Trushid's blog

🚀Day 39 AWS and IAM Basicsâ˜đŸ’„

Trushid Hatmode's photo
Trushid Hatmode
·

4 min read

🚀Day 39 AWS and IAM Basicsâ˜đŸ’„

Table of contents

By this time you have created multiple EC2 instances, and post installation manually installed applications like Jenkins, docker etc. Now let’s switch to little automation part. Sounds interesting??đŸ€Ż

AWS:

Amazon Web Services is one of the most popular Cloud Provider that has free tier too for students and Cloud enthutiasts for their Handson while learning (Create your free account today to explore more on it).

User Data in AWS:

  • When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives.

  • You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).

  • This will save time and manual effort every-time you launch an instance and want to install any application on it like apache, docker, Jenkins etc

IAM:

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

Task1:

  • Launch EC2 instance with already installed Jenkins on it. Once server shows up in console, hit the IP address in browser and you Jenkins page should be visible.
  1. Click on the “Launch Instance” button to start the process of launching a new EC2 instance.

2.Select an instance type, configure your instance details (such as the number of instances, network settings, and storage)

3. In the user data field, enter the following script to install Jenkins

#! /bin/bash
sudo apt-get update
sudo apt install docker.io -y
sudo apt install openjdk-11-jre -y
curl -fsSL https://pkg.jenkins.io/debian/jenkins.io.key | sudo tee \   /usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \   https://pkg.jenkins.io/debian binary/ | sudo tee \   /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins -y
sudo systemctl enable jenkins
sudo systemctl start jenkins
sudo systemctl status jenkin

4.Click on launch instance button

5.Create a security group that allows inbound traffic on port 8080 for Jenkins.

  • Take screenshot of User_data and Jenkins page, this will verify the task completion.

6. Enter Publicip:8080 on browser to see successful installation of jenkins

Task2:

  • Read more on IAM Roles and explain the IAM Users, Groups and Roles in your own terms.

IAM (Identity and Access Management) is a service offered by AWS (Amazon Web Services) that enables you to manage access to AWS services and resources securely. IAM users, groups, and roles are three key components of IAM that work together to provide fine-grained control over who can access what resources in your AWS account.

IAM users are entities within your AWS account that can be used to interact with AWS services and resources. Each user is identified by a unique username and has its own set of security credentials, such as an access key ID and secret access key, which are used to authenticate and authorize API requests to AWS services.

IAM groups are collections of IAM users that you can manage as a single unit. You can assign permissions to a group, and all users in that group inherit those permissions. This makes it easier to manage access for multiple users with similar permissions.

IAM roles are similar to IAM users, but they are not associated with a specific user or group. Instead, roles define a set of permissions and trust relationships that can be assumed by a trusted entity, such as an AWS service or an external identity provider. Roles are often used to grant temporary access to resources for a specific task or service.

  • Create three Roles named: DevOps-User, Test-User and Admin.
  1. Log in to the AWS Management Console and navigate to the IAM dashboard.

Click on “Roles” in the left-hand menu and then click on the “Create role” button.

2. To create a role for an EC2 instance, choose “AWS service” and then “EC2”.

3. Choose the policy that defines the permissions for the role. For the DevOps-User role, choose the “AmazonEC2FullAccess” policy. Enter a name for the role and click “Create role”.

4.For the Test-User role, choose the “AmazonEC2ReadOnlyAccess” policy.

5.For the Admin role, choose the “AdministratorAccess” policy.

6.Once the roles are created, you can assign them to individual IAM users or groups as needed, and control their access to AWS resources.

I'm confident that this article will prove to be valuable, helping you discover new insights and learn something enriching .

thank you : )

#90daysofdevops#TWSAWSDevopsDevops articlesLinux
Â