top of page
Search

Setting Up Your AWS Learning Environment: Free Tier and Best Practices

Week 1 of AWS Solutions Architect Associate Preparation


Starting your AWS journey can feel overwhelming, but setting up a proper learning environment is your first step toward success. This comprehensive guide will walk you through creating a secure, cost-effective AWS environment specifically designed for learning and practicing for the AWS Solutions Architect Associate certification.


Why Proper Setup Matters

Before diving into AWS services, establishing a well-configured learning environment is crucial for several reasons:

  • Cost Control: Prevents unexpected charges while learning

  • Security: Protects your account from unauthorized access

  • Organization: Creates a structured approach to hands-on practice

  • Best Practices: Builds good habits from day one


Step 1: Creating Your AWS Free Tier Account

Account Creation Process

  1. Visit the AWS Homepage: Navigate to aws.amazon.com and click "Create an AWS Account"

  2. Provide Account Information:

    • Email address (use a dedicated email for AWS if possible)

    • Strong password following AWS requirements

    • Account name (choose something descriptive like "YourName-Learning")

  3. Contact Information:

    • Select "Personal" account type for learning purposes

    • Provide accurate contact details

    • Phone verification will be required

  4. Payment Information:

    • Credit/debit card is required even for Free Tier

    • You won't be charged unless you exceed Free Tier limits

    • Consider using a card with low limits for additional protection

  5. Identity Verification:

    • Phone call or SMS verification

    • Have your phone ready for immediate verification


Understanding AWS Free Tier

The AWS Free Tier includes three types of offers:

Always Free Services:

  • DynamoDB: 25 GB storage

  • Lambda: 1 million requests per month

  • CloudWatch: 10 custom metrics


12 Months Free (from account creation):

  • EC2: 750 hours of t2.micro instances

  • S3: 5 GB standard storage

  • RDS: 750 hours of db.t2.micro instances


Short-Term Trials:

  • Various services with specific trial periods

  • Usually 30-60 days from first use


Step 2: Billing Alerts and Cost Management Setup

Setting Up Billing Alerts

Protecting yourself from unexpected charges is critical:

  1. Access Billing Dashboard:

    • Navigate to the Billing & Cost Management console

    • Click on "Billing preferences"

  2. Enable Cost Alerts:

    • Check "Receive Billing Alerts"

    • This enables CloudWatch billing metrics

  3. Create Billing Alarms:

    • Go to CloudWatch console

    • Create alarm for "EstimatedCharges"

    • Set threshold at $5, $10, and $25

    • Configure SNS notifications to your email

Advanced Cost Management

AWS Budgets Setup:

Budget Name: Monthly Learning Budget
Budget Type: Cost Budget
Period: Monthly
Start Date: Current month
Budgeted Amount: $10
Alerts: 
  - 50% of budget ($5)
  - 80% of budget ($8)
  - 100% of budget ($10)

Cost Explorer:

  • Enable detailed billing reports

  • Set up daily cost monitoring

  • Review service-wise spending weekly


Cost Optimization Tips

  • Always use Free Tier eligible resources when available

  • Set up automatic shutdowns for EC2 instances

  • Use AWS Cost Calculator for estimating expenses

  • Enable detailed billing to track service usage

  • Delete unused resources immediately after practice


Step 3: IAM User Creation and Management

Why Not Use Root Account

The root account has unrestricted access to everything, including billing. For security:

  • Root account should only be used for initial setup

  • Daily activities should use IAM users with limited permissions

  • Enables principle of least privilege


Creating Your First IAM User

  1. Navigate to IAM Console:

    • Search for "IAM" in the AWS console

    • Click on "Users" in the left navigation

  2. Add New User:

    Username: aws-learning-admin Access Type:   ☑ Programmatic access (for CLI)   ☑ AWS Management Console access Console Password: Set custom password Require Password Reset: Unchecked (for learning)

  3. Set Permissions:

    • Create group called "LearningAdmins"

    • Attach policy: "PowerUserAccess" (recommended for learning)

    • Alternative: "AdministratorAccess" (use with caution)

  4. Add Tags (Optional but recommended):

    Purpose: Learning Environment: Development Owner: YourName

  5. Download Credentials:

    • Save the CSV file securely

    • Store Access Key ID and Secret Access Key safely

    • You won't be able to retrieve the secret key again


IAM Best Practices for Learning

Password Policy Configuration:

  • Minimum 12 characters

  • Require uppercase, lowercase, numbers, symbols

  • Password expiration: 90 days

  • Prevent password reuse: 5 passwords


Multi-Factor Authentication (MFA):

  • Enable MFA for root account immediately

  • Use virtual MFA device (Google Authenticator, Authy)

  • Enable MFA for IAM users handling sensitive resources


Access Keys Management:

  • Rotate access keys every 90 days

  • Never commit access keys to code repositories

  • Use IAM roles instead of access keys when possible


Step 4: Basic Security Configuration

Root Account Security

  1. Complete Root Account Setup:

    • Add alternate contact information

    • Enable MFA using virtual device

    • Create strong security questions

    • Document recovery information securely

  2. Root Account Activity Monitoring:

    • Set up CloudTrail for API logging

    • Enable GuardDuty for threat detection

    • Configure Config for resource monitoring


Network Security Basics

VPC Security Groups:

  • Default security group blocks all inbound traffic

  • Only allow necessary ports (SSH: 22, HTTP: 80, HTTPS: 443)

  • Use specific source IP ranges, not 0.0.0.0/0 unless necessary

  • Document all security group rules


Key Pair Management:

  • Create EC2 key pairs for each region you'll use

  • Store private keys securely

  • Use different key pairs for different environments

  • Never share private keys


Monitoring and Alerting

Set up basic monitoring for security events:

CloudTrail Events to Monitor:
- Root account usage
- IAM policy changes
- Security group modifications
- Failed login attempts
- Unusual API activity

Step 5: AWS CLI Installation and Configuration

Installing AWS CLI

Windows:

# Download AWS CLI MSI installer from AWS website
# Or use Chocolatey
choco install awscli

macOS:

# Using Homebrew
brew install awscli

# Or download pkg installer from AWS
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /

Linux:

# Ubuntu/Debian
sudo apt update
sudo apt install awscli

# Amazon Linux 2
sudo yum install awscli

# Or use pip
pip3 install awscli --upgrade --user

CLI Configuration

  1. Initial Configuration:

    bash

    aws configure

  2. Enter Required Information:

    AWS Access Key ID: [Your IAM user access key] AWS Secret Access Key: [Your IAM user secret key] Default region name: us-east-1 (recommended for learning) Default output format: json

  3. Verify Configuration:

    aws sts get-caller-identity aws ec2 describe-regions


Advanced CLI Configuration

Named Profiles (for multiple environments):

aws configure --profile learning
aws configure --profile production

Environment Variables (alternative method):

export AWS_ACCESS_KEY_ID=your_access_key
export AWS_SECRET_ACCESS_KEY=your_secret_key
export AWS_DEFAULT_REGION=us-east-1

CLI Configuration Files:

~/.aws/config:
[default]
region = us-east-1
output = json

[profile learning]
region = us-west-2
output = table

Step 6: Management Console Navigation

Console Layout Overview

Top Navigation Bar:

  • Services menu: Access to all AWS services

  • Resource Groups: Organize and manage resources

  • Account dropdown: Billing, security credentials, support


Service Categories:

  • Compute: EC2, Lambda, ECS, EKS

  • Storage: S3, EBS, EFS, FSx

  • Database: RDS, DynamoDB, RedShift, Aurora

  • Networking: VPC, CloudFront, Route 53, API Gateway

  • Security: IAM, KMS, WAF, Shield


Essential Console Features

Resource Groups and Tagging:

  • Create resource groups for different projects

  • Use consistent tagging strategy

  • Monitor costs by resource groups


Service Search:

  • Use the search bar for quick service access

  • Pin frequently used services to favorites

  • Learn keyboard shortcuts (Alt+S for search)


Regional Selection:

  • Always check your current region (top-right corner)

  • Some services are global (IAM, CloudFront, Route 53)

  • Most services are region-specific

  • Use consistent regions for related resources


Console Customization for Learning

Dashboard Widgets:

  • Service Health Dashboard

  • Billing and Cost Management

  • Recently visited services

  • Trusted Advisor recommendations


Bookmarks to Create:

  • Billing Dashboard

  • EC2 Instances

  • S3 Buckets

  • IAM Users and Groups

  • CloudFormation Stacks

  • CloudWatch Metrics


Setting Up Your Learning Workflow

Recommended Folder Structure

Create a local directory structure for organizing your AWS learning:

aws-learning/
├── scripts/
│   ├── cli-commands/
│   ├── cloudformation/
│   └── automation/
├── documentation/
│   ├── notes/
│   ├── configurations/
│   └── troubleshooting/
├── projects/
│   ├── project-01-static-website/
│   ├── project-02-vpc-setup/
│   └── project-03-load-balancer/
└── certifications/
    ├── practice-exams/
    ├── study-notes/
    └── lab-exercises/

Documentation Best Practices

Keep Track Of:

  • Resource configurations and settings

  • Commands that worked vs. failed

  • Cost implications of different services

  • Security configurations applied

  • Troubleshooting steps for common issues


Learning Journal Template:

Date: [Date]
Service: [AWS Service Name]
Objective: [What you're trying to learn/accomplish]
Steps Taken: [Detailed steps]
Challenges: [Problems encountered]
Solutions: [How issues were resolved]
Cost Impact: [Estimated costs incurred]
Key Learnings: [Important takeaways]
Next Steps: [What to explore next]

Common Pitfalls and How to Avoid Them

Cost-Related Pitfalls

Forgetting Running Instances:

  • Set calendar reminders to check running resources

  • Use AWS Instance Scheduler for automatic shutdowns

  • Create shutdown scripts for practice sessions


Data Transfer Charges:

  • Be mindful of inter-region transfers

  • Use same availability zone for related resources

  • Monitor CloudFront usage carefully


Storage Costs:

  • Delete unused EBS volumes

  • Empty S3 buckets before deletion

  • Clean up old snapshots regularly


Security Mistakes

Overly Permissive Access:

  • Never use wildcard (*) permissions unnecessarily

  • Regularly review and clean up IAM policies

  • Use temporary credentials when possible


Public Access Misconfiguration:

  • Double-check S3 bucket policies

  • Review security group rules regularly

  • Use VPC endpoints for internal communication


Resource Management Strategy

Naming Conventions

Establish consistent naming patterns:

Format: [purpose]-[environment]-[service]-[description]
Examples:
- learning-dev-ec2-webserver
- saa-prep-s3-static-content
- practice-vpc-public-subnet-1a

Tagging Strategy

Implement comprehensive tagging from day one:

Required Tags:
- Environment: learning/development/production
- Purpose: saa-preparation/hands-on-practice/project
- Owner: your-name
- CostCenter: personal-learning
- DeleteAfter: yyyy-mm-dd (for temporary resources)

Resource Lifecycle Management

Daily Routine:

  • Check running EC2 instances

  • Review yesterday's costs

  • Clean up unused resources

  • Update learning documentation


Weekly Routine:

  • Comprehensive cost review

  • Security group audit

  • IAM permissions review

  • Backup important configurations


Monthly Routine:

  • Access key rotation

  • Complete cost analysis

  • Update learning plan based on progress

  • Archive completed project resources


Troubleshooting Common Setup Issues

Account Creation Problems

Payment Verification Issues:

  • Ensure card has international transactions enabled

  • Contact bank if payments are declined

  • Try different payment method if persistent issues


Phone Verification Failures:

  • Use landline if mobile verification fails

  • Ensure phone number format is correct

  • Contact AWS support if verification repeatedly fails


CLI Configuration Issues

Credential Problems:

# Check current configuration
aws configure list

# Test credentials
aws sts get-caller-identity

# Common error solutions
aws configure set region us-east-1
aws configure set output json

Permission Errors:

  • Verify IAM user has necessary permissions

  • Check if MFA is required for API access

  • Ensure access keys are active and correct


Console Access Issues

Login Problems:

  • Clear browser cache and cookies

  • Try incognito/private browsing mode

  • Verify account number and user credentials

  • Check if account is suspended (billing issues)


Service Access Denied:

  • Verify you're in the correct AWS region

  • Check IAM permissions for the specific service

  • Ensure you're using the correct user account


Next Steps in Your Learning Journey

Immediate Actions (First Week)

  1. Complete Environment Setup: Follow this guide step-by-step

  2. Explore the Console: Spend 1-2 hours navigating different services

  3. Practice CLI Commands: Run basic commands for major services

  4. Set Up Monitoring: Ensure all billing alerts are working

  5. Create First Resources: Launch a simple EC2 instance and S3 bucket


Week 2 Preparation

Start preparing for deeper AWS exploration:

  • VPC Fundamentals: Understanding networking basics

  • EC2 Deep Dive: Instance types, storage, and networking

  • S3 Storage Classes: When to use different storage options

  • Basic Monitoring: CloudWatch metrics and logs


Study Schedule Template

Daily (30-45 minutes):

  • 15 minutes: Review previous day's notes

  • 20 minutes: Hands-on practice with one service

  • 10 minutes: Update learning journal


Weekly (2-3 hours):

  • 1 hour: Complete a mini-project combining multiple services

  • 1 hour: Review AWS documentation for upcoming topics

  • 30 minutes: Take practice quiz questions


Security Checklist for Your Learning Environment

Essential Security Steps

  •  Root account MFA enabled

  •  Root account not used for daily activities

  •  IAM user created with appropriate permissions

  •  IAM user MFA enabled

  •  Strong passwords implemented

  •  Billing alerts configured

  •  CloudTrail logging enabled

  •  Access keys stored securely

  •  Security groups properly configured

  •  Regular permission audits scheduled


Ongoing Security Practices

Monthly Security Review:

  • Review IAM access advisor for unused permissions

  • Check CloudTrail logs for unusual activity

  • Rotate access keys

  • Update passwords

  • Review and clean up resources


Before Each Practice Session:

  • Verify current AWS region

  • Check existing running resources

  • Review yesterday's costs

  • Ensure proper tagging of new resources


Cost Optimization During Learning

Free Tier Monitoring

Track your Free Tier usage to avoid charges:

  • EC2: Monitor instance hours (750/month limit)

  • S3: Watch storage usage (5 GB limit)

  • Data Transfer: Track outbound transfer (15 GB/month)

  • RDS: Monitor database hours if using RDS


Cost-Effective Learning Strategies

Resource Management:

  • Use t2.micro instances exclusively for EC2 practice

  • Implement automatic shutdown for practice instances

  • Use lifecycle policies for S3 objects

  • Delete resources immediately after learning sessions


Alternative Learning Methods:

  • Use AWS CloudShell instead of local CLI when possible

  • Leverage AWS documentation and whitepapers

  • Utilize AWS training and certification resources

  • Join AWS community forums and study groups


Preparing for Advanced Topics

Foundation Building

This setup creates the foundation for exploring advanced AWS concepts:

Architecture Patterns: Your environment will support practicing:

  • Multi-tier applications

  • Microservices architectures

  • Serverless patterns

  • Hybrid cloud configurations


Service Integration: You'll be ready to combine:

  • Compute and storage services

  • Networking and security features

  • Monitoring and management tools

  • Development and deployment services


Resource Organization for Complex Projects

As you progress, organize resources by:

Architecture Layers:

  • Presentation tier resources

  • Application tier resources

  • Data tier resources

  • Management and monitoring resources


Environment Separation:

  • Development environment setup

  • Testing environment configuration

  • Production simulation environment


Conclusion

Setting up your AWS learning environment properly is an investment in your certification success. This foundation provides security, cost control, and organization that will serve you throughout your AWS journey. The habits you develop now—careful resource management, security consciousness, and systematic documentation—are the same practices used by professional cloud architects.

Take time to complete each step thoroughly rather than rushing through the setup. A well-configured environment will save you time, money, and frustration as you dive deeper into AWS services and prepare for your Solutions Architect Associate certification.

Remember, the goal isn't just to pass the exam—it's to build real-world skills that will make you an effective cloud architect. This environment setup is your first step toward that goal.

Coming Next Week: "VPC Fundamentals: Building Your First Virtual Private Cloud" - We'll dive deep into AWS networking concepts and create a production-ready VPC from scratch.


Additional Resources:

  • AWS Free Tier FAQ: https://aws.amazon.com/free/

  • AWS Well-Architected Framework: Essential reading for architects

  • AWS Training and Certification: Official learning paths and practice exams

Related Posts

See All

Comments

bottom of page