Click the user name of the IAM user, then click the Security Credentials tab.
Now click Create Access Key.
Choose Command Line Interface (CLI) then click Next.
Click Create access key
This will give you an access key and a secret access key. Keep these in a safe place.
Create a GitHub Account
We will use GitHub to store our code. Visit GitHub to create a new account.
At the top right, click the plus icon. Then click New Repository
Give the repository a name and set the visibility
Click Create Repository
Create a Gitpod account
Gitpod gives you an online dev environment. You will run our code here. You can also follow along on your personal computer as well just skip this part.
Sign up for a free Gitpod account here:
It may ask you what editor you want to use if you haven’t chosen a default. We will be using Visual Studio Code.
Download the chrome extension for Gitpod.
Go back to your Github repository and reload the page. You should now see a green Gitpod button.
Click Gitpod and you should see the following screen
Click Continue with Github
It may ask you what editor you want to use if you haven’t chosen a default. We will be using Visual Studio Code.
You should now have an environment with VS Code similar to the following.
Install the AWS CLI
We will use the Linux instructions for installing the CLI, but you may refer to your operating system’s instructions in the AWS CLI documentation.
Download the AWS CLI
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
Unzip the CLI tool
unzip awscliv2.zip
Install the AWS CLI.
sudo ./aws/install
Check the AWS version installed
aws --version
Set AWS environment variables
Now we can use the keys we created earlier and set them to environment variables so that we may work with the AWS CLI.
gp env AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE"
gp env AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
gp env AWS_DEFAULT_REGION=us-east-1
You can verify that env are saved within gitpod by going here: https://gitpod.io/user/variables
Check that we are getting the expected user with the following command:
aws sts get-caller-identity
We can also save our AWS account id to the gitpod environment variables
gp env AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
Create a Billing Alarm (via the CLI)
Refer to the AWS CLI docs to create a SNS Topic by running this command in the terminal
aws sns create-topic --name example-billing-alarm
This will give you a topic arn to use in the next command
Refer to the AWS CLI docs to subscribe to a topic using the topic arn from the previous command’s output.
aws sns subscribe \
--topic-arn arn:aws:sns:us-east-2:123456789012:example-billing-alarm \
--protocol email \
--notification-endpoint my-email@example.com
Verify the alarm was created in the AWS Console:
https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#alarmsV2
It may take a few minutes before the alarm is created.
Create an AWS budget (via the CLI)
Create folders aws and json, and go to the json folder using the following command in the terminal
mkdir -p aws/json && cd aws/json
Go to the AWS CLI create budget documentation: https://awscli.amazonaws.com/v2/documentation/api/latest/reference/budgets/create-budget.html#examples
Copy the budget.json and notifications-with-subscribers.json examples into the json folder.
To create a new file you may click the New File… button.
Run this command in your terminal to create the budget
aws budgets create-budget \
--account-id $AWS_ACCOUNT_ID \
--budget file://aws/json/budget.json \
--notifications-with-subscribers file://aws/json/notifications-with-subscribers.json
Verify your budget was created in the AWS console:
https://us-east-1.console.aws.amazon.com/billing/home#/budgets/overview
Congratulations on creating a new IAM user, Github, and Gitpod account. You are now familiar with the AWS CLI, which we will use more in the future.
Subscribe to my newsletter
Read articles from Christopher Coffee directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Christopher Coffee
Christopher Coffee
Documenting things I'm learning.