Getting Started With AWS
☁️ Amazon Web Services (AWS):
AWS, or Amazon Web Services, is a cloud computing platform provided by Amazon. It offers a wide range of services and resources that allow individuals and organizations to build and run applications, store and analyze data, host websites, and much more, all without the need to invest in and maintain physical hardware. Here are some key aspects of AWS:
Global Infrastructure: AWS operates data centers in multiple regions around the world. This global presence enables users to deploy their applications and services closer to their end-users, improving performance and reliability.
Pay-as-You-Go: AWS follows a pay-as-you-go pricing model, which means users are billed only for the resources they use. This flexibility allows cost-effective scaling up or down based on demand.
Services: AWS offers a vast array of services, including but not limited to:
Compute: Services like Amazon EC2 (Elastic Compute Cloud) provide virtual servers for running applications.
Storage: AWS provides scalable storage solutions such as Amazon S3 (Simple Storage Service) for files and Amazon RDS (Relational Database Service) for databases.
Networking: AWS offers tools for managing networks, load balancing, and content delivery.
Machine Learning: AWS has services like Amazon SageMaker for machine learning and artificial intelligence applications.
Security: AWS provides a wide range of security tools and features to protect data and applications.
Some of the practical examples of using AWS are :
Host a Static Website: Use Amazon S3 to host a basic HTML website.
Launch a Virtual Server: Start an EC2 instance, install a web server, and deploy a simple web app.
Set Up a Database: Create a MySQL database using Amazon RDS.
Store Files: Learn Amazon S3 by uploading and accessing files.
Balance Traffic: Use Elastic Load Balancer (ELB) to distribute web traffic across multiple servers.
Automate with Lambda: Create a serverless function to perform tasks triggered by events.
Manage Users: Experiment with IAM to control who can access AWS resources.
Monitor Resources: Set up monitoring and alerts using Amazon CloudWatch.
Secure Network: Build a Virtual Private Cloud (VPC) with security groups.
Basic DevOps: Try AWS CodeCommit, CodeBuild, and CodeDeploy for code management and deployment.
☁️ AWS Identity and Access Management (IAM):
IAM is a service within AWS that allows you to control who can access your AWS resources and what actions they can perform. Here's a closer look at IAM:
User Management: IAM lets you create and manage individual users or groups of users. Each user is assigned unique security credentials (like access keys and passwords) to access AWS services.
Resource Permissions: IAM enables you to define fine-grained permissions for each user or group. You can specify which AWS resources (e.g., EC2 instances, S3 buckets) they can access and what actions (e.g., read, write, delete) they can perform on those resources.
Security Best Practices: IAM helps you adhere to security best practices by implementing the principle of least privilege. This means users are granted only the minimum permissions needed to perform their tasks, reducing the risk of unauthorized access.
Multi-Factor Authentication (MFA): IAM supports MFA, an additional layer of security that requires users to provide two or more verification factors (e.g., a password and a one-time code from a mobile app) to access their AWS accounts.
Integration with AWS Services: IAM integrates seamlessly with various AWS services, allowing you to control access to not only AWS Management Console but also APIs, CLI, and SDKs.
☁️ Hands-On Practice
Certainly! Let's break down the detailed steps for both Task 1 and Task 2:
Task 1: Creating an IAM User and Launching an EC2 Instance
Log into the AWS Management Console:
Go to the AWS Management Console at https://aws.amazon.com/.
Sign in with your AWS account credentials or create a new AWS account if you don't have one.
Access IAM Service:
From the AWS Management Console, navigate to the IAM (Identity and Access Management) service. It's usually located under the "Security, Identity, & Compliance" section.
Create a New IAM User:
Inside the IAM dashboard, select "Users" from the left-hand menu.
Click the "Add user / Create User" button to create a new IAM user.
Enter a username of your choice (e.g., "EC2User") and select the "Provide user access to AWS management console" checkbox , then select "I want to create an IAM user" Check Box.
Set a custom password , and select " user must create a new password at next sign-in " so that the user can set their on password when login .
Attach Permissions:
In the permissions step, choose "Attach policies directly."
Search for and select the "AmazonEC2FullAccess" policy. This policy grants full access to Amazon EC2 resources.
Click "Next" to review, and then click "Create user."
Launch an EC2 Instance:
Now, you'll use the IAM user to launch an EC2 instance .
Log into the AWS Management Console if you're not already logged in.
Now it'll ask you to set a new password
Navigate to the EC2 service.
Launch an EC2 Instance:
Click the "Launch Instance" button to create a new virtual machine.
Follow the EC2 instance creation wizard, selecting the desired instance type and other settings.
Name of the instance:
Os type : here i have selected ubuntu
Select the instance type and create new Key pair : here I have selected t2.micro which is free tier .
A key pair is used for secure authentication and access control to instances (virtual machines) created using Amazon Elastic Compute Cloud (EC2) and for other AWS services. Key pairs consist of two parts: a public key and a private key.
Now click on launch instance and wait for the prompt saying succesfully created.
Connect to EC2 Instance and Install Jenkins and Docker:
Once the EC2 instance is running, you can connect to it via SSH using the private key you specified during instance creation.
Go to SSH client and copy the example and paste it in your terminal
Once logged in, you can run a shell script to install Jenkins and Docker. Now we'll run a bash script to install docker and jenkins .
#!/bin/bash #installing docker sudo apt-get update sudo apt-get install docker.io -y sudo usermod -aG docker $USER sudo systemctl start docker sudo systemctl enable docker #installing java sudo apt update java -version sudo apt-get install -y default-jre javac -version #installing jenkins curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \ /usr/share/keyrings/jenkins-keyring.asc > /dev/null echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \ https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ /etc/apt/sources.list.d/jenkins.list > /dev/null sudo apt update sudo apt-get install -y jenkins sudo systemctl start jenkins.service sudo systemctl enable jenkins
Use any editor such as nano or vim , copy the script and save it as install_docker_jenkins.sh
Give the necessary permissions (execute permission) use
chmod +x
filename to give execute permission. Use ./filename.sh to execute the script.Now check the status of docker and jenkins using command
sudo systemctl status docker sudo systemctl status jenkins
Task 2: Creating IAM Users for a DevOps Team
Log into the AWS Management Console:
- If you're not already logged in, access the AWS Management Console.
Access IAM Service:
- Navigate to the IAM service as explained in Task 1.
Create IAM Users:
Inside the IAM dashboard, select "Users" from the left-hand menu.
Click the "Add user" button to create three IAM users, one for each member of your DevOps team. Provide usernames and select "Provide user access to AWS management console" for each user.
Assign Users to a DevOps Group:
After creating the users, you can group them together. Select "Groups" from the left-hand menu and create a new group (e.g., "Avengers-DevOps").
Add the three IAM users to this group.
Create an IAM Policy:
To define what actions the Avengers-DevOps team members can perform, you'll need to create an IAM policy.
Scroll down and you will find policy.
Use the policy editor to specify the permissions you want. For example, you can grant permissions to access specific EC2 instances, manage S3 buckets, and interact with other AWS services.
Now click on Create Group on bottom right hand side .
Now if you go the user group sectio in IAM , you can see that the group is created.
Now, each user is associated with a specific DevOps group with the necessary IAM policies. You can add more users by clicking “Add users”.
- Now, your Avengers-DevOps team members (the IAM users) are part of thec"Avengers-DevOps Group" and have the permissions defined by the IAM policy you created. This allows them to collaborate on AWS resources while adhering to access control and security best practices.
I hope now you understood how to create and IAM User.
Happy Learning :D