Abhisek's blog
AWS IAM Basics☁

AWS IAM Basics☁

Day 39 of 90daysofdevops

Abhisek Moharana's photo
Abhisek Moharana
·

4 min read

Table of contents

Define AWS:

AWS provides a highly scalable and flexible infrastructure that enables users to build and deploy various types of applications and services. It offers a pay-as-you-go pricing model, allowing users to pay only for the resources they consume, which makes it cost-effective and suitable for businesses of all sizes.

User Data in AWS:

  • When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives.

  • You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).

  • This will save time and manual effort every time you launch an instance and want to install any application on it like Apache, docker, Jenkins etc

What is IAM:

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

Key features and concepts of IAM include:

  1. Users: IAM allows you to create individual user accounts for people or applications that need access to AWS resources.

  2. Groups: Users can be organized into groups, which simplifies the management of permissions by applying policies to groups instead of individual users.

  3. Roles: IAM roles are similar to users but are meant for entities outside of your AWS account. Roles can be assumed by AWS services, applications, or federated users from other identity providers.

  4. Policies: IAM policies define the permissions and access control rules. They can be attached to users, groups, or roles and specify what actions are allowed or denied on which resources.

  5. Access Keys: IAM allows users to generate access keys (access key ID and secret access key) to programmatically access AWS resources using AWS SDKs or the AWS Command Line Interface (CLI).

  6. Multi-Factor Authentication (MFA): IAM supports the use of MFA devices to add an extra layer of security to user accounts.

Task1: Install Jenkins using User Data in Linux Server

  1. Lunch the EC2 instance with already installed Jenkins on it. Once the server shows up in the console, hit the IP address in the browser and your Jenkins page should be visible.

  2. Take a screenshot of the Userdata and Jenkins page, this will verify the task completion.

  1. Navigate to the AWS console and launch a new instance.

  2. Select the instance t2.micro and key-pair for login.

  3. Select the advanced settings on the instance creation page.

  4. Navigate to the User-data section and write a shell script to install Jeknins on the server and Launch Instance.

     #!/bin/bash
 sudo apt update
 sudo apt install openjdk-11-jre -y

 curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
   /usr/share/keyrings/jenkins-keyring.asc > /dev/null
 echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
   https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
   /etc/apt/sources.list.d/jenkins.list > /dev/null
 sudo apt-get update
 sudo apt-get install jenkins -y

  sudo systemctl enable jenkins
  sudo systemctl start jenkins

  5. We can see the server is up and running and with User Data, the Jenkins is also installed in the background.

  6. Include port 8080 which is the Jenkins default port in the security group of the server to expose the Jenkins.

  7. Now access the Jenkins using public IP using the port 8080

Task 2: Create three Roles named: DevOps-User, Test-User and Admin.

Read more on IAM Roles and explain the IAM Users, Groups and Roles in your terms.

  1. Navigate to the IAM console in AWS and go to roles.

  2. Select the entity type as "AWS Service" and Common Use case should be "EC2" option on the page:

  3. Provide specific permission as needed for the roles you are creating. For this role only providing "AmazoneEC2FullAccess".

  4. Create a new role for DevOps User

    Create a new Role for Test-User

    Create a new Role for Admin

  5. Now we can create users and assign roles as per the requirement with privileges using Permission Policy.

Thank You,

I want to express my deepest gratitude to each and every one of you who has taken the time to read, engage, and support my journey.

Feel free to reach out to me if any corrections or add-ons are required on blogs. Your feedback is always welcome & appreciated.

~ Abhisek Moharana 🙂

2Articles1Week#90daysofdevopsDevopsAWSIAM