Getting Started with AWS Basics☁

Getting Started with AWS Basics☁

Day 38 of 90daysofdevops

What is AWS?

  • AWS stands for Amazon Web Services. It is a comprehensive cloud computing platform provided by Amazon.com. AWS offers a wide range of cloud services, including computing power, storage, database management, content delivery, machine learning, artificial intelligence, Internet of Things (IoT), analytics, and more.

  • AWS provides a highly scalable and flexible infrastructure that enables users to build and deploy various types of applications and services. It offers a pay-as-you-go pricing model, allowing users to pay only for the resources they consume, which makes it cost-effective and suitable for businesses of all sizes.

  • With its global network of data centers, AWS enables users to deploy applications in multiple regions worldwide, providing high availability and low latency. It also provides a robust set of security features to protect data and resources.



AWS Services Used By DevOps Engineers

1️⃣ Compute

EC2

  • Elastic Compute Cloud (EC2) provides resizable computing capacity in the cloud. It allows users to easily launch virtual servers, called instances, and configure them with various operating systems and applications.

ECS

  • Elastic Container Service (ECS) is a scalable container orchestration service. It simplifies the management and deployment of containers by allowing users to run and scale Docker containers on a cluster of EC2 instances.

Lambda

  • AWS Lambda is a serverless computing service. It allows users to run code without provisioning or managing servers. Lambda executes code in response to events and automatically scales to handle incoming requests.

Fargate

  • AWS Fargate is a serverless computing engine for containers. It allows users to run containers without managing the underlying infrastructure.

  • Fargate abstracts away the need to provision and manage servers, enabling developers to focus solely on deploying and scaling their containerized applications efficiently and securely.

EKS

  • Amazon Elastic Kubernetes Service (EKS) is a fully managed Kubernetes service. It simplifies the deployment, management, and scaling of containerized applications using Kubernetes.

  • EKS eliminates the need to install, operate, and maintain the Kubernetes control plane.

2️⃣ Storage

S3

  • Amazon Simple Storage Service (S3) is a scalable cloud storage service. It offers durable and highly available object storage for various data types, such as files, images, and videos.

  • S3 provides secure and reliable storage with features like versioning, data encryption, and access control, making it ideal for storing and retrieving data at any scale.

RDS

  • Amazon Relational Database Service (RDS) is a managed database service. It simplifies the setup, operation, and scaling of relational databases such as MySQL, PostgreSQL, Oracle, and SQL Server.

  • RDS handles time-consuming administrative tasks, such as patching, backups, and automatic software updates, allowing users to focus on their application development.

Dynamo DB

  • Amazon DynamoDB is a fully managed NoSQL database service. It offers fast and flexible document and key-value storage, designed for applications that require low latency and scalability.

  • DynamoDB automatically scales throughput capacity based on demand and provides features like encryption, backup, and in-memory caching for reliable and performant data storage and retrieval.

Document DB

  • Amazon DocumentDB is a fully managed NoSQL document database service. It is compatible with MongoDB, allowing users to run their existing MongoDB workloads without requiring code changes.

  • DocumentDB offers high scalability, availability, and durability, making it suitable for storing, querying, and indexing JSON-like documents at scale.

ElastiCache

  • Amazon ElastiCache is a fully managed in-memory data caching service. It supports popular open-source caching engines like Redis and Memcached.

  • ElastiCache improves application performance by storing frequently accessed data in memory, reducing the need to fetch data from the database. It offers high availability, scalability, and automated management of the caching infrastructure.

EBS

  • Amazon Elastic Block Store (EBS) is a scalable block storage service. It offers persistent storage volumes that can be attached to Amazon EC2 instances.

  • EBS volumes provide durable, low-latency storage for applications and support features like encryption, snapshots, and high availability. They can be easily provisioned, attached, and detached as needed.

EFS

  • Amazon Elastic File System (EFS) is a scalable and fully managed file storage service. It offers a simple and scalable file system that can be shared across multiple EC2 instances.

  • EFS provides high performance, durability, and security for file-based workloads, making it suitable for a wide range of applications and use cases.

3️⃣ Networking

VPC

  • Amazon Virtual Private Cloud (VPC) is a virtual network service. It enables users to create their own isolated virtual network within the AWS cloud.

  • VPC allows users to define their own IP address range, subnets, and route tables, providing control over network configuration and security. It allows seamless integration with other AWS services and on-premises resources.

Security Group

  • A Security Group is a virtual firewall that controls inbound and outbound traffic for an EC2 instance or a group of instances.

  • It acts as a rule-based filter, specifying allowed protocols, ports, and IP ranges. Security Groups provide granular control over network access, enhancing the security of AWS resources.

Elastic IP

  • An Elastic IP address (EIP) is a static public IPv4 address provided by AWS. It can be associated with an EC2 instance or a network interface, providing a persistent IP address that remains unchanged even if the instance is stopped or restarted.

  • EIPs are useful for scenarios where the IP address needs to remain consistent, such as hosting websites or applications.

Route 53

  • Route 53 is a scalable and highly available domain name system (DNS) web service. It helps users route traffic to various AWS resources, such as EC2 instances, load balancers, and S3 buckets.

  • Route 53 provides domain registration, DNS management, health checks, and traffic routing policies, ensuring reliable and efficient domain name resolution.

Cloud Front

  • CloudFront is a content delivery network (CDN) service provided by Amazon Web Services (AWS). It accelerates the delivery of static and dynamic web content, including images, videos, and applications, to users worldwide.

  • CloudFront caches content at edge locations globally, reducing latency and improving performance. It integrates with other AWS services and provides advanced features like SSL/TLS encryption, DDoS protection, and real-time logs.

4️⃣ Security

IAM

  • AWS Identity and Access Management (IAM) is a web service provided by Amazon Web Services (AWS) for managing user access and permissions to AWS resources.

  • IAM enables administrators to create and manage users, groups, and roles, allowing fine-grained control over resource permissions. It enhances security by providing centralized authentication and authorization for AWS services.

KMS

  • AWS Key Management Service (KMS) is a managed service provided by Amazon Web Services (AWS) for creating and controlling encryption keys.

  • KMS helps users securely manage the encryption of data within AWS services and applications. It allows users to create and rotate encryption keys, integrate with other AWS services, and audit key usage for compliance purposes.

Secret Manager

  • AWS Secrets Manager is a fully managed service provided by Amazon Web Services (AWS) for securely storing and managing secrets, such as database credentials, API keys, and passwords.

  • Secrets Manager enables easy retrieval and rotation of secrets, integrates with other AWS services, and provides audit capabilities. It helps enhance security and simplify secret management for applications and services.

5️⃣ DevOps on AWS

Code Build → Docker

  • AWS CodeBuild is a fully managed continuous integration and continuous delivery (CI/CD) service provided by Amazon Web Services (AWS). It compiles source code, runs tests, and produces software packages that are ready for deployment.

  • CodeBuild integrates with other AWS services and supports various programming languages and build environments, providing scalable and reliable build processes for software development workflows.

Code Pipeline → Jenkins

  • AWS CodePipeline is a fully managed continuous integration and continuous delivery (CI/CD) service provided by Amazon Web Services (AWS). It automates the release process for applications and enables organizations to build, test, and deploy their code seamlessly.

  • CodePipeline integrates with various AWS services and supports third-party tools, providing a flexible and scalable CI/CD workflow for efficient software delivery.

Code Commit → GitHub

  • AWS CodeCommit is a fully managed source code version control service provided by Amazon Web Services (AWS). It offers secure and scalable Git-based repositories for storing and managing code.

  • CodeCommit provides collaboration features, and branch management, and integrates with other AWS services, facilitating seamless code versioning and collaboration for software development teams.

Code Deploy → CD (Continuous Deployment / Delivery)

  • AWS CodeDeploy is a fully managed deployment service provided by Amazon Web Services (AWS). It automates the process of deploying applications to EC2 instances, Lambda functions, and on-premises servers.

  • CodeDeploy allows for easy and flexible deployment configurations, rollback options, and integration with various deployment strategies, enabling efficient and reliable application deployments at scale.

6️⃣ Logging & Monitoring

Cloud Watch

  • Amazon CloudWatch is a monitoring and observability service provided by Amazon Web Services (AWS). It collects and tracks metrics, logs, and events from AWS resources and applications.

  • CloudWatch provides real-time insights into the performance and health of resources, enabling users to monitor and troubleshoot their infrastructure, optimize performance, and set up automated actions based on predefined thresholds.

Open Search → Kibana

  • Amazon OpenSearch Service is a scalable and managed open-source search and analytics engine provided by Amazon Web Services (AWS). It is based on the Elasticsearch and Kibana open-source projects and offers features such as real-time search, analytics, and visualization of data.

  • OpenSearch Service simplifies the deployment and management of the search engine, making it easier to build applications that require powerful search capabilities.

Cloud Trail

  • AWS CloudTrail is a service provided by Amazon Web Services (AWS) for logging and monitoring API activity within the AWS environment. It captures and records API calls made to various AWS services, providing a comprehensive audit trail of actions, changes, and events.

  • CloudTrail assists in compliance, security analysis, and troubleshooting by offering detailed insights into user and resource activity.



Define IAM :

  • IAM stands for Identity and Access Management. It is a framework and set of tools provided by Amazon Web Services (AWS) to manage user identities and control access to AWS resources.

  • IAM allows you to create and manage user accounts, groups, and roles, and define the permissions and policies that govern their access to AWS services and resources.

  • With IAM, you can create individual user accounts for people or applications, assign them unique credentials (such as usernames and passwords), and manage their permissions.

  • IAM provides a central control point for managing access to AWS resources, allowing you to grant or revoke access based on the principle of least privilege.


Task1:

Create an IAM user with the username of your own wish and grant EC2 Access. Launch your Linux instance through the IAM user that you created now and install Jenkins and docker on your machine via a single Shell Script.

  1. Login into AWS Management Console and navigate to IAM Service.

    Make sure you have MFA enabled.

  2. Now click on "User" from the left tab and click on "Add User" which is at the right corner of the page.

  3. Enter the User name as per your choice.

    ✅ Provide user access to the AWS Management Console

    You can choose an autogenerated password or a custom password for that user.

  4. Now we have to Set Permission by attaching policies directly.

  5. Search for "AmazonEC2FullAccess" and select the policy.

  6. Review the user's details and permissions, and then click "Create user".

  7. Note down the Access key ID and Secret access key for the user as you will need it later.

  8. Log in to the AWS Management Console using IAM user by providing your Account ID and navigate to the EC2 service.

  9. Create a new EC2 instance using AMI and launch the instance.

    For this task, I'm using Ubuntu AMI.

  10. Now SSH the EC2 AMI instance and create a shell script.

  11. Write Jenkins docker installation script.

    vim jenkins-docker-install.sh

    #!/bin/bash
    sudo apt update
    sudo apt install openjdk-11-jre -y
    
    curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
      /usr/share/keyrings/jenkins-keyring.asc > /dev/null
    echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
      https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
      /etc/apt/sources.list.d/jenkins.list > /dev/null
    sudo apt-get update
    sudo apt-get install jenkins -y
    
    sudo systemctl enable jenkins
    sudo systemctl start jenkins
    
    sudo apt-get update
    sudo apt-get install docker.io -y
    sudo systemctl start docker
    

    Now change the permission of the current User to execute

    Now execute the script

    ./jenkins-docker-install.sh
    
  12. Finally, the installation was successful.

  13. Open the 8080 in the inbound rule.

  14. We will get Jenkins

Task2:

In this task, you need to prepare a DevOps team of Avengers. Create 3 IAM users of Avengers and assign them to DevOps groups with IAM policy.

  1. Create 3 IAM users of Avengers

  2. Now click on the "Groups" tab on the left sidebar and then click on the "Create New Group" button.

  3. Choose a name for your DevOps group, such as "Avengers".

  4. Now On the "Attach Policy" page, search for and select the policies you want to assign to the group.

    For a DevOps group, we are including policies such as "AmazonEC2FullAccess", "AmazonECS_FullAccess", "AmazonS3FullAccess", "IAMUserChangePassowrd"

    Now create a group.

  5. Now on the user's tab create 3 users of Avengers, while creating choose User Group.

  6. In the User Group, we can verify that all 3 users are attached to the "Avengers" group.


Thank You,

I want to express my deepest gratitude to each and every one of you who has taken the time to read, engage, and support my journey.

Feel free to reach out to me if any corrections or add-ons are required on blogs. Your feedback is always welcome & appreciated.

~ Abhisek Moharana 🙂