{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiacvqxyfno3fqcxl56t4noqwasbmyvspphu3ltfnnykmrrinkbrju",
    "uri": "at://did:plc:25rdn5elo5izoxrmtis34zuk/app.bsky.feed.post/3mohf6uileb62"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreihnymldubj3wglhn57i4dgjmo2pnpclmfr4kg3i76cjiybv4vs7ne"
    },
    "mimeType": "image/webp",
    "size": 543884
  },
  "path": "/tejas_shinkar/introduction-to-aws-cloud-account-setup-mfa-iam-user-creation-405m",
  "publishedAt": "2026-06-17T02:58:03.000Z",
  "site": "https://dev.to",
  "tags": [
    "cloud",
    "aws",
    "beginners",
    "devops"
  ],
  "textContent": "###  📌 Topic Overview\n\n# | Topic\n---|---\n1 | Cloud Computing & AWS Overview\n2 | On-Premise DC vs Cloud DC\n3 | Cloud Hardware & Server Components\n4 | Cloud Service Models (IaaS / PaaS / SaaS)\n5 | Cloud Deployment Models (Cloud / Hybrid / On-Prem)\n6 | Benefits of AWS\n7 | AWS Global Infrastructure\n8 | AWS Certification Roadmap\n9 | AWS Account Setup (Free Tier)\n10 | Enabling MFA on Root Account\n11 | Creating an IAM User\n\n##  🧠 What is Cloud Computing?\n\n###  Simple Explanation\n\nImagine you need a powerful computer to run your application. Normally, you'd have to buy that computer, set it up in your office, manage it, and pay electricity bills. With cloud computing, you just rent that computer over the internet — use it when you need it, pay only for what you use, and give it back when done.\n\nAWS (Amazon Web Services) is the world's largest cloud platform that provides this \"rental\" service for servers, storage, databases, networking, and hundreds of other services.\n\n###  Key Characteristics of Cloud Computing\n\nTerm | What it Means | Real Example\n---|---|---\nOn-Demand | Get resources instantly, no waiting | Launch a server in 2 minutes\nScalability | Grow resources as your need grows | Add more servers when traffic spikes\nElasticity | Auto scale up AND down | Scale down at night to save cost\nPay-as-you-go | Pay only for what you use | Like a mobile recharge, not a contract\n\n##  🏢 On-Premise DC vs Cloud DC\n\n###  What is On-Premise?\n\nYour company owns and manages its own physical data center — servers, cooling, power, security, everything.\n\n###  What is Cloud DC?\n\nAWS owns massive data centers worldwide and you rent resources from them over the internet.\n\n###  Comparison Table\n\nFeature | On-Premise (Your DC) | Cloud (AWS)\n---|---|---\nSetup Time | Weeks to months | Minutes\nCost Model | High upfront (CapEx) | Pay-as-you-go (OpEx)\nScaling | Buy more hardware | Click a button\nMaintenance | Your team handles it | AWS handles it\nGlobal Reach | Limited | 30+ Regions worldwide\nDisaster Recovery | Expensive to set up | Built-in multi-AZ\n\n> 💡 **DevOps Angle:** In a DevOps role, you'll often manage cloud infrastructure. Understanding this comparison helps you justify cloud migration decisions to management.\n\n##  🖥️ Cloud Hardware & Server Components\n\n###  What's Inside AWS Data Centers?\n\nAWS physically owns and manages:\n\n  * **Physical Servers** — Powerful computers that run your workloads\n  * **Storage Arrays** — Massive hard drives for your data (think S3, EBS)\n  * **Networking Equipment** — Routers, switches, cables connecting everything\n\n\n\n###  How Virtualization Works\n\nAWS uses virtualization — one physical server is divided into many virtual machines (VMs). This is how you get:\n\n\n\n    One Physical Server (AWS hardware)\n        ├── EC2 Instance 1 → Your App Server\n        ├── EC2 Instance 2 → Your Database Server\n        ├── EC2 Instance 3 → Someone else's workload\n        └── EC2 Instance 4 → Another customer's app\n\n\n###  AWS Compute Options Built on This\n\nService | What it is | DevOps Use Case\n---|---|---\nEC2 | Virtual Machine (VM) | Deploy apps, web servers\nECS / EKS | Containers | Docker/Kubernetes workloads\nLambda | Serverless compute | Event-driven automation\n\n📦 **Cloud Service Models**\n\nThink of it like renting an apartment vs buying a house vs staying in a hotel.\n\n**IaaS — Infrastructure as a Service**\n\n> You manage: OS, Runtime, App, Data\n>  Provider manages: Physical hardware, networking, virtualization\n\n**AWS Example:** EC2 (you get a VM, you install everything else)\n\n**Analogy:** Renting an empty flat — you furnish it yourself.\n\n**DevOps Use Case:** Spin up EC2 instances, configure them with Ansible/Terraform.\n\n**PaaS — Platform as a Service**\n\n> You manage: App code and Data\n>  Provider manages: Hardware + OS + Runtime + Middleware\n\n**AWS Example:** AWS Elastic Beanstalk, AWS RDS\n\n**Analogy:** Renting a furnished flat — just bring your clothes.\n\n**DevOps Use Case:** Deploy a Django app on Elastic Beanstalk without managing the server OS.\n\nSaaS — Software as a Service\n\n> You manage: Just using the app\n>  Provider manages: Everything\n\n**AWS Example:** Amazon WorkMail, Chime\n\n**Other Examples:** Gmail, Zoom, Slack\n\n**Analogy:** Staying in a 5-star hotel — everything is taken care of.\n\n**DevOps Use Case:** Use SaaS tools like PagerDuty, Datadog for monitoring — no server management needed.\n\nService Model Summary\n\n\n\n    IaaS → Most Control, Most Responsibility (you)\n    PaaS → Balanced\n    SaaS → Least Control, Least Responsibility (provider handles all)\n\n\n##  🌐 Cloud Deployment Models\n\n###  1. Public Cloud (Full Cloud)\n\nEverything runs on AWS. No on-premise hardware.\n\n**Example:** A startup builds its entire product on AWS from day one.\n\n**Best for:** New applications, startups, web apps.\n\n###  2. Hybrid Cloud\n\nMix of cloud + on-premise. Most common in large enterprises.\n\n**Example:** A bank keeps customer data on-premise (due to regulations) but runs its web portal on AWS.\n\n**DevOps Use Case:** AWS Direct Connect or VPN to link your office network with AWS VPC.\n\n###  3. On-Premises / Private Cloud\n\nResources deployed in your own data center using virtualization (like VMware). Also called private cloud.\n\n**Example:** Government agencies or hospitals that cannot put data outside their premises.\n\n> 💡 **Interview Tip:** Most enterprise companies use Hybrid cloud. When asked \"what deployment model does your company use?\" — hybrid is the most common real-world answer.\n\n##  ✅ Benefits of AWS\n\nBenefit | Explanation | DevOps Relevance\n---|---|---\nCost Savings | No upfront hardware cost, pay-as-you-go | Reduce infrastructure spend\nSpeed / Agility | Launch resources in minutes | Faster CI/CD pipelines\nElastic Scaling | Scale up/down automatically | Handle traffic spikes\nGlobal Reach | Deploy in any region worldwide | Low latency for users\nReliability | Multiple Availability Zones | High availability architecture\nSecurity | AWS manages physical security, you manage access | Shared responsibility model\n\n##  🌍 AWS Global Infrastructure\n\n###  The Three Levels of AWS Geography\n\nAWS Global Infrastructure\n│\n├── Region (e.g., ap-south-1 = Mumbai)\n│ A geographic area with multiple data centers\n│ Currently 30+ Regions worldwide\n│\n├── Availability Zone / AZ (e.g., ap-south-1a, ap-south-1b)\n│ One or more physical data centers within a Region\n│ Each Region has minimum 2 AZs (usually 3)\n│ AZs are isolated but connected with low-latency links\n│\n└── Edge Location\nCDN cache points for CloudFront (content delivery)\n200+ edge locations worldwide\n\n\n\n    Why This Matters for DevOps\n\n    High Availability:** Deploy your app across 2+ AZs — if one fails, the other keeps running\n    Disaster Recovery:** Use a second Region as backup\n    Low Latency:** Choose Region closest to your users (for India → Mumbai `ap-south-1`)\n    Data Residency:** Some data must stay in a specific country — choose that Region\n\n    > 🇮🇳 India: AWS Mumbai Region (`ap-south-1`) is the go-to for Indian companies due to data residency compliance and low latency.\n\n    ---\n\n    🎓 AWS Certification Roadmap\n\n    FOUNDATIONAL (Start Here)\n    └── AWS Certified Cloud Practitioner (CLF-C02)\n          ↓\n    ASSOCIATE LEVEL (Pick your path)\n    ├── Solutions Architect Associate (SAA-C03)  ← Most Popular\n    ├── Developer Associate (DVA-C02)\n    └── SysOps Administrator Associate (SOA-C02)\n          ↓\n    PROFESSIONAL LEVEL\n    ├── Solutions Architect Professional\n    └── DevOps Engineer Professional  ← Your Target!\n          ↓\n    SPECIALTY\n    ├── Security\n    ├── Networking\n    ├── Data Analytics\n    ├── Machine Learning\n    └── Database\n\n\n###  Recommended Path for DevOps/Cloud/SRE\n\nCloud Practitioner → SAA → DevOps Engineer Professional\n\n\n\n    🔐 AWS Account Setup (Free Tier)\n\n    What is Free Tier?\n\n    AWS gives you **12 months free** access to many services when you sign up. Great for learning!\n\n    Free Tier Highlights:\n\n    1. EC2: 750 hours/month (`t2.micro` or `t3.micro`)\n    2. S3: 5 GB storage\n    3. Lambda: 1 million requests/month\n    4. RDS: 750 hours/month\n\n    Step-by-Step Account Creation\n\n    Step 1: Go to `https://aws.amazon.com` → Click **\"Create an AWS Account\"**\n    Step 2: Enter your email address + choose a unique account name\n    Step 3: Create a strong password (this is your Root user password — keep it safe!)\n    Step 4: Enter contact information (personal or business)\n    Step 5: Add a valid credit/debit card (AWS does a $1 verification charge — it's reversed)\n    Step 6: Phone OTP verification\n    Step 7: Select Free tier support plan\n\n    > ⚠️ Warning: After creating the account, your very first action should be enabling MFA on the Root account.\n\n\n##  🔒 What is MFA and Why It Matters\n\n###  MFA = Multi-Factor Authentication\n\nNormal login = Password only (1 factor)\n\nMFA login = Password + OTP from your phone (2 factors)\n\nEven if someone steals your password, they cannot log in without your phone.\n\n###  Root Account — The Most Dangerous Account\n\nThe Root user is the master account — it has unrestricted access to everything in your AWS account. If this gets compromised, an attacker can:\n\n  * Delete all your resources\n  * Rack up massive bills\n  * Steal all your data\n\n\n\n**That's why: Enable MFA on Root account IMMEDIATELY.**\n\n###  Steps to Enable MFA on Root Account\n\n\n    1. Sign in to AWS Console as Root user\n    2. Click your account name (top-right corner)\n    3. Go to → Security Credentials\n    4. Scroll to \"Multi-factor authentication (MFA)\"\n    5. Click \"Assign MFA device\"\n    6. Enter a device name (e.g., MyPhone)\n    7. Select \"Authenticator app\" → Click Next\n    8. Install Google Authenticator / Authy on your phone\n    9. Scan the QR code shown on screen\n    10. Enter TWO consecutive 6-digit OTP codes from the app\n    11. Click \"Add MFA\" → Done!\n\n\n**Recommended Apps:** Google Authenticator | Authy | Microsoft Authenticator\n\n##  👤 IAM — Identity and Access Management\n\n###  What is IAM?\n\nIAM is AWS's access control system. It answers the question:\n\n> **\"Who can do what on which AWS resource?\"**\n\n###  IAM Key Concepts\n\nTerm | What it is | Real World Analogy\n---|---|---\nRoot User | Master account, full control | CEO with all keys\nIAM User | Individual person account | Employee with access card\nIAM Group | Collection of users | Department (e.g., DevOps team)\nIAM Policy | JSON document defining permissions | Access control list\nIAM Role | Temporary permissions for services | Contractor badge (time-limited)\n\n###  Why NOT Use Root for Daily Work?\n\nThe Root account is like a nuclear launch button — powerful but dangerous.\n\nBest practice:\n\n✅ Create an IAM User with Admin access for daily work\n\n✅ Lock the Root account away\n\n✅ Never share Root credentials with anyone\n\n###  Step-by-Step: Create IAM User\n\n\n    1. Go to Services → Search \"IAM\" → Open IAM Console\n    2. Left panel → Click \"Users\" → Click \"Add users\"\n    3. Enter username (e.g., tejas-admin)\n    4. Check \"Provide user access to AWS Management Console\"\n    5. Set a custom password (uncheck force reset if learning)\n    6. Attach Permission Policy:\n       - AdministratorAccess → Full control (for learning)\n       - PowerUserAccess → All services except IAM\n       - ReadOnlyAccess → View only, no changes\n    7. Review → Click \"Create user\"\n    8. IMPORTANT: Download the CSV file with credentials\n    9. Test login using the IAM sign-in URL:\n       https://[your-account-id].signin.aws.amazon.com/console\n    10. Also enable MFA on the IAM user\n\n\n###  IAM Permission Policies\n\nPolicy | What it Allows | Use When\n---|---|---\nAdministratorAccess | Everything | Learning / Admin work\nPowerUserAccess | All services except IAM | Developer\nReadOnlyAccess | View only | Auditor / Monitoring\n\n###  Principle of Least Privilege\n\n> Give users only the permissions they need — nothing more.\n\nA developer doesn't need billing access. A tester doesn't need to delete EC2 instances. Always assign minimum required permissions.\n\n##  🔁 IAM Sign-in Flow\n\n\n    Root User Login:\n       Email + Password + MFA OTP → Full unrestricted access\n\n    IAM User Login:\n       Account ID (or alias) + Username + Password + MFA OTP → Limited access (based on policy)\n\n    IAM Sign-in URL:\n       https://[12-digit-account-id].signin.aws.amazon.com/console\n\n\n##  🚨 COMMON MISTAKES (Avoid These!)\n\nMistake | Why It's Bad | Correct Approach\n---|---|---\nUsing Root for daily tasks | If compromised, everything is lost | Create and use IAM user\nNo MFA on Root | Password alone is not enough | Enable MFA immediately\nGiving AdministratorAccess to everyone | Violates least privilege | Assign only needed permissions\nSharing access keys publicly (GitHub) | Attackers scan GitHub for keys | Use IAM Roles, not access keys\nNot downloading credentials CSV | You can't retrieve password later | Download and store securely\nIgnoring billing alerts | Surprise bills! | Set up AWS Budgets + alerts\n\n##  💼 INTERVIEW QUESTIONS\n\n###  Easy (Freshers)\n\n**Q1: What is cloud computing?**\n\n**A:** Cloud computing is the delivery of IT services (compute, storage, networking) over the internet on a pay-as-you-go basis, eliminating the need to own physical hardware.\n\n**Q2: What is the difference between IaaS, PaaS, and SaaS?**\n\n**A:** IaaS gives you raw infrastructure (like EC2), PaaS gives you a platform to deploy code (like Elastic Beanstalk), and SaaS gives you a ready-to-use software product (like Gmail). As you move from IaaS → PaaS → SaaS, you manage less but also control less.\n\n**Q3: What is an AWS Region and Availability Zone?**\n\n**A:** A Region is a geographic location (e.g., Mumbai) that contains multiple isolated data centers called Availability Zones (AZs). Each AZ is independent but connected with high-speed links to enable high availability.\n\n**Q4: What is IAM in AWS?**\n\n**A:** IAM (Identity and Access Management) is AWS's service to control who can access AWS resources and what actions they can perform. It uses users, groups, roles, and policies.\n\n**Q5: Why should you not use the Root account for daily tasks?**\n\n**A:** The Root account has unrestricted access to everything. If compromised, an attacker gains complete control. IAM users with specific permissions should be used for daily operations following the principle of least privilege.\n\n###  Intermediate\n\n**Q6: What is MFA and why is it important in AWS?**\n\n**A:** MFA (Multi-Factor Authentication) requires a second verification step (OTP from phone app) beyond just a password. It prevents unauthorized access even if credentials are stolen.\n\n**Q7: What is the difference between a Public, Hybrid, and Private cloud?**\n\n**A:** Public cloud (everything on AWS), Hybrid (mix of cloud + on-premise, most common in enterprises), Private cloud (resources in your own data center).\n\n**Q8: What is the Principle of Least Privilege?**\n\n**A:** Granting users only the minimum permissions needed to do their job — nothing more. Reduces the blast radius if an account is compromised.\n\n###  DevOps-Focused\n\n**Q9: How would you secure an AWS account from day one?**\n\n**A:** Enable MFA on Root immediately, create an IAM user for daily use, apply AdministratorAccess only where needed, set up AWS CloudTrail for audit logging, enable billing alerts, and never store access keys in code repositories.\n\n**Q10: A new DevOps engineer joins your team. How do you give them AWS access?**\n\n**A:** Create an IAM user for them, add them to the DevOps IAM Group that has pre-configured policies (like PowerUserAccess), enable MFA on their account, and share only the IAM console URL — not the Root credentials.\n\n##  🔬 Practice Questions\n\n###  Easy\n\n  1. You want to use a server for 3 hours to run a data processing job and then shut it down. Which cloud characteristic makes this cost-effective?\n\n  2. What does \"Availability Zone\" mean in AWS context?\n\n  3. Name 3 services available in the AWS Free Tier.\n\n\n\n\n###  Medium\n\n  1. Your company has sensitive financial data that cannot leave India due to compliance laws. Which AWS Region should you use, and what model (Public/Hybrid/Private) applies?\n\n  2. You gave your IAM user `AdministratorAccess`. Your manager says this violates security policy. What should you do instead?\n\n  3. Explain the difference between an IAM User and an IAM Role with a real-world example.\n\n\n\n\n###  DevOps-Focused\n\n  1. You're setting up AWS for a new startup from scratch. List the first 5 things you would do to secure the account.\n\n  2. Your Terraform script accidentally uploaded AWS Access Keys to a public GitHub repo. What is your immediate action plan?\n\n\n\n\n##  🎯 Key Takeaways\n\n  * Cloud computing allows you to rent infrastructure on-demand instead of buying physical hardware.\n  * AWS provides scalability, elasticity, global reach, and pay-as-you-go pricing.\n  * Most enterprises operate using a Hybrid Cloud model.\n  * AWS infrastructure is built around Regions, Availability Zones, and Edge Locations.\n  * For a DevOps career path, Cloud Practitioner → SAA → DevOps Engineer Professional is a common progression.\n  * The Root account should only be used for account-level administration.\n  * MFA should be enabled immediately after account creation.\n  * IAM controls who can access AWS resources and what actions they can perform.\n  * Follow the Principle of Least Privilege when assigning permissions.\n  * Never expose AWS Access Keys publicly and always enable security controls from day one.\n\n\n\n> 💬 This article is part of my journey learning AWS, Cloud, and DevOps from scratch. If you're also starting out, feel free to connect and share your learning experience.",
  "title": "Introduction to AWS Cloud + Account Setup + MFA + IAM User Creation"
}