sriparthu
Day 39 AWS and IAM Basics☁

Day 39 AWS and IAM Basics☁

sri parthu's photo
sri parthu
·

4 min read

Table of contents

By this time you have created multiple EC2 instances, and post installation manually installed applications like Jenkins, docker etc. Now let's switch to little automation part. Sounds interesting??🤯

AWS:

  • Amazon Web Services is one of the most popular Cloud Provider that has free tier too for students and Cloud enthutiasts for their Handson while learning (Create your free account today to explore more on it).

User Data in AWS:

  • When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives.

  • You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).

  • This will save time and manual effort everytime you launch an instance and want to install any application on it like apache, docker, Jenkins,etc...

IAM:

  • AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

Task1:

Launch EC2 instance with already installed Jenkins on it. Once server shows up in console, hit the IP address in browser and you Jenkins page should be visible.

1. Launch EC2 Instance with User Data:

  • Go to the EC2 service in the AWS Management Console.

  • Click on Launch Instance and Write a name of your web server Jenkins-installation and Choose an AMI (Amazon Machine Image) that supports the desired operating system and includes Jenkins (e.g., Ubuntu Linux) and allow the security groups and key pair.

  • In the Configure Instance Details step, under Advanced Options, expand User Data and Choose Paste user data and insert the following script:
#!/bin/bash

# Installing Jenkins

sudo apt update
sudo apt install fontconfig openjdk-17-jre -y

sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \
  https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
  /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins -y
  • Leave other settings as default and click Launch.

2. Verify Jenkins Installation:

  • Once the instance is running, select it and go to security and click on security groups in In bound rules click on Edit in bounds rules and Add the rule of jenkins port no: 8080,in source select Any where ipv4,and click on the save rules and find its public IP address in the instance list.

  • Wait for a Minutes and Open a web browser and access http://<public_ip_address>:8080.

  • You should see the Jenkins login page. This confirms successful installation.

Take screenshot of Userdata and Jenkins page, this will verify the task completion.

  • Capture a screenshot of the User Data script.

  • Capture a screenshot of the Jenkins login page.

Task2:

Read more on IAM Roles and explain the IAM Users, Groups and Roles in your own terms.

IAM Users, Groups, and Roles Explained:

  • IAM Users: Individual users who can access AWS resources with specific permissions. Imagine them as individual employees with access cards specific to their department.

  • IAM Groups: Collections of users who share similar permissions. Think of them as departments, where everyone has access relevant to their role.

  • IAM Roles: Temporary security credentials that can be assumed by users, applications, or other AWS services. Imagine them as temporary access cards issued for specific tasks, expiring after use.

Create three Roles named: DevOps-User, Test-User and Admin.

  • Go to the IAM service in the AWS Management Console.

  • Click on Roles in the left sidebar.

  • Click on Create role and Choose AWS service as the use case.

  • Select EC2 under Common use cases.

  • Click Next: Permissions and Search for the policy named AmazonEC2FullAccess and select it.

  • Click Next: Review and write your role name: DevOps-User and then Create role.

  • Repeat the same steps for Test-User, but select the policy named AmazonEC2ReadOnlyAccess instead.

  • Repeat same steps for Admin and select the policy named AdministratorAccess.

  • After creating a roles in IAM looks like this.

Happy Learning

Thanks For Reading! :)

-Sri Parthu💝💥

DevopsAWSIAMLinuxCloudCloud ComputingGitHub