Day 42 :  IAM Programmatic access and AWS CLI

Day 42 : IAM Programmatic access and AWS CLI

DevOps Learning

IAM Programmatic Access

IAM (Identity and Access Management) programmatic access allows users or services to interact with AWS resources through APIs, SDKs, or command-line tools like the AWS CLI. This is essential for automating tasks, managing resources, and accessing data without manual intervention.

Key components:

  1. Access Keys:

    • Access Key ID: A unique identifier for the access key.

    • Secret Access Key: A secret key used to sign requests.

    • These keys are used to authenticate programmatic requests to AWS services.

  2. Temporary Security Credentials:

    • Generated using AWS STS (Security Token Service).

    • Include an access key ID, secret access key, and a security token.

    • These credentials are temporary and expire after a specified period, enhancing security.

  3. IAM Roles:

    • Provide temporary security credentials for programmatic access.

    • Useful for granting permissions to applications running on AWS services like EC2 instances.

Granting Programmatic Access:

  1. Creating IAM Users:

    • Navigate to the IAM console.

    • Create a new user and enable programmatic access.

    • Attach necessary policies to grant permissions.

  2. Using IAM Roles:

    • Create a role with the required permissions.

    • Assign the role to AWS services or applications.

The above process is already mentioned in Day 39, so you can refer that.

AWS CLI (Command Line Interface)

The AWS CLI is a unified tool to manage AWS services from the command line. It allows you to control multiple AWS services and automate them through scripts.

Key Features:

  1. Installation:

    • Available for Windows, macOS, and Linux.

    • Install using package managers like pip for Python.

  2. Configuration:

    • Configure the CLI with your access keys using the aws configure command.

    • Set default region and output format.

  3. Commands:

    • Use commands to interact with AWS services. For example:

        aws iam ls
      
    • Supports a wide range of services like EC2, S3, IAM, and more.

  4. Profiles:

    • Manage multiple sets of credentials using named profiles.

    • Switch between profiles using the --profile flag.

  5. Automation:

    • Integrate with CI/CD pipelines for automated deployments.

    • Use in scripts to perform repetitive tasks.

Task-01

  • Create AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from AWS Console.

Solution:

The prerequisite steps are already mentioned in Day 39, so you can refer to that.

Create Access keys.

  • Go to IAM > Users > devops_user > Security credentials > Access keys.

  • Create Access Key.

  • Click on Command Line Interface (CLI), confirm it, and then click Next.

  • Set description tag if you want, Click on Create access key.

  • Download the .csv file containing the Access Key, which will be used to configure the AWS CLI.

Task-02

  • Setup and install AWS CLI and configure your account credentials.

Solution:

  • Use the access key and secret key to configure the AWS CLI for the IAM user.

  • Add the AWS Access Key ID and AWS Secret Access Key; you can leave the other fields empty.

      aws configure
    

  • And now you can use AWS CLI.

Thank you for reading😉.