Before we can begin creating infrastructure through tools like Terraform and the Serverless Framework, we need to set up an AWS account and credentials for accessing AWS through the AWS CLI . The AWS CLI will allow us to easily set up programmatic access to AWS, which is necessary to use Terraform and the Serverless Framework to rapidly deploy needed infrastructure.
Creating an AWS Account
Before beginning into AWS, let me warn you: Stuff can get expensive. Please exercise great caution, as leaving the wrong resource on can lead to a heft bill overnight.
To create an account visit: * Instructions for Creating an AWS Account
Once done, we should have an AWS "root" account. It is best practice to enable multi-factor authentication (MFA) on this account. If someone can access the
root
account, there's little they can't do.
Another good practice is to create a separate AWS user for programmatic access, we should create a separate user to act as our administration account.
In the end, our IAM dashboard should look like:
Enable MFA on Root Account
Let's create an "admin" account. Go to your account name and then "Settings". Enable MFA.
Create an Admin User
In the search bar above look for "IAM." This is AWS' users and permissions service. Let's make an administrative user; we will add this user's API credentials to our local system for use by Terraform and Serverless Framework.
Now go to "User":
Enter "admin" as the user name and select the "Access key - Programmatic access" option. If you would like to log in to the account from the web, then also select the "Password - AWS Management Console access" option.
Select "Attach existing policies directly":
Skip or add tags, review the new user, then create it.
My recommendation is to use a password manager like 1password or Lastpass to store your "Access Key ID" and "Secret access key" as we will be using them in the next step.
Also, it is a good practice to set up MFA on the
admin
user as well.
Setting Up the AWS CLI
Next, we need to install the AWS CLI. I usually only use the actual AWS CLI tool to manage credentials or spot-check infrastructure, but both are handy, so worth installing it.
After installing open up a terminal. Type the following to ensure it's installed properly.
aws --version
You should get an output like:
aws-cli/2.8.2 Python/3.10.8 Darwin/21.6.0 source/arm64 prompt/off
If you have any trouble, ping me in the comments.
Set Up AWS Programmatic Credentials
Still at the terminal, type:
aws configure
You will be prompted with questions similar to:
AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]:
AWS Access Key ID
and
AWS Secret Access Key
should be retrieved from your password manager.
Default region name
and
Default output format
will depend on you.
For the sake of this article series, I'll be conducting all work in
us-west-2
. Do know, many services and resources are localized to the region, so if you create infrastructure in
us-west-2
, it will not be visible if you are in the UI but under the region
us-west-1
. Also, identical resources in different regions will have different IDs, or Amazon Resource Numbers (ARNs).
If you've any trouble, you might review AWS instructions on programmatic access credential setup: * Config and credential file settings
What's Next
Next, we are going to set up Terraform and Terragrunt so we can easily deploy and manage the needed infrastructure for our data warehouse.