Getting started: Are you a first-time AWS user? - AWS Account Management

Getting started: Are you a first-time AWS user?

For a step-by-step walk through of creating an AWS account, and then creating your first admin user by using AWS Identity and Access Management (IAM), see Getting started with an AWS account.

If you're a first-time user of AWS, then your first step is to sign up for an AWS account. When you do this, AWS creates the new AWS account with the details that you provide and assigns it to you.

A brand new AWS account begins with only its built-in root user, the intrinsic administrator for the account. You can sign in to the AWS Management Console as the root user by using the email address and password that you provided when you signed-up.

Important

We strongly recommend that you use the root user for only the following tasks:

  • Creating your first administrative user in AWS Identity and Access Management (IAM). You can then use this IAM admin user to perform your administrative tasks instead of the root user. The Getting started tutorial shows you how to create this first user.

  • Performing tasks that only the root user can perform. For a list of these tasks, see Tasks that require root user credentials.

  • Protecting your root user credentials by using the recommended best practices.

For all other tasks, sign in to the AWS Management Console or the AWS Command Line Interface (AWS CLI) using the credentials of one of the following:

  • An IAM user with attached permission policies that allow the required tasks.

  • An IAM role with attached permission policies that allow the required tasks. You access the role using some form of federation, such as by using AWS Single Sign-On (AWS SSO), or a SAML 2.0 provider such as Microsoft Active Directory Federation Services.

After you sign in as the root user for the very first time, we recommend that you enable multi-factor authentication (MFA) to help secure this critical user.

Next, you can create an IAM user that has administrator permissions in your AWS account. This user can do almost anything in your account, except for a few tasks that are restricted to only the root user.

Getting started with an AWS account

Follow these steps to create your AWS account. After you create your account, sign in as the root user to create an IAM user to use for your daily administrative tasks.

Prerequisites

To sign up for an AWS account, you need to provide the following information:

  • An account name – The name of the account appears in several places, such as on your invoice, and in consoles such as the Billing and Cost Management dashboard and the AWS Organizations console.

    We recommend that you use an account naming standard so that the account name can be easily recognized and distinguished from other accounts that you might own. If it's a company account, consider using a naming standard such as organization-purpose-environment (for example, AnyCompany-audit-prod). If it's a personal account, consider using a naming standard such as first name-last name-purpose (for example, paulo-santos-testaccount).

    You can change the account name in your account settings after you sign up. For more information, see How do I change the name on my AWS account?

  • An email address – This email address is used as the sign-in name for the account's root user, and is required for account recovery, such as if you forget the password. You must be able to receive email messages that are sent to this address. Before you can perform certain tasks, you must verify that you have access to email sent to this address.

    Important

    If this account is for a business, we recommend that you use a corporate distribution list (for example, it.admins@example.com). Avoid using an individual's corporate email address (for example, paulo.santos@example.com). This approach helps to ensure that your company can retain access to the AWS account even when an employee changes positions or leaves the company. The email address can be used to reset the account's root user credentials. Be sure that you protect access to this distribution list or address.

  • A phone number – This number can be used when confirmation of account ownership is required. You must be able to receive calls at this phone number.

    Important

    If this account is for a business, we recommend that you use a corporate phone number rather than a personal phone number. This helps to ensure that your company can retain access to the AWS account even when an employee changes positions or leaves the company.

  • A multi-factor authentication device. – To secure your AWS resources, enable multi-factor authentication (MFA) on the root account.

Step 1: Create your AWS account

  1. Open the AWS home page in your browser.

  2. Choose Create an AWS account.

    Note

    If you signed in to AWS recently, choose Sign in to the Console. If the option Create a new AWS account isn't visible, first choose Sign in to a different account, and then choose Create a new AWS account.

  3. Enter your account information, and then choose Continue. Be sure that you enter your account information correctly, especially your email address. If you enter your email address incorrectly, you can't access your account.

  4. Choose Personal or Professional. The difference between these options is only in the information that we ask you for. Both account types have the same features and functions.

  5. Enter your company or personal information. Refer to the recommendations in the Prerequisites section about the email address and phone number.

  6. Read and accept the AWS Customer Agreement. Be sure that you read and understand the terms of the AWS Customer Agreement.

  7. Choose Create Account and Continue.

    At this point, you'll receive an email message to confirm that your AWS account is ready to use. You can sign in to your new account by using the email address and password you provided during sign up. However, you can't use any AWS services until you finish activating your account.

  8. On the Payment Information page, enter the information about your payment method. If you want to use a different address for billing purposes than you provided in Step 3, choose Use a new address and then enter the address to use for billing purposes.

  9. Choose Verify and Add.

    Note

    If your contact address is in India, your user agreement for your account is with Amazon Internet Services Private Limited (AISPL), a local AWS seller in India. You must provide your CVV as part of the verification process. You might also have to enter a one-time password, depending on your bank. AISPL charges your payment method 2 INR as part of the verification process. AISPL refunds the 2 INR after it completes verification.

  10. Next, you must verify your phone number. Choose your country or region code from the list, and enter a phone number where you can be called in the next few minutes. Enter the CAPTCHA code, and submit.

  11. The AWS automated verification system calls you and provides a PIN. Enter the PIN using your phone and then choose Continue.

  12. Finally, you can select your AWS Support plan. Choose one of the available plans. For a description of the available plans, see Compare AWS Support plans.

    A confirmation page appears that indicates that your account is being activated. This usually takes only a few minutes but can sometimes take up to 24 hours. During activation, you can sign in to your new AWS account. Until activation is complete, you might see a Complete Sign Up button. You can ignore it.

    AWS sends a confirmation email message when account activation is complete. Check your email and spam folder for the confirmation email message. After you receive this message, you have full access to all AWS services.

Troubleshooting delays in account activation

Account activation can sometimes be delayed. If the process takes more than 24 hours, check the following:

  • Finish the account activation process.

    You might have accidentally closed the window for the sign-up process before you added all the necessary information. To finish the sign-up process, open the registration page. Then, choose Sign in to an existing AWS account, and sign in using the email address and password you chose for the account.

  • Check the information associated with your payment method. Check Payment Methods in the AWS Billing and Cost Management console. Fix any errors in the information.

  • Contact your financial institution. Financial institutions occasionally reject authorization requests from AWS. Contact your payment method's issuing institution, and ask that they approve authorization requests from AWS.

    Note

    AWS cancels the authorization request as soon as it's approved by your financial institution. You aren't charged for authorization requests from AWS. Authorization requests might still appear as a small charge (usually 1 USD) on statements from your financial institution.

  • Check your email for requests for additional information. Check your email and spam folder to see if AWS needs any information from you to complete the activation process.

  • Try a different browser.

  • Contact AWS Support. Contact AWS Support for help. Be sure to mention any troubleshooting steps that you already tried

    Note

    Don't provide sensitive information, such as credit card numbers, in any correspondence with AWS.

Step 2: Sign in to your new account's root user

After you successfully create your account, you can sign in and begin to use AWS services.

To sign in to your new account as the root user, see Signing in as the AWS account root user.

Step 3: Enable multi-factor authentication for your root user

We strongly recommend that you enable MFA on the root user of your account. This dramatically lowers the risk of someone being able to access your account without your authorization. For more information, see Activate MFA on the AWS account root user.

Step 4: Create an IAM administrator user

Because you can't restrict what a root user can do, we strongly recommend that you don't use your root user for any tasks that don't explicitly require the root user. Instead, create an IAM user that has administrative permissions, and sign in as that IAM user for your daily administrative tasks.

For instructions on how to create such a user, see Creating your first IAM admin user in the IAM User Guide.