This guide assumes you are setting up AWS for the first time either for personal use of for a small business (couple of users). The steps will also scale to a large organisation but it's likely that you will want to think through a more complex structure for grouping users into accounts and the permissions they have.
From the top-right drop-down, select Billing and Cost Management, then Budgets, then Create budget. Here you can define a budget or use a premade template. When starting out you may want to try sticking to the Zero spend budget for example.
I am assuming at this stage you have already gone to https://aws.amazon.com/ and created a new account (verified email, phone, and payment details) and are logged in as the root account. If not, do this now. When you are logged in the first thing to do is to navigate to AWS Organizations and create an organisation. Once this is done you will have an organisation id and you are now ready to start adding accounts to your organisation.
Navigate to Add an AWS account. At this stage, larger organisations may want to thinks about their desired account structure as well as grouping things into Organisationl Units (OU) but for solo devs or a small business you could potentially just create something like the following:
- Test
- Prod
- Infra
Each will need a unique email address, which you could potentially just do using en email alias. Keep the default OrganizationAccountAccessRole IAM role in place.
Next you need to go to IAM Identity Center, in this section we'll get permissions in place to access the accounts created in part 1.
- Go to Permission sets and create a new one using the predefined AdministratorAccess (I also increase the session duration slightly). If you intend to have other people using your accounts consider repeating this process with lesser policies such as PowerUserAccess or ReadOnlyAccess.
- Now go to Groups and create a group called Admin which we'll use shortly along with the AdministratorAccess permissions.
- Now go to Users, here I am assuming that the first user will be for yourself, so put yourself in the Admin group. Repeat as needed for other users and put them in the intended group with as minimal access as possible.
- Optionally; if you go to Settings you can change the AWS access portal URL that will be used when logging in.
- Finally, got to AWS accounts, select accounts that you want to associate to groups then click on Assign users and groups. For Admin you can probably select all the accounts, you will also need to select the AdministratorAccess permission set. Repeat this process for the different groups & permission sets you're using.
At this stage you should be in a good position to log out of the root account. Presuming you have created yourself a user with high enough permission, go to your prtal URL (should look like https://*****.awsapps.com/) and log in. On first use you'll have to configure MFA. You should be able to login and see an expandable list of AWS accounts (if not redo part 3).