Saikat Mukherjee's blog
Getting Started with AWS Basics ☁& AWS IAM Basics☁

Getting Started with AWS Basics ☁& AWS IAM Basics☁

#90 Days of DevOps Challenge - Day 38 & 39

Saikat Mukherjee's photo
Saikat Mukherjee
·

8 min read

Table of contents

Define AWS:-

The full form of AWS is Amazon Web Services. It is a platform that offers flexible, reliable, scalable, easy-to-use and, cost-effective cloud computing solutions. AWS is a comprehensive, easy to use computing platform offered Amazon. The platform is developed with a combination of infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service (SaaS) offerings.

It provides over 170 AWS services to the developers so they can access them from anywhere at the time of need. AWS has customers in over 190 countries worldwide, including 5000 ed-tech institutions and 2000 government organizations. Many companies like ESPN, Adobe, Twitter, Netflix, Facebook, BBC, etc., use AWS services.

User Data in AWS:

  • When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives.

  • You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).

  • This will save time and manual effort every time you launch an instance and want to install any application on it like Apache, docker, Jenkins etc

What is IAM:

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

How Does IAM Work?

The IAM workflow includes the following six elements:

  1. A principal is an entity that can perform actions on an AWS resource. A user, a role or an application can be a principal.

  2. Authentication is the process of confirming the identity of the principal trying to access an AWS product. The principal must provide its credentials or required keys for authentication.

  3. Request: A principal sends a request to AWS specifying the action and which resource should perform it.

  4. Authorization: By default, all resources are denied. IAM authorizes a request only if all parts of the request are allowed by a matching policy. After authenticating and authorizing the request, AWS approves the action.

  5. Actions are used to view, create, edit or delete a resource.

  6. Resources: A set of actions can be performed on a resource related to your AWS account.

Basic Components of IAM:-

AWS for Beginners: What is IAM (Identity and Access Management) and Best Practices : Part 5 - Amazon Web Services (AWS)

  • Users:- An IAM user is an identity with an associated credential and permissions attached to it. This could be an actual person who is a user, or it could be an application that is a user. With IAM, you can securely manage access to AWS services by creating an IAM user name for each employee in your organization. Each IAM user is associated with only one AWS account. By default, a newly created user is not authorized to perform any action in AWS. The advantage of having one-to-one user specification is that you can individually assign permissions to each user.

  • Groups:- A collection of IAM users is an IAM group. You can use IAM groups to specify permissions for multiple users so that any permissions applied to the group are applied to the individual users in that group as well. Managing groups is quite easy. You set permissions for the group, and those permissions are automatically applied to all the users in the group. If you add another user to the group, the new user will automatically inherit all the policies and the permissions already assigned to that group. This lessens the administrative burden.

  • Roles:- IAM roles are similar to users but are meant for entities outside of your AWS account. Roles can be assumed by AWS services, applications, or federated users from other identity providers.

Policies:- An IAM policy sets permission and controls access to AWS resources. Policies are stored in AWS as JSON documents. Permissions specify who has access to the resources and what actions they can perform. For example, a policy could allow an IAM user to access one of the buckets in Amazon S3. The policy would contain the following information:

  1. Who can access it

  2. What actions the user can take

  3. Which AWS resources that user can access

  4. When they can be accessed

In JSON format that would look like this:

Task1:

Create an IAM user with the username of your own wish and grant EC2 Access. Launch your Linux instance through the IAM user that you created now and install Jenkins and docker on your machine via a single Shell Script.

Step 1:- First we need to login to the AWS(Amazon Management console) and navigate to IAM Service.

Step 2:- Now we need to click on "Users"-> click on "Add users"

Step 3:- After clicking on add users need to give any name and then check the below message box

Now we need to select any option either autogenerated or custom and click on next

Step 4:- Now we need to select attach policies directly -> search for AmazonEC2FullAccess and select the check box and click on next

Step 5:- Review the all details and click on Create User

Step 6:- Now we need to note down the user name and password for login the AWS console

Step 7:- Using the credentials which we have created the need to login the AWS

We can able to access using the credentials and we can verify the user id which i have highlighted in below image

Step 8:- Now we need to launch EC2 machine

Step 9:- Now we need to SSH to the machine and need to write shell script where Jenkins and docker installing will be mentioned

vi installition.sh

COPY
#!/bin/bash
sudo apt update
sudo apt install openjdk-11-jre -y

curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
  /usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
  /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins -y

sudo systemctl enable jenkins
sudo systemctl start jenkins

sudo apt-get update
sudo apt-get install docker.io -y
sudo systemctl start docker

and now we need to change the permission for that particular file

Step 10:- Now we can execute the script file

./<file_name>.sh 
# Ex:- ./installition.sh

Now we can see the installation was successful.

Step 11:- Now we check whether we can able to access Jenkins or not

Public IP address:port_number
#Ex:- 54.161.28.169:8080

Task2:-

In this task, you need to prepare a DevOps team of Avengers. Create 3 IAM users of Avengers and assign them to DevOps groups with IAM policy.

Step 1:- First we need to create group for that click on User groups -> create groups

and then we need to give the group name "Avengers" and we can give few access such as AmazonEC2FullAccess and AmazonS3FullAccess and click on Creategroup

Step 2:- Now we need to create user and add to Avengers the group

Task3: Install Jenkins using User Data in Linux Server

  1. Lunch the EC2 instance with already installed Jenkins on it. Once the server shows up in the console, hit the IP address in the browser and your Jenkins page should be visible.

  2. Take a screenshot of the Userdata and Jenkins page, this will verify the task completion.

Step 1:- First navigate to the AWS console and launch the EC2 machine

Now we need to select the instance type and key pair and Network Settings

Step 2:- After that click on Advance details-> User data and need to write the shell script where Jenkins installation steps will be mentioned and click on launch instance

#!/bin/bash
 sudo apt update
 sudo apt install openjdk-11-jre -y

 curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
   /usr/share/keyrings/jenkins-keyring.asc > /dev/null
 echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
   https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
   /etc/apt/sources.list.d/jenkins.list > /dev/null
 sudo apt-get update
 sudo apt-get install jenkins -y

  sudo systemctl enable jenkins
  sudo systemctl start jenkins

Step 3:- After clicking on Launch instance after some time we can see the server is up and running and in the background Jenkins also installed

Step 4:- Now we check whether we can able to access Jenkins or not

Public IP address:port_number
#Ex:- 3.89.222.130:8080

Task 4: Create three Roles named: DevOps-User, Test-User and Admin.

Step 1:- First we need to click on Roles -> Create roles

Step 2:- Now we need to select AWS Service -> EC2 -> click on Next

and then we need to select "AmazoneEC2FullAccess" click on Next

Step 3:- Now we need to create 3 roles DevOps-User, Test-User and Admin

Step 4:- Now we can create a role and assign a respective role based upon the requirements

Devops#devops,#90daysofDevOps

Thank you for reading!! I hope you find this article helpful!!

if any queries or corrections to be done to this blog please let me know.

Happy Learning!!

Saikat Mukherjee

Did you find this article valuable?

Support Saikat Mukherjee's blog by becoming a sponsor. Any amount is appreciated!

Devops#90daysofdevopsDevops articles