An AWS Account is a container for Identities (users) and Resources.
The email ID you provide to create a new account is used to create a special type of identity within the AWS Account which is known as account root user.
An Account ROOT USER has full control over all of the AWS Account and any resources created within it & can't be restricted.
Use separate accounts for separate things (DEV, TEST, PROD) or teams or products or clients.
The Root user is automatically created as part of the account creation process and has full unrestricted access.
An Administrator is just a normal user that has been assigned administrative permissions.
Step 2: Create a CloudWatch Alarm.
CloudWatch Alarm - Alarms allow you to monitor certain metrics and change states based on certain criteria.
Why IAM is required?
Identity and Access Management (IAM) is a core AWS Service and is a globally resilient service. So any data is always secure across AWS regions.
IAM is what allows additional identities (users) to be created within an AWS account - identities which can be given restricted levels of access.
IAM identities start with no permissions on an AWS Account, but can be granted permissions (almost) up to those held by the Account Root User.
IAM has almost (except billing control and account closure) all privileges as root user. Operationally, IAM of your account is trusted fully by your account, so IAM as a service can do as much as an account root user.
So, since an AWS Account fully trust the IAM, if IAM allows one of the identities that it manages to do something, the account automatically trusts the identity in the same way as it trusts IAM.
Users and Groups are fairly easy to understand. You use User when you need to give access to humans or applications (for long time). Groups are the collections of humans and applications.
You pick User when you can identify individual thing.
Roles are usually used by (AWS) Services. For example, giving S3 bucket access to an EC2 instance.
Used when number of things is uncertain.
IAM lets you create these policies, which are essentially objects or documents which can be used to allow or deny access to AWS services when and only when they're attached to IAM Users, Groups or Roles. They simply define allow or deny rights to certain services.
IAM Access Keys are meant for long term usages.
An IAM User has 1 username and 1 password
Only IAM users have or use access keys. IAM groups has no access keys.
An IAM user can't have more than two sets of access keys at any given time.
Access keys can be created, deleted, made inactive or made active.
Secret Access Key can be obtained only once.
IAM Roles don't use access keys.
Install command line software depending on your OS:
AWS CLI v2 (Windows) Installation - https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html
AWS CLI v2 (macOS) Installation - https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-mac.html
AWS CLI v2 (Linux) Installation - https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-linux.html
The process of configuring remains the same. Test if the installation went correctly:
AWS Default configuration:
The AWS CLI supports using any of multiple named profiles that are stored in the
credentials files. You can configure additional profiles by using
aws configure with the
aws configure --profile profile-name
aws configure --profile iamadmin-general
aws configure --profile iamadmin-production