Creating an AWS Account

Before you can launch a single server or store a single file on AWS, you need an account. Creating one takes about ten minutes, but the choices you make during sign-up (and the first thing you do afterward) shape how secure and cost-safe your account is for years. This page walks you through the full sign-up flow and then shows you the two tasks that matter most the moment you log in: setting a billing alarm and locking down the root user.

What an AWS account actually is

An AWS account is the top-level container for everything you build: your virtual servers, databases, storage, and the bill that ties it all together. AWS (Amazon Web Services, Amazon’s cloud platform) bills each account separately, and every resource you create lives inside exactly one account.

When you sign up, AWS automatically creates a special identity called the root user. The root user is the email address and password you register with, and it has complete, unrestricted power over the account, including the ability to close it and change billing. Because it is so powerful, the golden rule is: you create the root user, secure it, and then almost never use it again.

Warning: The root user can do everything, including things no one should do by accident, like deleting all your data or running up a huge bill. Treat the root credentials like the master key to a building, not your everyday office key.

What you need before you start

Item	Why AWS needs it	Notes
A valid email address	Becomes your root user login and gets all account alerts	Use a shared team inbox for company accounts, not a personal one
A credit or debit card	Identity verification and paying for usage beyond the Free Tier	A small temporary charge (often $1) is placed and refunded
A phone number	One-time verification via SMS or voice call	Must be reachable during sign-up
A strong, unique password	Protects the most powerful identity in the account	Store it in a password manager

Step-by-step: signing up

The entire sign-up happens in your web browser. There is no AWS CLI (Command Line Interface, the text-based tool for controlling AWS) command to create an account, because you have no credentials yet. The CLI comes later, after the account exists.

1. Go to https://aws.amazon.com and choose Create an AWS Account (top-right).
2. Enter your email address and a name for the account (for example, acme-prod or jane-personal). Verify the email with the code AWS sends you.
3. Set a strong root user password and confirm it.
4. Choose the account type: Personal or Business. The difference is only the tax/billing fields; the technical capabilities are identical. Fill in your name, address, and phone number.
5. Enter your credit or debit card details. AWS may place a small temporary authorization charge to confirm the card is real, then refund it.
6. Complete phone verification. AWS sends a code by SMS or automated voice call; type it in.
7. Choose a support plan (see the table below). For learning and small projects, pick Basic — it is free.
8. You’ll land on the AWS Management Console. Sign-up is complete.

Tip: Sign-up can take a few minutes to fully activate behind the scenes. If you try to launch a resource and get an “account not yet activated” message, wait 5-10 minutes and try again.

Choosing a support plan

AWS offers paid support tiers. You select one at sign-up, but you can change it anytime later in the Billing console, so don’t overthink it now.

Plan	Monthly cost	Who it’s for	Key feature
Basic	$0	Everyone starting out	Docs, forums, and account/billing support only
Developer	From ~$29	Experimenting / non-production	Business-hours email support
Business	From ~$100 (scales with spend)	Production workloads	24/7 phone/chat, fast response times
Enterprise	From ~$15,000	Large mission-critical estates	Dedicated Technical Account Manager (TAM)

When to use Basic: learning, side projects, anything where you can rely on documentation and community help. Choose Basic at sign-up — upgrade only when a real production system needs guaranteed support response times.

Your first task: set a billing alarm

The single most common beginner mistake is leaving something running and discovering a surprise bill. Set up cost monitoring immediately. A CloudWatch billing alarm (CloudWatch is AWS’s monitoring service) emails you when your estimated charges cross a threshold you choose.

Console steps:

1. First enable billing alerts: open the Billing and Cost Management console, go to Billing preferences, and turn on Receive CloudWatch billing alerts.
2. Go to the CloudWatch console and switch the Region (the geographic area where resources run) to US East (N. Virginia) — billing metrics only publish there.
3. Choose Alarms then Create alarm, select the Billing metric named EstimatedCharges.
4. Set the threshold (for example, greater than 10 USD), point the notification at your email, and confirm the subscription email.

The same alarm via the CLI (once you’ve installed it and created admin credentials — see Related Topics):

aws cloudwatch put-metric-alarm \
  --alarm-name "billing-over-10-usd" \
  --namespace "AWS/Billing" \
  --metric-name "EstimatedCharges" \
  --dimensions Name=Currency,Value=USD \
  --statistic Maximum \
  --period 21600 \
  --evaluation-periods 1 \
  --threshold 10 \
  --comparison-operator GreaterThanThreshold \
  --alarm-actions arn:aws:sns:us-east-1:123456789012:billing-alerts \
  --region us-east-1

Output:

(no output on success; the command returns exit code 0)

Cost note: The Free Tier covers many services for the first 12 months (and some forever), but it is easy to exceed. A billing alarm costs nothing and is the cheapest insurance you’ll ever buy.

Your second task: secure root and create an admin user

Right after signup you are logged in as root. Do not stay there. The recommended pattern is:

1. Enable MFA on the root user. MFA (Multi-Factor Authentication, a second login factor like a phone app code) makes a stolen password useless on its own. Go to IAM then your account name then Security credentials then Assign MFA device.
2. Create an admin IAM user. IAM (Identity and Access Management, AWS’s permissions service) lets you make day-to-day logins that are separate from root. Give this user the AdministratorAccess policy and use it for everything from now on.
3. Stop using root. Reserve root only for the rare tasks that require it (closing the account, changing the support plan, some billing settings).

Create the admin user from the CLI (after a one-time root-created access key, which you should delete afterward):

aws iam create-user --user-name admin
aws iam attach-user-policy \
  --user-name admin \
  --policy-arn arn:aws:iam::aws:policy/AdministratorAccess

Output:

{
    "User": {
        "Path": "/",
        "UserName": "admin",
        "UserId": "AIDA0A1B2C3D4E5F6G7H8",
        "Arn": "arn:aws:iam::123456789012:user/admin",
        "CreateDate": "2026-06-15T10:42:11+00:00"
    }
}

Best Practices

• Use a team-owned email (or a distribution list) for the root user so access doesn’t vanish when one person leaves.
• Enable MFA on the root user within minutes of signing up — this is the highest-impact security step you can take.
• Create an AdministratorAccess IAM user and do all daily work there; never share root credentials.
• Set a CloudWatch billing alarm before launching anything, and check the Free Tier dashboard regularly.
• Store the root password and MFA recovery codes in a password manager, not a sticky note or a chat message.
• Start on the Basic (free) support plan and upgrade only when a production workload truly needs it.

Related Topics

• Securing the root account
• Understanding the AWS Free Tier
• A tour of the AWS Console
• Installing the AWS CLI
• Choosing a support plan