Skip to content

AWS Accounts

An AWS account is a container that holds identities and AWS resources. It's the foundation for managing your cloud infrastructure on Amazon Web Services.

Identities

In an AWS account, there are three types of identities:

  • Users: Individual accounts that can be used to access AWS resources.
  • Groups: Collections of users that can be used to manage permissions and access to AWS resources.
  • Roles: Predefined sets of permissions that can be assigned to users or groups to grant them specific access to AWS resources.

Creating an AWS Account

When creating an AWS account, you need to provide the following information:

  • Account Name: A unique name for your AWS account.
  • Unique Email Address: Every AWS account requires a unique email address. This email address is used to create the special type of identity called the Account Root User.
  • Credit Card: You can use the same credit card for multiple AWS accounts.

Email Trickie Option

When creating multiple AWS accounts, it can be challenging to manage unique email addresses for each account. That's where the Gmail trick comes in handy.

Did you know that you can use a single Gmail address with a "+" symbol followed by a label to create multiple email addresses? For example:

  • john.smith@gmail.com - one account
  • john.smith+production@gmail.com - second account
  • john.smith+development@gmail.com - third account

All emails sent to these addresses will be received in the same inbox: john.smith@gmail.com. This trick helps you avoid creating multiple email accounts and makes it easier to manage your AWS accounts.

Account Root User

The Account Root User has full control over all AWS resources and cannot be restricted. This user is created automatically when you sign up for an AWS account.

IAM Identities

Any identity managed by the IAM (Identity and Access Management) service starts with no permissions. To grant permissions to an identity, you must explicitly do so.

Default Permissions

By default, all access to an AWS account and its resources is denied, except for the Account Root User. This means that any user or group attempting to access an AWS resource without explicit permission will be blocked.