Sahil Kaushal's Blog
Day 38 : Getting Started with AWS Basics

Day 38 : Getting Started with AWS Basics

DevOps Learning

Sahil Kaushal's photo
Sahil Kaushal
·

7 min read

Table of contents

Amazon Web Services (AWS) is a comprehensive and widely adopted cloud computing platform provided by Amazon. It offers a vast array of services that help businesses and developers build, deploy, and manage applications in the cloud.

Key Components of AWS:

  1. Compute:

    • Amazon EC2 (Elastic Compute Cloud): Provides scalable virtual servers for running applications.

    • AWS Lambda: Enables running code without provisioning or managing servers, known as serverless computing.

  2. Storage:

    • Amazon S3 (Simple Storage Service): Scalable object storage for data backup, archiving, and analytics.

    • Amazon EBS (Elastic Block Store): Persistent block storage for use with Amazon EC2 instances.

  3. Databases:

    • Amazon RDS (Relational Database Service): Managed relational database service for databases like MySQL, PostgreSQL, and Oracle.

    • Amazon DynamoDB: Fully managed NoSQL database service.

  4. Networking:

    • Amazon VPC (Virtual Private Cloud): Allows you to create isolated networks within the AWS cloud.

    • Amazon Route 53: Scalable Domain Name System (DNS) web service.

  5. Machine Learning and AI:

    • Amazon SageMaker: A fully managed service for building, training, and deploying machine learning models.

    • Amazon Rekognition: Image and video analysis service.

  6. Security:

    • AWS Identity and Access Management (IAM): Manages access to AWS services and resources securely.

    • AWS Shield: Managed DDoS protection service.

Benefits of AWS

  • Scalability: Easily scale applications up or down based on demand.

  • Cost-Effectiveness: Pay-as-you-go pricing model helps reduce costs.

  • Flexibility: Wide range of services and tools to build and deploy applications.

  • Global Reach: Data centers located around the world ensure low latency and high availability.

  • Security: Robust security measures and compliance certifications.

Use Cases

  • Web Hosting: Host websites and web applications with high availability and scalability.

  • Big Data Analytics: Process and analyze large datasets using services like Amazon EMR (Elastic MapReduce).

  • Disaster Recovery: Implement disaster recovery solutions with minimal downtime.

  • IoT Applications: Connect and manage IoT devices securely and efficiently.

AWS Identity and Access Management (IAM) :

IAM is a web service that helps you securely control access to AWS resources. It allows you to manage permissions and control who can access specific resources within your AWS environment. Here’s a detailed explanation:

Key Concepts of IAM:

  1. Users:

    • IAM Users: These are individuals or services that need access to your AWS resources. Each user has a unique set of credentials (username and password, access keys) and can be assigned specific permissions.

  2. Groups:

    • IAM Groups: These are collections of IAM users. You can assign permissions to a group, and all users within that group inherit those permissions. This simplifies management by allowing you to set permissions for multiple users at once.

  3. Roles:

    • IAM Roles: These are similar to users but are intended to be assumed by anyone who needs them. Roles are used to grant permissions to AWS services or users from other AWS accounts. They are particularly useful for granting temporary access.

  4. Policies:

    • IAM Policies: These are JSON documents that define permissions. Policies specify what actions are allowed or denied on which resources. They can be attached to users, groups, or roles.

How IAM Works

  1. Authentication:

    • When a user or service tries to access AWS resources, IAM verifies their identity using their credentials. This process is known as authentication.

  2. Authorization:

    • After authentication, IAM checks the policies attached to the user, group, or role to determine what actions they are authorized to perform. This process is known as authorization.

Key Features of IAM

  1. Fine-Grained Access Control:

    • IAM allows you to create detailed policies that specify exactly what actions are allowed or denied. This ensures that users have only the permissions they need to perform their tasks.

  2. Multi-Factor Authentication (MFA):

    • IAM supports MFA, which adds an extra layer of security by requiring users to provide a second form of authentication (e.g., a code from a mobile device) in addition to their password.

  3. Federation:

    • IAM supports federated access, allowing users to access AWS resources using their existing corporate credentials. This is useful for integrating with identity providers like Active Directory.

  4. Temporary Security Credentials:

    • IAM can generate temporary security credentials for users or services that need short-term access to AWS resources. This is useful for granting temporary access without sharing long-term credentials.

Best Practices for Using IAM

  1. Least Privilege Principle:

    • Grant users only the permissions they need to perform their tasks. Avoid using the root account for everyday tasks.

  2. Use Groups to Assign Permissions:

    • Assign permissions to groups rather than individual users to simplify management.

  3. Enable MFA:

    • Enable MFA for all users, especially those with administrative privileges.

  4. Regularly Review Permissions:

    • Regularly review and update permissions to ensure they are still appropriate for the users’ roles.

  5. Use Roles for Applications:

    • Use IAM roles to grant permissions to applications running on AWS services like EC2, rather than embedding credentials in the application code.

IAM is a powerful tool that helps you manage access to your AWS resources securely and efficiently. By following best practices and leveraging IAM’s features, you can ensure that your AWS environment remains secure and well-managed.

Let's put this knowledge into practice.

Task 1 :

Create an IAM user with username of your own wish and grant EC2 Access. Launch your Linux instance through the IAM user that you created now and install Jenkins and Docker on your machine via single Shell Script.

Step 1: Create an IAM User and Grant EC2 Access

  1. Sign in to the AWS Management Console.

  2. Navigate to the IAM Console:

    • Go to the IAM service.

  3. Create a New User:

    • Click on Users in the left-hand menu.

    • Click on Add user.

    • Enter a username of your choice (e.g., devops_user).

    • Check- Provide user access to the AWS Management Console.

    • Select I want to create an IAM user for access type.

  4. Attach Policies:

    • Click on Attach existing policies directly.

    • Search for and select the AmazonEC2FullAccess policy.

    • Click Next: Tags, then Next: Review, and finally Create user.

    • In Retrieve password make sure you download the csv file.

  5. Download Credentials:

    • Download the .csv file containing the username and password for console.

  6. Login to the console using the newly created user.

  7. Go to EC2 \> Launch instance.

    • Add Name.

    • Select Ubuntu image.

    • Generate new Key pair.

    • In Network settings > Check Allow HTTP traffic from the internet.

    • In Configure storage > Set volume to 16 GiB.

    • Click on Launch Instance.

Step 2: Install Jenkins and Docker on the EC2 Instance via Shell Script

  1. Connect to the EC2 Instance:

    • Use SSH to connect to your instance.

  2. Create and Run the Shell Script:

    • Create a shell script to install Jenkins and Docker.
    #!/bin/bash
    # Update the package index
    sudo apt update -y

    # Install Docker
    sudo apt install -y docker.io

    sudo systemctl start docker
    sudo systemctl enable docker

    # Add the current user to the docker group
    sudo usermod -aG docker $USER

    #install java
    sudo apt install -y fontconfig openjdk-17-jre

    # Install Jenkins
    sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
      https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
    echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \
      https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
      /etc/apt/sources.list.d/jenkins.list > /dev/null

    sudo apt update -y
    sudo apt-get install -y jenkins

    sudo systemctl start jenkins
    sudo systemctl enable jenkins

  • Save the script as install_jenkins_docker.sh.

  • Make the script executable and run it:

    chmod +x install_jenkins_docker.sh
    ./install_jenkins_docker.sh

This script will update the package index, install Docker, start and enable Docker, add the current user to the Docker group, install Jenkins, start and enable Jenkins, and finally print the Jenkins initial admin password.

Task 2:

In this task you need to prepare a devops team of avengers. Create 3 IAM users of avengers and assign them in devops groups with IAM policy.

Step 1: Create IAM Users

  1. Sign in to the AWS Management Console.

  2. Navigate to the IAM Console:

    • Go to the IAM service.

  3. Create New Users:

    • Click on Users in the left-hand menu.

    • Click on Add user.

    • Enter the usernames (e.g., IronMan, CaptainAmerica, BlackWidow).

    • Follow the instructions mentioned above for reference.

    • Set a custom password or let AWS generate one.

  4. You should see you users.

Step 2: Create a DevOps Group and Attach Policy

  1. Create a DevOps Group:

    • In the IAM console, click on User groups in the left-hand menu.

    • Click on Create group.

    • Enter a group name (e.g., DevOpsAvengers).

    • Select the users you created (IronMan, CaptainAmerica, BlackWidow) under Add user to group.

    • Under Attach permissions policies add AmazonEC2FullAccess.

    • Click on Create user group.

Step 4: Verify the Setup

  1. Verify Users and Group:

    • Ensure that the users are listed under the DevOpsAvengers group.

    • Go to IAM > User groups > DevOpsAvengers.

    • To Check the AmazonEC2FullAccess policy is attached to the group. Go to Permissions tab.

Thank you for reading😉.

AWSaws iam policiesTrainWithShubham#90daysofdevops