So You Want to Use the AWS Free Tier

Matt Fuller
10 min readJan 9, 2022

Amazon Web Services’ pay-as-you-go billing model makes it incredibly easy for anyone to create an account and start deploying infrastructure in just a few minutes. The “Free Tier” that AWS provides makes it even easier for students, developers, and startups to get started without any upfront commitment. Unfortunately, this free tier also makes it far too easy for anyone to begin consuming resources that eventually shift to a paid billing model with little warning. Accidental usage overages and hacked accounts can quickly lead to bills in the tens of thousands of dollars — just take a look these Reddit posts for some examples.

This post is written for students, beginners, or anyone who is looking to use AWS for the first time and take advantage of the free tier. We’ll cover the initial account setup, some basic security precautions, and configuring a budget to help alert you if something goes wrong.

Note: This is not a comprehensive guide to AWS security; it’s a quick start guide to the basics of setting up a new account with budget and security precautions to avoid cost overage.

Initial Account Setup

Compromised accounts are a leading cause of unexpected bills. Configuring your account securely from the start is crucial.

Summary

  • Sign up for AWS using an email address and password that you haven’t used anywhere else.
  • Use a “+” in your email to create a “new” address, such as “user+keyword@domain.com”
  • Use a strong password and save it in a password manager.
Use a strong and unique password.

To register for an AWS account, navigate to the AWS Signup page. You’ll need to provide an email address, password, account name, and then, on the next page, enter your contact details, including a phone number (be sure to use a number you’ll have access to long-term), which you may need to confirm via a text message code.

Payment Method

Next, you’ll need to enter a payment method. I strongly recommend signing up for a privacy.com account and generating a…

--

--

Matt Fuller

Founder of @CloudSploit , acquired by @AquaSecTeam . Former Infra / Security / Manager @Adobe , @Aviary & @Mozilla intern, @RITtigers grad, @NYC resident