Day 39 - AWS and IAM Basics

Day 39 - AWS and IAM Basics

Day 39 of 90daysofdevops

AWS

Amazon Web Service, or AWS, is an online platform providing cost-effective, scalable cloud computing solutions. It offers a range of on-demand operations, such as compute power, content delivery, database storage, and more, to help enterprises and organizations grow.

User Data in AWS

  • When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives.

  • You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).

  • This will save time and manual effort everytime you launch an instance and want to install any application on it like apache, docker, Jenkins etc

IAM

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

Task1

Launch EC2 instance with already installed Jenkins on it. Once server shows up in console, hit the IP address in browser and you Jenkins page should be visible.

Take screenshot of Userdata and Jenkins page, this will verify the task completion.

  • Navigate to AWS console and click on launch instance, enter name and select AMI.

  • Select instance type and key pair.

  • Configure network settings and security group.

  • Navigate to the User-data section and enter the following shell script to install Jeknins and docker on the server and then click on Launch Instance.

        #!/bin/bash
    
        sudo apt-get update && sudo apt-get install docker.io -y
        sudo apt install openjdk-11-jre -y
        curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
          /usr/share/keyrings/jenkins-keyring.asc > /dev/null
        echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
          https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
          /etc/apt/sources.list.d/jenkins.list > /dev/null
        sudo apt-get update
        sudo apt-get install jenkins -y
        sudo systemctl enable jenkins
        sudo systemctl start jenkins
        sudo systemctl start docker
    

  • Edit the security group that allows inbound traffic on port 8080 for Jenkins.

  • Copy Public-IP address and open in the browser with port 8080 and thus Jenkins is running on the server.


Task2

Read more on IAM Roles and explain the IAM Users, Groups and Roles in your own terms.

IAM Users: IAM users represent individuals or entities that interact with your AWS resources. Each user is given a unique set of security credentials (username and password or access key) to authenticate themselves. IAM users can be employees, administrators, or applications that require access to AWS resources. You can assign permissions to IAM users to define what actions they can perform on your resources.

IAM Groups: IAM groups are a way to organize and manage IAM users. Instead of assigning permissions to individual users, you can assign permissions to groups, and then add users to those groups. This allows for more efficient management of access control because you can assign permissions to multiple users at once by simply adding them to the appropriate group. For example, you might have a "Developers" group with permissions to access development resources, and any user added to that group automatically inherits those permissions.

IAM Roles: IAM roles are similar to IAM users, but they are not tied to a specific identity. Roles are meant to be assumed by trusted entities such as AWS services, applications, or federated users. When a role is assumed, it grants temporary security credentials that can be used to access AWS resources. Roles are useful when you have applications or services that need to access AWS resources on behalf of users or other services without needing to share long-term access keys. Roles can have policies attached to them, defining the permissions they possess.

IAM Users are individual entities with specific identities and permissions, IAM Groups allow you to organize and manage users by assigning permissions at a group level, and IAM Roles are used by trusted entities to assume temporary permissions and access AWS resources without the need for long-term access keys.

Create three Roles named: DevOps-User, Test-User and Admin.

  • Navigate to the IAM console in AWS and go to roles and click on Create Role.

  • Select Type and use case.

  • Add required permissions to the role.

  • Enter name and description and review role and then click on create.

  • Repeat the process for all three roles and see all roles are here. Now we can create users and assign roles to them.

Thank you for reading!!
~Shreya Gupta

Great initiative by the #trainwithshubham community. Thank you Shubham Londhe

#devops #90daysofdevops #aws #iam