1
Create your AWS account
Head to aws.amazon.com and click "Create an AWS Account." You'll need a valid email address, phone number, and a credit or debit card. AWS won't charge you unless you exceed the Free Tier limits.
- Use a dedicated email address (not your personal one) for the root account
- Choose a strong, unique password for root — you'll rarely log in with it
- Select the "Free Tier" support plan when prompted (it's free)
- Verify your phone number and billing address to activate the account
2
Secure your root account immediately
The root account has unlimited power over your AWS account. Securing it should be the very first thing you do — before anything else.
- Enable Multi-Factor Authentication (MFA) on root — use an authenticator app like Google Authenticator or Authy
- Never use root for everyday tasks — create an IAM admin user for daily work
- Do not create access keys for root — if they exist, delete them
- Set up a billing alert in CloudWatch so you're notified if costs exceed $5
3
Create an IAM admin user for daily work
IAM (Identity and Access Management) lets you create users with specific permissions. Create an admin user for yourself instead of always using root.
- Go to IAM → Users → Create User
- Attach the AdministratorAccess policy for your personal admin user
- Enable MFA on this user too
- Create access keys for this user — use them with the AWS CLI
- Create separate users with limited permissions for team members (least privilege)
4
Install and configure the AWS CLI
The AWS Command Line Interface lets you control all AWS services from your terminal. It's essential for automation and scripting.
- Download: aws.amazon.com/cli — available for Windows, Mac, and Linux
- Run
aws configure and enter your access key ID, secret key, region, and output format
- Test with
aws sts get-caller-identity — you should see your account ID
- Use named profiles for multiple accounts:
aws configure --profile myproject
5
Understand regions and availability zones
AWS is spread across 30+ geographic regions, each containing 2–6 isolated data centres called Availability Zones (AZs). Always choose the region closest to your users.
- Region — a geographic location (e.g., us-east-1 = N. Virginia)
- Availability Zone (AZ) — isolated data centre within a region (e.g., us-east-1a)
- Deploy across multiple AZs for high availability — if one fails, others keep running
- Some services (like IAM and CloudFront) are global — they have no region setting
- Most new learners should start with us-east-1 — it has every service and the most documentation
6
Launch your first EC2 instance
EC2 is a virtual server. Launching one is the first hands-on experience most AWS learners have — and a great way to understand how AWS works.
- Go to EC2 → Launch Instance in the AWS Console
- Choose Amazon Linux 2023 AMI (it's free tier eligible)
- Select t2.micro or t3.micro (free tier eligible)
- Create a key pair (.pem file) — save it safely, you need it to SSH in
- Allow SSH (port 22) and HTTP (port 80) in the security group
- Connect via SSH:
ssh -i key.pem ec2-user@YOUR_PUBLIC_IP
- Or use AWS Systems Manager (SSM) — no key pair needed, more secure
7
Host a static website on S3
S3 can serve HTML, CSS, and JavaScript files as a website — no server needed. It's the easiest way to get a site live on AWS.
- Create an S3 bucket with the same name as your domain
- Enable "Static website hosting" in bucket properties
- Upload your index.html and assets
- Make the bucket public (or use CloudFront with OAC for better security)
- Point your domain (via Route 53) to the S3 website endpoint or CloudFront
- Add a free HTTPS certificate via ACM and attach it to CloudFront
8
Set up billing alerts to avoid surprise charges
Unexpected AWS bills are the #1 fear of new learners. Set these up before anything else and you'll never be caught off-guard.
- Go to AWS Budgets → Create Budget → Zero-spend budget or Monthly cost budget
- Set threshold at $5 — you'll get an email the moment anything is charged
- Enable "Free Tier usage alerts" in Billing preferences
- Check the Cost Explorer dashboard weekly to understand what's running
- Always stop or terminate resources you're not using — especially EC2 and RDS
- Use the Trusted Advisor free checks for cost optimisation tips
9
Learn the 5 core services in depth
You don't need to learn all 200+ AWS services. Master these 5 first and you can build almost anything.
- EC2 — virtual servers. Understand instances, AMIs, security groups, and key pairs
- S3 — object storage. Buckets, objects, policies, versioning, and lifecycle rules
- IAM — permissions. Users, groups, roles, and policies (least privilege is key)
- VPC — networking. Subnets, route tables, internet gateways, and security groups
- RDS — databases. Managed MySQL/PostgreSQL with backups and Multi-AZ failover
10
Build a simple 3-tier architecture
The classic AWS pattern: a CloudFront CDN in front, an ALB routing to EC2 web servers, and an RDS database in a private subnet. Understanding this unlocks 80% of AWS use cases.
- Presentation layer — CloudFront CDN serving static assets from S3
- Application layer — EC2 instances (or Lambda) behind an ALB in public subnets
- Data layer — RDS or DynamoDB in private subnets (no internet access)
- Use security groups to enforce: internet → ALB → EC2 → RDS only
- Add Auto Scaling to EC2 to handle traffic spikes automatically
- Use CloudWatch alarms to alert on CPU, errors, and latency
💡
Pro tip: Use the AWS Free Tier wisely
The Free Tier gives you 12 months of EC2 (750 hrs/mo), S3 (5 GB), and RDS (750 hrs/mo) — plus permanent free tiers for Lambda, DynamoDB, and more. Set up billing alerts, stop instances when not in use, and you can learn AWS without spending a cent.