The Right Button

The obvious starting point in managing services in the Amazon Web Services (AWS) cloud is the AWS Management Console. In the first part of this article, I look at the user interface and how to set the language, harden the root user account, change the region, and create a support request. Next, I'll show you how to learn about, find, and test services and create a list of favorites. Before moving on to other tools in the second part of this article, I'll show you how to manage your environment by managing user roles and access, monitoring system health, and viewing bills and costs.

Getting Started

To log in to the Management Console user interface, go to the AWS sign-in page [1] and enter your AWS account credentials. To add another level of security, you can set up multifactor authentication (MFA). By default, a session expires automatically after 12 hours. To continue, just press the Click login to continue button and log in again. You can also set your own time limits for sessions according to your organization's specifications.

The console supports the three latest versions of Google Chrome, Mozilla Firefox, Microsoft Edge, and Apple Safari, as well as Microsoft Internet Explorer 11. After logging in, you will see the AWS Management Console home page (Figure 1). In addition to accessing the web, you can view your resources, including Amazon CloudWatch alerts, with the AWS console mobile app. You can also handle operational tasks on an iOS or Android mobile device, if so desired.

Figure 1: The AWS Management Console is the central point of contact for managing the cloud provider's services.

The display language for the AWS Management Console can be changed in any area of the console. Twelve languages are currently supported. To change the console language, log in to the AWS Management Console and select the Language menu on the left in the bottom navigation bar. When you get there, set the language you want to use.

Securing the Root User Account

Do not use the root user account for everyday tasks, including administrative tasks, under any circumstances. Only use your root user account to create an admin user; then, securely lock away the root user's credentials and use them only for a very limited selection of account and service management tasks. Roles let you delegate permissions for day-to-day tasks.

AWS Single Sign-On (SSO) and AWS Identity and Access Management (IAM) support common open identity standards – for example, Security Assertion Markup Language (SAML) 2.0, OpenID Connect, and OAuth 2.0 – to facilitate identity federation. To secure your root user account, change the password and set up multifactor authentication as follows:

• Use the email address and password for your AWS account to log in to the AWS Management Console with the root user account (not the IAM user).
• In the top right corner of the console, select your account name or number (Figure 1A) and select My Security Credentials .
• Expand the Password section and press the Click here text to change your password. Enter your current password once and the new password twice. The new password must be at least eight characters in length and contain a symbol, a number, an uppercase letter, and a lowercase letter.
• When you have completed the password form, select Change password or Save changes .

To enable an MFA device for your regular user account, follow the first two steps from the previous password change guide; then, expand the MFA section. Select Manage MFA or Activate MFA and follow the instructions to reflect the key type: Virtual MFA Device, U2F Security Key, or Hardware MFA Device.

Regions and Support Requests

For many services, you can select an AWS region [2] that determines where your resources are managed. For some services, such as AWS IAM, no region is selectable because they are global services that you can use in any AWS region. To select a region, go to the name of the currently displayed region in the navigation bar (Figure 1B) and find the region to which you want to switch, which becomes the default in the console.

AWS Support offers a range of plans that provide access to tools and expertise that support the operational health of your AWS solutions. All support plans – including the free Basic plan – give you access to customer service, AWS documentation, technical documentation, and support forums at any time. Help with billing and account questions and requests for service limit increases are also available in all support plans.

For technical support and other resources that help you plan, deploy, and improve your AWS environment, choose a support plan that best fits your use case. To create a support request:

• Log in to the AWS Management Console.
• Select the Support drop-down in the upper right corner (Figure 1C) and then AWS Support Center .
• Choose Create case and select one of the options Account and billing support , Service limit increase , or Technical support .
• Follow the prompts to describe your case: for example, with the error message received, troubleshooting steps you followed, access to the service from the AWS Management Console, AWS command-line interface (AWS CLI), or application programming interface (API) operations.
• Click Submit .

Your request ID and the overview are now displayed.