Although I've already set up a free AWS account, I'm just about to start using it to test what I'm posting about. I also had to go and find a Windows laptop - I normally use only linux at home, but can't test my PowerShell scripts on that! So I'll take the chance to document some basics - how do you start using AWS?
First, you have to sign up for an AWS account. The email address you sign up with is the "root" account - unless you're the only one with access to the account, try not using this, but create an IAM (Identity and Access Management) user (one or more per person).
Make sure you save the credentials somewhere safe - this is what you'll use to sign in. While you're there, when you click on the user, go down and click on "Manage Password" - create a strong password, this allows you to log in to the console as this user. Rather than assigning rights to the user, I would normally create a group, assign rights to the group, and add the user to the group. Click on Groups, Add a group, call it admin and select the policy "Administrator access". Now click on the IAM Dashboard, and save the "IAM users sign-in link. Please note that administrator access does not give you access to everything, a few rights have to be explicitly assigned, but administrator rights do give you the rights to edit your own access if you find you need more.
At this point IAM users won't have access to the billing and account information. If they need it, go to Billing and account Management while still signed in to the root account (click your user name at the top right to get there). On the billing dashboard you'll see a link to Account Management. There "edit" the IAM user access to billing information and activate IAM access.
Once you've set up your account, to the AWS tools page, and download the PowerShell installer. I accept and install everything (although I'm unlikely to need all the SDKs).
Also download the CLI. Start a cmd prompt, run "aws configure" and specify your keys and region (eu-west-1).
Run PowerShell as administrator (or the PowerShell ISE, which is better).
Set-AWSCredentials -AccessKey YourAccessKey -SecretKey YourSecretKey -StoreAs MyProfileName
Initialize-AWSDefaults -ProfileName MyProfileName -Region eu-west-1
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned(Accept the warning )
Get-AWSCredentials
(This should return something, not a blank)
In future PowerShell sessions you run Initialise-AWSDefaults and it will load your default profile. You can also add this to your PowerShell profile.
No comments:
Post a Comment