Day 39 AWS and IAM Basics☁

Day 39 AWS and IAM Basics☁

Day39 of 90daysofdevops

AWS:

Amazon Web Services is one of the most popular Cloud Providers that has a free tier too for students and Cloud enthusiasts for their Handson while learning (Create your free account today to explore more on it).

Read from here

User Data in AWS:

  • When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives.

  • You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).

  • This will save time and manual effort every time you launch an instance and want to install any application on it like Apache, docker, Jenkins, etc

Read more here

IAM:

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources. Read from here

Get to know IAM more deeply🏊Click Here!!

Task1:

  • Launch the EC2 instance with already installed Jenkins on it. Once the server shows up in the console, hit the IP address in the browser and your Jenkins page should be visible.

  • Take a screenshot of the Userdata and Jenkins page, this will verify the task completion.

#!/bin/bash

#Install Docker
sudo apt-get update -y
sudo apt-get install docker.io -y
sudo usermod -aG docker $USER

#Install Jenkins
#Jenkins requires Java to run, so first install Java -->
sudo apt-get update -y
sudo apt install openjdk-11-jre -y

#Long-Term Support release of Jenkins---->

curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee /usr/share/keyrings/jenkins-keyring.asc > /dev/null

echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian-stable binary/ | sudo tee /etc/apt/sources.list.d/jenkins.list > /dev/null

sudo apt-get update -y
sudo apt-get install jenkins -y

docker --version
java -version
jenkins --version

Task2:

  • Read more on IAM Roles and explain the IAM Users, Groups, and Roles in your own terms.
  1. IAM Users: IAM users are entities that represent individual people or applications that interact with your AWS resources. When you create an IAM user, you assign them a unique set of credentials (access key ID and secret access key) that they can use to authenticate themselves when making API calls or using the AWS Management Console. IAM users have their own access permissions, which can be customized to grant or restrict access to specific AWS services and resources.

  2. IAM Groups: IAM groups are collections of IAM users. Instead of assigning permissions to each IAM user individually, you can create groups and assign the necessary permissions to the groups. This makes it easier to manage access permissions across multiple users who share similar responsibilities or require the same level of access to resources. By adding or removing users from a group, you can efficiently manage their access permissions. IAM groups do not have their own credentials for authentication; they inherit the permissions assigned to the users within the group.

  3. IAM Roles: IAM roles are similar to IAM users, but they are not associated with a specific person or application. Instead, roles are used by AWS services or applications running on AWS resources to obtain temporary access credentials dynamically. Roles are typically used for granting permissions to AWS services or allowing applications within EC2 instances to access other AWS services securely. By attaching an IAM role to an AWS resource, you define what actions the resource can perform and what AWS resources it can access. Roles have policies attached to them, which define the permissions and access control rules.

  • Create three Roles named: DevOps-User, Test-User, and Admin.

Thank you

~Ritul Gupta