AWS Account Setup

Setting up your AWS account properly is crucial for a smooth development experience. We'll create an IAM user with the right permissions for Amplify development.

Understanding AWS Account Structure

Step 1: Sign In to AWS Console

1. Go to the AWS Console
   Navigate to console.aws.amazon.com
2. Sign In as Root User
   Enter your root account email and password. If you have MFA enabled, complete that step.

Step 2: Create an IAM User for Development

1. Navigate to IAM
   In the AWS Console, search for "IAM" in the top search bar and click on the IAM service.
2. Go to Users
   In the left sidebar, click "Users" then click the "Create user" button.
3. Set User Details
   • User name: amplify-dev (or your preferred name)
   • Check "Provide user access to the AWS Management Console" if you want console access
   • Choose "I want to create an IAM user" for console access
4. Set Permissions

   Choose "Attach policies directly" and add these policies:

   • AdministratorAccess-Amplify – Required for Amplify operations

   This gives the user full access to Amplify and the services it uses.

5. Review and Create
   Review your settings and click "Create user". Save the console sign-in URL if needed.

Step 3: Create Access Keys

Access keys allow the AWS CLI and Amplify to authenticate as your IAM user.

1. Select Your New User
   From the IAM Users list, click on the user you just created (amplify-dev).
2. Go to Security Credentials
   Click the "Security credentials" tab.
3. Create Access Key
   Scroll to "Access keys" and click "Create access key".
4. Select Use Case
   Choose "Command Line Interface (CLI)" and acknowledge the recommendation at the bottom.
5. Save Your Keys
   IMPORTANT: You will see your Access Key ID and Secret Access Key. Copy both values now – you won't be able to see the secret key again!

Step 4: Configure AWS CLI

Now we'll configure the AWS CLI with your access keys. Open PowerShell and run:

You'll be prompted for four values:

AWS Access Key ID [None]: YOUR_ACCESS_KEY_ID
AWS Secret Access Key [None]: YOUR_SECRET_ACCESS_KEY
Default region name [None]: us-east-1
Default output format [None]: json

Choosing a Region

We recommend us-east-1 (N. Virginia) as it typically has the fastest rollout of new AWS features. Other popular options:

Region Code	Location	Notes
us-east-1	N. Virginia, USA	Recommended – most features available
us-west-2	Oregon, USA	Good for US West Coast users
eu-west-1	Ireland	Good for European users
ap-southeast-1	Singapore	Good for Asia-Pacific users

Step 5: Verify Configuration

Test that your credentials are working:

You should see output like:

{
    "UserId": "AIDAEXAMPLEID",
    "Account": "123456789012",
    "Arn": "arn:aws:iam::123456789012:user/amplify-dev"
}

If you see this, your AWS credentials are configured correctly!

Understanding AWS Profiles (Optional)

If you work with multiple AWS accounts, you can create named profiles. The configuration is stored in these files:

• ~/.aws/credentials – Stores access keys
• ~/.aws/config – Stores region and output preferences

Example ~/.aws/credentials file with multiple profiles:

[default]
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[work-account]
aws_access_key_id = AKIAI44QH8DHBEXAMPLE
aws_secret_access_key = je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

To use a specific profile:

Set Up Billing Alerts

Protect yourself from unexpected charges:

1. Go to AWS Budgets
   In the AWS Console, search for "Budgets" and open AWS Budgets.
2. Create a Budget
   Click "Create a budget" → "Use a template" → "Zero spend budget" for the strictest alert.
3. Set Alert Email
   Enter your email to receive notifications if any charges occur.

Summary