# Getting started with Amazon Storage Gateway This section provides instructions for getting started with Amazon. You need an Amazon account before you can start using Amazon Storage Gateway. You can use an existing Amazon account, or sign up for a new account. You also need an IAM user in your Amazon account that belongs to a group with the necessary administrative permissions to perform Storage Gateway tasks. Users with the appropriate privileges can access the Storage Gateway console and Storage Gateway API to perform gateway deployment, configuration, and maintenance tasks. If you are a first-time user, we recommend that you review the [Supported Amazon regions](https://docs.amazonaws.cn/storagegateway/latest/tgw/available-regions-intro.html) and [Tape Gateway setup requirements](https://docs.amazonaws.cn/storagegateway/latest/tgw/Requirements.html) sections before you being working with Storage Gateway. This section contains the following topics, which provide additional information about getting started with Amazon Storage Gateway: **Topics** + [Sign Up for Amazon Storage Gateway](GettingStartedSignUpStep1-common.md) - Learn how to sign up for Amazon and create an Amazon account. + [Create an IAM user with administrator privileges](setting-up-create-iam-user.md) - Learn how to create an IAM user with administrative privileges for your Amazon account. + [Accessing Amazon Storage Gateway](WhatIsAPIIntro.md) - Learn how to access Amazon Storage Gateway through the Storage Gateway console or programmatically using the Amazon SDKs. + [Amazon Web Services Regions that support Storage Gateway](available-regions-intro.md) - Learn which Amazon Regions you can use to store your data when you activate your gateway in Storage Gateway. # Sign Up for Amazon Storage Gateway An Amazon Web Services account is a fundamental requirement for accessing Amazon services. Your Amazon Web Services account is the basic container for all of the Amazon resources you create as an Amazon user. Your Amazon Web Services account is also the basic security boundary for your Amazon resources. Any resources that you create in your account are available to users who have credentials for the account. Before you can start using Amazon Storage Gateway, you need to sign up for an Amazon Web Services account. If you do not have an Amazon Web Services account, use the following procedure to create one. **To sign up for Amazon Web Services** 1. Open [http://www.amazonaws.cn/](http://www.amazonaws.cn/) and choose **Sign Up**. 1. Follow the on-screen instructions. We also recommend that you require your users to use temporary credentials when accessing Amazon. To provide temporary credentials, you can use federation and an identity provider, such as Amazon IAM Identity Center. If your company already uses an identity provider, you can use it with federation to simplify how you provide access to the resources in your Amazon account. # Create an IAM user with administrator privileges After you create your Amazon account, use the following steps to create an Amazon Identity and Access Management (IAM) user for yourself, and then add that user to a group that has administrative permissions. For more information about using the Amazon Identity and Access Management service to control access to Storage Gateway resources, see [Identity and Access Management for Amazon Storage Gateway](security-iam.md). ## Secure IAM users After you sign up for an Amazon Web Services account, safeguard your administrative user by turning on multi-factor authentication (MFA). For instructions, see [Enable a virtual MFA device for an IAM user (console)](https://docs.amazonaws.cn/IAM/latest/UserGuide/id_credentials_mfa_enable_virtual.html#enable-virt-mfa-for-iam-user) in the *IAM User Guide*. To give other users access to your Amazon Web Services account resources, create IAM users. To secure your IAM users, turn on MFA and only give the IAM users the permissions needed to perform their tasks. For more information about creating and securing IAM users, see the following topics in the *IAM User Guide*: + [Creating an IAM user in your Amazon Web Services account](https://docs.amazonaws.cn//IAM/latest/UserGuide/id_users_create.html) + [Access management for Amazon resources](https://docs.amazonaws.cn/IAM/latest/UserGuide/access.html) + [Example IAM identity-based policies](https://docs.amazonaws.cn/IAM/latest/UserGuide/access_policies_examples.html) **Warning** IAM users have long-term credentials which present a security risk. To help mitigate this risk, we recommend that you provide these users with only the permissions they require to perform the task and that you remove these users when they are no longer needed. # Accessing Amazon Storage Gateway You can use the [Amazon Storage Gateway console](https://console.amazonaws.cn/storagegateway/home) to perform various gateway configuration and maintenance tasks, including activating or removing Storage Gateway hardware appliances from your deployment, creating, managing, and deleting the different types of gateways, creating, managing, and deleting tapes in your virtual tape library, and monitoring the health and status of various elements of the Storage Gateway service. For simplicity and ease of use, this guide focuses on performing tasks using the Storage Gateway console web interface. You can access the Storage Gateway console through your web browser at: [https://console.aws.amazon.com/storagegateway/home/](https://console.aws.amazon.com/storagegateway/home/). If you prefer a programmatic approach, you can use the Amazon Storage Gateway Application Programming Interface (API) or Command Line Interface (CLI) to set up and manage the resources in your Storage Gateway deployment. For more information about actions, data types, and required syntax for the Storage Gateway API, see the [Storage Gateway API Reference](https://docs.amazonaws.cn/storagegateway/latest/APIReference/Welcome.html). For more information about the Storage Gateway CLI, see the [Amazon CLI Command Reference](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/storagegateway/index.html). You can also use the Amazon SDKs to develop applications that interact with Storage Gateway. The Amazon SDKs for Java, .NET, and PHP wrap the underlying Storage Gateway API to simplify your programming tasks. For information about downloading the SDK libraries, see the [Amazon Developer Center](https://aws.amazon.com/code). For information about pricing, see [Amazon Storage Gateway pricing](https://www.amazonaws.cn/storagegateway/pricing). # Amazon Web Services Regions that support Storage Gateway An Amazon Web Services Region is a physical location in the world where Amazon has multiple Availability Zones. Availability Zones consist of one or more discrete Amazon data centers, each with redundant power, networking, and connectivity, housed in separate facilities. This means that each Amazon Web Services Region is physically isolated and independent of the other Regions. Regions provide fault tolerance, stability, and resilience, and can also reduce latency. The resources that you create in one Region do not exist in any other Region unless you explicitly use a replication feature offered by an Amazon service. For example, Amazon S3 and Amazon EC2 support cross-Region replication. Some services, such as Amazon Identity and Access Management, do not have Regional resources. You can launch Amazon resources in locations that meet your business requirements. For example, you might want to launch Amazon EC2 instances to host your Amazon Storage Gateway appliances in an Amazon Web Services Region in Europe to be closer to your European users, or to meet legal requirements. Your Amazon Web Services account determines which of the Regions supported by a specific service are available for you to use. + Storage Gateway—For supported Amazon Regions and a list of Amazon service endpoints you can use with Storage Gateway, see [Amazon Storage Gateway Endpoints and Quotas](https://docs.amazonaws.cn/general/latest/gr/sg.html) in the *Amazon Web Services General Reference*. + Storage Gateway Hardware Appliance—For supported Amazon Regions you can use with the hardware appliance, see [Amazon Storage Gateway Hardware Appliance Regions](https://docs.amazonaws.cn/general/latest/gr/sg.html#sg-hardware-appliance) in the *Amazon Web Services General Reference*.