DevOps(Day-39) : AWS and IAM Basics

DevOps(Day-39) : AWS and IAM Basics

TABLE OF CONTENTS

AWS

Amazon Web Services is one of the most popular Cloud Providers that have a free tier too for students and Cloud enthusiasts for their Hands-on while learning (Create your free account today to explore more on it.

User Data in AWS

  • When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives.

  • You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).

  • This will save time and manual effort every time you launch an instance and want to install any application on it like Apache, docker, Jenkins etc

IAM

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

Task 1: Configure user data in AWS

Aim: - Launch EC2 instance with already installed Jenkins on it. Once the server shows up in the console, hit the IP address in the browser and your Jenkins page should be visible.

  1. Navigate to AWS console and launch a new instance.

  2. Provide the suitable key pairs and security groups.

  3. Select the advanced settings in the instance creation page.

  4. Navigate to User-data section and write a shell script to install Jeknins on the server.

  5. Include the port 8080 which is the Jenkins default port in the security group of the server.

  6. Start the EC2 instance and using the public IP access the URL through port 8080.

  7. YOu can see Jenkins would be running now.

Task2: IAM Roles

  • IAM Users:- IAM users are created to provide specific privileges to a user of an IT team to access the AWS server. IAM users can log in to the AWS Management Console for interactive tasks, as well as the ability to make programmatic requests using the API & CLI. IAM Users can be assigned permissions directly or be part of a group with specific permissions.

    An IAM user has a name and password that they use to log in to the AWS management console. Users can also create up to two access keys that they can use for programmatic access to AWS.

  • IAM Groups:- An IAM group is a collection of users that share access control policies. The group members have permission to perform specified actions on objects within the group’s scope. For example, if you grant read-only access to all of your EC2 instances, then any group member will be able to view information about those instances.

  • IAM Roles:- IAM roles are identities you can create with specific permissions for short durations. You can assign IAM roles to entities you trust so that those entities can assume the role when needed. IAM Roles are primarily meant for internal use.

    An IAM role has no associated credentials (password or access keys). The lack of credentials is one of the main differences between a User and a Role. A role can be temporarily assumed by a user, service, or application that has been granted permission to assume the role.

Task Aim:- Create three Roles named: DevOps-User, Test-User and Admin

  1. Navigate to IAM console in AWS and go to roles.

  2. Select EC2 option in the page.

  3. Provide the specific permission as needed to the roles you are creating.

  4. Create a DevOps-User now.

  5. Then create a Test-User.

  6. Then create a Admin user.

  7. Now you can create a user and assign the roles to them.

Thanks for reading my article. Have a nice day.

WRITTEN BY Biswaraj Sahoo --AWS Community Builder | DevOps Engineer | Docker | Linux | Jenkins | AWS | Git | Terraform | Docker | kubernetes

Empowering communities via open source and education. Connect with me over linktree: linktr.ee/biswaraj333