Getting Started with AWS Basics☁

Getting Started with AWS Basics☁

Day 38

Table of contents

AWS

  • AWS, or Amazon Web Services, is a comprehensive and widely used cloud computing platform provided by Amazon.com. It offers a broad range of cloud services that include computing power, storage, databases, networking, and more. AWS allows individuals, businesses, and organizations to access computing resources on-demand, paying only for what they use, without the need to invest in costly infrastructure upfront.

  • Here are some key aspects and services offered by AWS:

    1. Compute Services:

      • Amazon Elastic Compute Cloud (EC2): Virtual servers in the cloud for compute capacity.

      • AWS Lambda: Run code without provisioning or managing servers (serverless compute).

      • AWS Batch: Fully managed batch processing at any scale.

    2. Storage Services:

      • Amazon Simple Storage Service (S3): Object storage for storing and retrieving data.

      • Amazon Elastic Block Store (EBS): Block-level storage volumes for EC2 instances.

      • Amazon Glacier: Low-cost, long-term archival storage for infrequently accessed data.

    3. Database Services:

      • Amazon Relational Database Service (RDS): Managed relational databases like MySQL, PostgreSQL, and others.

      • Amazon DynamoDB: Fully managed NoSQL database service.

      • Amazon Aurora: High-performance, MySQL- and PostgreSQL-compatible relational database.

    4. Networking Services:

      • Amazon Virtual Private Cloud (VPC): Isolated virtual networks in the AWS cloud.

      • AWS Direct Connect: Establish a dedicated network connection between on-premises and AWS.

      • Amazon Route 53: Scalable domain name system (DNS) web service.

    5. Analytics and Big Data Services:

      • Amazon Redshift: Fast, fully managed data warehousing service.

      • Amazon Athena: Interactive query service to analyze data in S3 using SQL.

      • Amazon Kinesis: Real-time data streaming and analytics.

    6. Management and Governance Services:

      • AWS Identity and Access Management (IAM): Manage user access and permissions.

      • AWS CloudFormation: Infrastructure as Code (IaC) for provisioning and managing AWS resources.

      • AWS Config: Track resource inventory, configuration changes, and compliance.

    7. Security Services:

      • AWS Identity and Access Management (IAM): Manage user access and permissions.

      • AWS Key Management Service (KMS): Managed service for creating and controlling encryption keys.

      • AWS Shield: DDoS protection for applications running on AWS.

    8. Developer Tools:

      • AWS CodeCommit: Git-based version control service.

      • AWS CodeBuild: Fully managed build service.

      • AWS CodeDeploy: Automated application deployments.

IAM:

  • IAM, or AWS Identity and Access Management, is a service provided by AWS that enables you to manage user access and permissions for your AWS resources. IAM allows you to securely control who can access your AWS resources and what actions they can perform.

    Here are some key aspects and features of IAM:

    1. Users and Groups: IAM allows you to create individual IAM users for each person who needs access to your AWS account. You can also group users to efficiently manage permissions for multiple users with similar access needs.

    2. Roles: IAM roles are used to grant permissions to entities within or outside your AWS account. Roles are typically assigned to AWS services, allowing them to access resources on your behalf. Roles can also be assumed by IAM users or federated users.

    3. Permissions: IAM uses a policy-based approach to grant permissions. You can define policies that specify what actions are allowed or denied on specific AWS resources. Policies can be attached to users, groups, and roles.

    4. Access Keys: IAM users can generate access keys, consisting of an access key ID and secret access key, which can be used to authenticate API requests made to AWS services.

    5. Multi-factor Authentication (MFA): IAM supports the use of MFA devices, such as virtual MFA devices or hardware tokens, to add an extra layer of security to user sign-ins and API requests.

    6. Identity Federation: IAM allows you to grant temporary access to AWS resources to users authenticated through external identity providers (IdPs), such as Active Directory, using standards like Security Assertion Markup Language (SAML) 2.0 or OpenID Connect.

    7. Integration with Other AWS Services: IAM integrates with various AWS services, enabling fine-grained access control. For example, you can define IAM roles for EC2 instances, Lambda functions, or other services to access AWS resources securely.

    8. Audit and Monitoring: IAM provides logging of API activity through AWS CloudTrail, which captures detailed information about the actions performed by IAM users and roles.

IAM is a fundamental component of AWS security and access management. It allows you to implement the principle of least privilege by granting users and services only the necessary permissions, helping to ensure the security and integrity of your AWS resources.

Let's Do some task base on Aws Ec2 and IAM services.

Task1

Create an IAM user with the username of your own wish and grant EC2 Access. Launch your Linux instance through the IAM user that you created now and install Jenkins and docker on your machine via single Shell Script.

  1. Creating an IAM User:

    • Sign in to the AWS Management Console as a root user and type “IAM” in the search box. Go to the IAM service.

    • Click on "Users" in the left menu, and Click "Add users" Create a new IAM user with a username of your choice

    • Assign the necessary permissions to the user. In this case, you would need to grant the user permission to access AmazonEC2FullAccess.

    • Click "Next" until you reach the end, and then click "Create user".

    • Take note of the username and password, as you will need these to authenticate your IAM user when launching instances.

  2. Launching an EC2 Instance:

    • Sign in to the AWS Management Console, Using the IAM Account ID, Username, and Password.

    • Navigate to the EC2 service, and click on "Launch instance".

    • Launch a new EC2 instance, selecting the desired configuration (e.g., instance type, Amazon Machine Image, network settings). and click on Lunch Instance.

  3. Installing Jenkins and Docker:

    • Once you have SSH access to your Linux instance, you can connect to it using an SSH client like PuTTY (for Windows) or the Terminal (for macOS/Linux).

    • Run the necessary commands to install Jenkins and Docker. Here's a shell script saved has Installation.sh give Execution permission using chmod and run the script using ./Installation.sh

    #!/bin/bash

    #Installation of Java
    sudo apt update -y
    sudo apt install openjdk-11-jre -y

    # Install Jenkins
    curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
      /usr/share/keyrings/jenkins-keyring.asc > /dev/null
    echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
      https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
      /etc/apt/sources.list.d/jenkins.list > /dev/null
    sudo apt-get update -y
    sudo apt-get install jenkins -y

    # Install Docker
    sudo apt-get install docker.io -y
    sudo usermod -aG docker $USER

    # (Optional) Add Jenkins user to the docker group
    sudo usermod -aG docker jenkins

    # Restart server
    sudo restart

Verify docker and Jenkins.

Please note that the above script assumes you use a Debian-based Linux distribution. Adjust the commands accordingly if you are using a different distribution.

Task2

In this task, you need to prepare a DevOps team of Avengers. Create 3 IAM users of Avengers and assign them to devops groups with IAM policy.

  1. Create IAM Users:

    • Within the IAM service, navigate to the "Users" section.

    • Create three IAM users with names corresponding to the Avengers: tonystark, brucebanner, and thorodinson.

  2. Assign Users to Groups:

    • In the IAM service, go to the "Groups" section, and select Create Group.

    • Edit the avengers-devops group and add all three users (tonystark, brucebanner, and thorodinson).

    • In the "Attach Policy" step, search for and select the "AmazonEC2FullAccess", "AmazonS3FullAccess", and "AmazonRDSFullAccess" policies. and click on create group.

    • All the created users will be visible and You can add more users by clicking "Add users".

Thankyou❤