docs
First Steps
Create Root Account

Create Root Account

Ready to embark on your AWSLaunchGOAT 🐐 journey? Let's get you set up step by step.

1. Create an AWS Account

If you don't already have an AWS account, you'll need to create one:

  • Go to the AWS Signup Page: Visit aws.amazon.com (opens in a new tab) and click on "Create an AWS Account".
  • Provide Your Email: Enter your email address and choose a secure password.
  • AWS Account Name: Input a name for your AWS account (this could be your company or project name).
  • Billing Information: Enter your billing details. AWS may place a small, temporary charge on your card for verification.
  • Identity Verification: Provide a phone number for verification via SMS or voice call.
  • Select a Support Plan: Choose the Basic (Free) plan unless you require advanced support.
  • Confirmation: Wait for a confirmation email that your account is activated.

2. Enable MFA on Root Account 🔐

Enhance security by enabling Multi-Factor Authentication (MFA) on your AWS root account. This is a crucial security best practice to protect your account from unauthorized access.

  • Follow the Tutorial: Use this step-by-step video guide (opens in a new tab) to enable MFA on your root account.
  • Choose MFA Device: You can use a virtual MFA device (like Google Authenticator) or a hardware MFA device.
  • Activate MFA: In the AWS Management Console, navigate to "My Security Credentials" and follow the prompts to activate MFA.

3. Never Create Access Keys for your Root Account 🚫

For daily operations, never use the root account. It's crucial for security to minimize the use of your AWS root account and avoid creating access keys for it.

Why Avoid Using Root Access Keys?

  • Unrestricted Access: Root access keys provide full access to all resources in your AWS account without any limitations.
  • Security Risk: If someone gains access to your root access keys, they can control or delete everything in your AWS environment.
  • Best Practices: AWS recommends not using the root account for everyday tasks and avoiding the creation of root access keys.

Instead, in the next section we will create two accounts: production and staging.