Getting Started with AWS Basics explained AWS, its global infrastructure, and the services offered by AWS that are useful for a DevOps engineer. In this blog let's switch to a bit of automation part.
AWS:
Amazon Web Services is one of the most popular Cloud Provider that has free tier too for students and Cloud enthutiasts for their Handson while learning (Create your free account today to explore more on it)
User Data in AWS:
When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives.
You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).
This will save time and manual effort everytime you launch an instance and want to install any application on it like apache, docker, Jenkins etc.
IAM:
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access.
Let's discuss IAM Roles, IAM Users, and Groups.
Task 1: Launching EC2 Instance with Pre-installed Jenkins: Access and Verification
Launch EC2 instance with already installed Jenkins on it. Once server shows up in console, hit the IP address in browser and you Jenkins page should be visible.
Take screenshot of Userdata and Jenkins page, this will verify the task completion.
Log in to your AWS Management Console.
Navigate to the EC2 Dashboard.
Click "Launch Instances" to start the process and choose Ubuntu image.
Configure your instance details. Provide the suitable key pairs and security groups.
Select the advanced settings in the instance creation page.
Navigate to User-data section and write a shell script to install Jenkins on the server.
- Include the port 8080 which is the Jenkins default port in the security group of the server.
Start the EC2 instance and using the public IP access the URL through port 8080.
Task 2: Exploring IAM Roles and Permissions in AWS
IAM Users are individual AWS accounts within your AWS account.
Each IAM user has their own username and password which is used to access AWS services.
You can attach policies to IAM users to control what actions they can perform.
IAM users are the most granular as you can attach specific policies to each individual user.
IAM Groups:
IAM Groups allow you to assign policies to a group of IAM users.
Rather than attaching policies to each individual user, you can attach them to a group and then add users to that group.
This helps manage policies for multiple users in an organized way.
Groups make it easier to manage permissions for many users at once.
IAM Roles:
IAM Roles are similar to groups but are meant to be assigned to AWS resources instead of individual users.
Roles allow you to assign permissions to resources like EC2 instances or Lambda functions, without needing individual credentials.
When a resource assumes a role, it gets temporary security credentials that it can use to make API calls.
This improves security since the temporary credentials are limited in scope and duration.
Roles are useful for granting least privilege access to resources.
Roles > Groups > Users
Roles have the broadest scope of access, while Users have the most granular, specific access.
Creating IAM Roles: DevOps-User, Test-User, and Admin
Log in to your AWS Management Console.
Navigate to the IAM service.
Click on "Roles" in the left navigation pane.
Click "Create role."
Choose the service that will use the role (e.g., EC2, Lambda, etc.).
- Select the appropriate permissions policies for the role. You can choose from existing policies or create a custom policy.
- Enter a name for the role and click “Create role”.
Repeat the above steps for each role you want to create: Test-User and Admin.
Create a “Test-Users” Role.
- Once the roles are created, you can assign them to individual IAM users or groups as needed, and control their access to AWS resources.
It's a new day in learning. In this blog, I have discussed how to automate EC2 instance creation using User Data and more about IAM. If you have any questions or would like to share your experiences, please leave a comment below.