Introduction
In this blog, we delve deep into AWS's critical security service, IAM (Identity and Access Management), ensuring a thorough understanding of how to manage user identities and permissions within your AWS environment.
What is AWS ??
AWS stands for Amazon Web Services, it needs no formal introduction, given its immense popularity. The leading cloud provider in the marketplace is Amazon Web Services. It provides over 200+ AWS services to the developers so they can access them from anywhere at the time of need.
AWS enables businesses and individuals to access and utilize computing resources on-demand, without the need to invest in and maintain physical servers and infrastructure. This provides flexibility, scalability, and cost-effectiveness for organizations of all sizes.
To set up AWS, follow the step-by-step guide provided in this blog: AWS EC2 Basics & Account Setup
There are many of the services in the AWS some are given below:
Compute:
Amazon EC2 (Elastic Compute Cloud)
AWS Lambda
Amazon ECS (Elastic Container Service)
AWS Elastic Beanstalk
Storage:
Amazon S3 (Simple Storage Service)
Amazon EBS (Elastic Block Store)
Amazon Glacier
Amazon EFS (Elastic File System)
Networking:
Amazon VPC (Virtual Private Cloud)
AWS Direct Connect
Amazon Route 53
AWS CloudFront
Security:
AWS IAM (Identity and Access Management)
AWS Cognito
AWS WAF (Web Application Firewall)
AWS Key Management Service (KMS)
AWS Secret Manager
DevOps:
AWS CodePipeline
AWS CodeBuild
AWS CodeDeploy
AWS CodeCommit
Monitoring:
Amazon CloudWatch
AWS CloudTrail
Infrastructure as Code (IAC):
AWS CloudFormation
AWS System Manager
Benefit of AWS
Here are the shortened benefits of using Amazon Web Services (AWS):
Scalability
Cost-Effectiveness
Flexibility
Global Reach
Security and Compliance
Reliability and Availability
Innovation
Elasticity
Managed Services
Community Support
What is IAM ??
IAM stands for Identity and Access Management. It is a fundamental service provided by Amazon Web Services (AWS) that allows you to control access to your AWS resources securely.
With IAM, you can create and manage users, groups, and roles to grant or deny permissions to access specific AWS resources. This ensures that only authorized individuals or systems can interact with your AWS environment.
Get to know IAM more deeply go through this video
Tasks:)
Task1:
Create an IAM user with the username of your own wish and grant EC2 Access. Launch your Linux instance through the IAM user that you created now and install Jenkins and docker on your machine via single Shell Script.
Create IAM User:
Log in to the AWS Management Console (root user)
navigate to IAM, click "Users", then "Add user or Create user."
Provide a username, select "Programmatic access",Then click "Next" to proceed. Attach "AmazonEC2FullAccess" policy, review, and create.
Save the username
generated access keys, and note the Account ID for login credentials.
Launch EC2 Instance:
Log in to the AWS Management Console with the IAM user credentials you just created
For step-by-step guidance on creating an instance, check out this blog:
Create Shell Script:
Create a script to install Jenkins and Docker.
#!/bin/bash #installing java sudo apt update java -version sudo apt install default-jre javac -version #installing jenkins curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \ /usr/share/keyrings/jenkins-keyring.asc > /dev/null echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \ https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ /etc/apt/sources.list.d/jenkins.list > /dev/null sudo apt update sudo apt install jenkins sudo systemctl start jenkins.service sudo systemctl status jenkins #installing docker sudo apt-get update sudo apt-get install docker.io -y sudo systemctl start docker sudo systemctl status docker
Execute Script:
After creating the
docker_jenkins_install.sh
script, you can run it on your EC2 instance to install Jenkins and Docker.Make the script executable:
chmod +x docker_jenkins_install.sh
Run the script with superuser privileges:
sudo ./docker_jenkins_install.sh
confirmation
java -version docker --version jenkins --version
Task2:
In this task, you need to prepare a DevOps team of avengers. Create 3 IAM users of avengers and assign them in devops groups with IAM policy.
Log in to the AWS Management Console with the IAM user credentials you just created.
For step-by-step guidance on creating an instance, check out this blog: [Link to the Blog].
Task2: In this task, you need to prepare a DevOps team of avengers. Create 3 IAM users of avengers and assign them in devops groups with IAM policy.
ChatGPT
Certainly! Here's a step-by-step guide to accomplish Task 2:
Task 2: Prepare DevOps Team of Avengers
Create IAM Users:
Log in to your AWS Management Console.
Go to IAM and click on "Users".
Click "Add user" and create three users: IronMan, Thor, and Hulk.
Create DevOps Group:
In IAM, click on "Groups" and then "Create group".
Name the group "DevOpsAvengers" and click "Next Step".
Attach Policies to DevOps Group:
- In the list of policies, attach the policies relevant to DevOps tasks (e.g., AmazonEC2FullAccess, AmazonS3FullAccess, AWSCodeCommitFullAccess, etc.).
Add Users to DevOps Group:
- Still in the "DevOpsAvengers" group, click on the "Add users to group" button and select IronMan, Thor, and Hulk.
Create IAM Policy (Optional):
- If there are specific permissions not covered by existing policies, you can create a custom policy and attach it to the DevOpsAvengers group.
Verify Access:
- Log in as each of the Avengers (IronMan, Thor, Hulk) with their respective IAM user credentials and confirm they have the necessary permissions for DevOps tasks.
Conclusion
This blog post provides a comprehensive overview of AWS IAM, including its features, benefits, and how to use it to manage user identities and permissions within your AWS environment. The post also includes two tasks: (1) create an IAM user with EC2 access and launch a Linux instance, and (2) create a DevOps team of Avengers by creating three IAM users and assigning them to a DevOps group with IAM policy.
Thank you for diving into this blog with me! I trust you found the information both helpful and enlightening. To stay updated on the latest in DevOps 🚀, make sure to follow me. Remember, staying informed means staying ahead in the dynamic world of DevOps!
Feel free to connect with me on LinkedIn for more updates and discussions on DevOps and Kubernetes! 🚀
Happy Learning! Keep pushing those boundaries! 😊