Before we can begin creating infrastructure through tools like Terraform and the Serverless Framework, we need to set up an AWS account and credentials for accessing AWS through the AWS CLI . The AWS CLI will allow us to easily set up programmatic access to AWS, which is necessary to use Terraform and the Serverless Framework to rapidly deploy needed infrastructure.

Creating an AWS Account

Before beginning into AWS, let me warn you: Stuff can get expensive. Please exercise great caution, as leaving the wrong resource on can lead to a heft bill overnight.

To create an account visit: * Instructions for Creating an AWS Account

Once done, we should have an AWS "root" account. It is best practice to enable multi-factor authentication (MFA) on this account. If someone can access the root account, there's little they can't do.

Another good practice is to create a separate AWS user for programmatic access, we should create a separate user to act as our administration account.

In the end, our IAM dashboard should look like: aws-iam-dashboard-security-recommendations-met

Enable MFA on Root Account

Let's create an "admin" account. Go to your account name and then "Settings". Enable MFA. aws-root-account-mfa

Create an Admin User

In the search bar above look for "IAM." This is AWS' users and permissions service. Let's make an administrative user; we will add this user's API credentials to our local system for use by Terraform and Serverless Framework.

aws-iam-service

Now go to "User":

aws-iam-create-user

Enter "admin" as the user name and select the "Access key - Programmatic access" option. If you would like to log in to the account from the web, then also select the "Password - AWS Management Console access" option.

aws-admin-account-creation-add-user

Select "Attach existing policies directly": aws-admin-account-attaching-policy

Skip or add tags, review the new user, then create it. aws-admin-account-getting-credentials

My recommendation is to use a password manager like 1password or Lastpass to store your "Access Key ID" and "Secret access key" as we will be using them in the next step.

Also, it is a good practice to set up MFA on the admin user as well.

Setting Up the AWS CLI

Next, we need to install the AWS CLI. I usually only use the actual AWS CLI tool to manage credentials or spot-check infrastructure, but both are handy, so worth installing it.

After installing open up a terminal. Type the following to ensure it's installed properly.

aws --version

You should get an output like:

aws-cli/2.8.2 Python/3.10.8 Darwin/21.6.0 source/arm64 prompt/off

If you have any trouble, ping me in the comments.

Set Up AWS Programmatic Credentials

Still at the terminal, type:

aws configure

You will be prompted with questions similar to:

AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
Default region name [None]: us-west-2
Default output format [None]: 

AWS Access Key ID and AWS Secret Access Key should be retrieved from your password manager.

Default region name and Default output format will depend on you.

For the sake of this article series, I'll be conducting all work in us-west-2 . Do know, many services and resources are localized to the region, so if you create infrastructure in us-west-2 , it will not be visible if you are in the UI but under the region us-west-1 . Also, identical resources in different regions will have different IDs, or Amazon Resource Numbers (ARNs).

aws-ui-regions-menu

If you've any trouble, you might review AWS instructions on programmatic access credential setup: * Config and credential file settings

What's Next

Next, we are going to set up Terraform and Terragrunt so we can easily deploy and manage the needed infrastructure for our data warehouse.