DoonopsEdTech
Language

Setup & CLI · Lesson 4 of 30

AWS Account, Free Tier & Local Setup

Source: doonops-curriculum/setup-cli--aws-account-setup.md

Doonops lesson

Goal

Create an AWS account (Free Tier), set up a safe IAM user, and connect AWS CLI on your computer — before any cloud Terraform labs.

Simple explanation

Think of AWS as a rented computer park on the internet. You need an account (often free for 12 months for small servers), then a "login for programs" (IAM access keys), then one command on your PC: aws configure.

Technical view

Use IAM Identity Center or an IAM user with programmatic access. Attach least-privilege policy for labs (e.g. PowerUserAccess for learning only). Configure AWS CLI v2; Terraform uses the same credential chain via the AWS provider.

Think of it like

AWS account = building membership. IAM user = staff badge. aws configure = telling Terraform which badge to use on your laptop.

Steps

  1. Create AWS account (credit card for verification only — many services still free tier).
  2. Create IAM user + access keys — never share or commit keys.
  3. Run aws configure and aws sts get-caller-identity.
  4. Then continue to Install Terraform lesson.

Deep explanation

Layman words first, then technical detail — read slowly

Do you need AWS for this whole course?

No for Modules 0–5 — only your laptop (Terraform validate, no cloud bill).

Yes from Module 6 (AWS VPC) onward — you will run terraform apply and create real VPC, EC2, etc.

Do this lesson now if you plan to finish AWS modules within a few weeks. You can read earlier modules first, but complete this before Module 6.

What you need on your laptop (simple)
1 AWS account
(free tier)
2 IAM user + keys
(not root password)
3 aws configure
on your PC

From Module 6 onward this course creates real resources in AWS — small instances usually stay in free tier if you destroy after labs.

Step 1 — Create AWS account (Free Tier)

  1. Open aws.amazon.com/freeCreate a Free Account.
  2. Email, password, account name (e.g. doonops-learning).
  3. Choose Personal if learning (not company).
  4. Enter phone OTP — verify.
  5. Add payment method — AWS uses it for identity check; Free Tier still applies to eligible services (12 months for new accounts on many offers).
  6. Select support plan: Basic (free).
  7. Sign in to AWS Management Console — home region top-right (pick Asia Pacific (Mumbai) ap-south-1 if you are in India — same as our labs).

Layman: Free Tier = AWS lets you try small servers/databases cheap or free for learning — but always run terraform destroy after labs.

Step 2 — Create IAM user (do NOT use root for Terraform)

  1. Console search → IAMUsersCreate user.
  2. Name: doonops-terraform-lab
  3. Access type: Programmatic access (Access key — CLI).
  4. Permissions: for learning attach PowerUserAccess (or ask your company admin for a lab OU). Production uses custom least-privilege policies.
  5. Finish → download .csv with Access key ID + Secret access key — one time only. Store in password manager, not Git.

Step 3 — Install AWS CLI on your computer

  • Mac: brew install awscli
  • Windows: MSI installer from AWS docs — "AWS CLI v2"
  • Linux: sudo apt install awscli or official bundle

Check: aws --version → should show aws-cli/2.x

Step 4 — Configure CLI locally (easy)

aws configure

AWS Access Key ID:     paste from CSV
AWS Secret Access Key: paste from CSV
Default region name:   ap-south-1
Default output format: json

Test connection:

aws sts get-caller-identity

You should see JSON with Account and Arn — means your laptop can talk to AWS.

Step 5 — Cost safety habits (important)

  • After every lab: terraform destroy in that lab folder.
  • Enable Billing alerts in AWS Billing → Budgets → e.g. alert at $5.
  • Never commit .csv keys or terraform.tfvars with secrets to Git.
  • Use t3.micro / small RDS only for labs.

What Terraform uses

Once aws configure works, Terraform AWS provider automatically uses the same credentials — no extra login in HCL.

Project files for this lab

Full implementation folder — copy all files, then run terraform commands

Lab project files (full folder)

Copy every file below into one folder — same as a real repo module. Then run the local lab steps.

Suggested folder: Suggested path: ~/doonops-terraform/02-aws-setup/

README.mdFull AWS setup steps
# AWS setup checklist (Doonops)

## 1. Account
- https://aws.amazon.com/free/ → Create account
- Region: ap-south-1 (Mumbai)

## 2. IAM user (not root)
- Name: doonops-terraform-lab
- Programmatic access + PowerUserAccess (learning only)
- Save Access Key ID + Secret (CSV) — never commit to Git

## 3. Local CLI
```bash
brew install awscli          # Mac
aws --version
aws configure                # paste keys, region ap-south-1, json
aws sts get-caller-identity  # must succeed
```

## 4. Billing safety
- Budget alert at $5 in AWS Billing
- After every lab: terraform destroy

On your computer — AWS setup checklist

Prerequisites

  • Government ID / phone for AWS signup
  • Credit/debit card for verification
  • Terminal
  1. Create AWS account + pick region ap-south-1 in console.
  2. Create IAM user doonops-terraform-lab with programmatic access + PowerUserAccess (learning).
  3. Save Access Key ID + Secret in password manager (not Git).
  4. Install AWS CLI v2 — run: aws --version
  5. Run: aws configure (paste keys, region ap-south-1, json)
  6. Run: aws sts get-caller-identity — must return JSON without error.
  7. Optional: AWS Billing → create budget alert $5.

Before moving on

  • aws sts get-caller-identity works
  • You know which region you chose (ap-south-1 recommended)
  • IAM keys are NOT in any Git repo