Setting up the account
When you set up your account for the first time, you are given access to your root public and secret access keys. These keys will be useful as you manage data on S3 and models in Amazon ML via the command line interface (AWS CLI). These two keys will only be available for you to view and copy at the time of creation. Once that page in your browser is closed, you can no longer access them and will need to create new ones. Creating new root keys is done by accessing My Account | Security Credentials. It's worth noting that no one can have access to your keys in AWS, not even the administrator of your account.
We won't go through all the possible actions you can take in IAM to configure, manage, and secure access to your account as a full presentation of IAM is beyond the scope of this book. Your access management needs and policies will depend on the size of your organization and security constraints. We assume here that you are a unique inpidual user of the account and that you do not need to set up password policies for other users, groups, or roles. However, we strongly recommend you familiarize yourself with IAM documentation and implement the IAM best practice (https://aws.amazon.com/documentation/iam).
We will create a new user whose username is AML@Packt and will use this access for the rest of the book. The only time when we use the root access (with the password you used to create the AWS account in the first place) is when we need to add or remove services to and from the AML@Packt user, for instance, when we want the user to use Amazon Athena for data processing or Amazon Lambda for scripting.
The IAM dashboard is available at https://console.aws.amazon.com/iam. It displays how many IAM assets you have created (users, roles, groups, and so on) as well as your security status as shown by this screenshot:
This screenshot shows that we have implemented the following three items:
- Delete your root access keys: These keys were given to you when you created your account. Since they provide unlimited access to your account, you should delete them and use only user-based access keys to access your account.
- Activate Multi Factor Authentication on your root account: After you have logged in with your login and password, Multi Factor Authentication (MFA) requires you to input a six digit code. This code can either be sent to you via text or e-mail or made available via an authenticator app installed on your mobile phone. MFA is a easy-to-implement and efficient means to secure access to your account.
- Create inpidual IAM users: By creating inpidual users you can restrict, manage their access level, and deactivate their account easily.
You could also create groups to assign permissions to your users and define a password policy.