AWS:
Amazon Web Services is one of the most popular Cloud Providers that has a free tier too for students and Cloud enthusiasts for their Hands-on while learning (Create your free account today to explore more on it).
Read from here
IAM:
AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources. Read from here
To get to know IAM more deeply Click Here!!
Why IAM Is Important?
The main use of Iam is to provide security in any organization. Providing an Iam role to any user ensures that they only can have particular permission to access any service. Only Root User (like an admin) can decide this or provide this permission so that no one else cant have any unauthorized access(like deleting any account or misuse of any permission.
So, in short, IAM systems allow companies to assign a single digital identity and set access privileges for each user. That way, only authorized users can handle company resources, and they can only use those resources in ways the company permits.
Whenever you try to log in to your AWS account you can see that there is two option for logging in to the account, as Root User and Iam User. The Root user has the power of doing anything.
Task 1
Create an IAM user with a username of your wish and grant EC2 Access. Launch your Linux instance through the IAM user that you created now and install Jenkins and docker on your machine via single Shell Script.
Step 1:
Log in to the AWS console and navigate to IAM
Under Access Management, click on Users > Add users
Provide the User name (any), and check on Provide user access to the AWS Management Console - optional
Select I want to create an IAM user
Console password Autogenerated and click on Next
Step 2:
Here we need to provide ec2 access policies to this particular user, so click on Attach Policies directly
Set the policy permissions to AmazonEC2FullAccess and click on Next
Step 3:
Review all the details that we provided earlier and click on Create User
By this, you have created a User called TestUser
Note: Do not forget to Download**.csv file ** that contains Username and console password details
Step 4:
Signing out as root user and Login with the TestUser in the AWS console
A Password change prompt will be opened to change the default password.
As we have full EC2 access for this user, Let us go and create an Ec2 Instance
Step 5:
Connect to the Instance and write a shell script to install Jenkins and Docker
$ vi shell.sh
Provide full permissions for shell.sh file
$ sh shell.sh
$ sudo systemctl status jenkins
$ sudo system status docker
Both Jenkins and Docker are installed through a shell script and actively running.
Task 2
In this task, you need to prepare a DevOps team of Avengers. Create 3 IAM users of Avengers and assign them to devops groups with IAM policy.
Step 1:
Sign in as a Root user and create a user group
Navigate to IAM > Access Management > Users Groups > Create Group
Provide the policy permissions to the group, so that when we add any new user to this group he will have access to the policies attached.
A User group named devopsteamofAvengers is created
Step 2:
Create 3 IAM Users
Navigate to IAM > Access Management > Users > Create User
Add the user to the Usergroup and click on create
Likewise, I have created 3 users and added them to DevopsteamofAvengers user group
Task 3:
Launch the EC2 instance with already installed Jenkins on it. Once the server shows up in the console, hit the IP address in the browser and your Jenkins page should be visible.
Take a screenshot of the Userdata and Jenkins page, this will verify the task completion.
AWS user data is the set of commands/data you can provide to an instance at launch time. For example, if you are launching an ec2 instance and want to have docker installed on the newly launched ec2, then you can provide a set of bash commands in the user data field of the aws ec2 config page, Automated deployments.
Step 1:
Signing as an IAM user with a username called Testuser, where we have previously installed Jenkins
Check the instance and connect to it
$ systemctl status jenkins
Enable the Port 8080 for Jenkins in Aws instance security inbound rules
Access Jenkins with EC2instancePublicIP:8080
Step 2:
AWS user data is the set of commands/data you can provide to an instance at launch time. For example, if you are launching an ec2 instance and want to have docker installed on the newly launched ec2, then you can provide a set of bash commands in the user data field of the aws ec2 config page, Automated deployments.
Userdata is something that should be written while creating an Ec2Instance, but here we have already created an instance. So let us check how can we add user data.
Stop the Ec2 instance
Instance state > Stop Instance
Successfully stopped
Actions> instance Settings > Edit user data
Let's write some script in the new user data and save
Now connect the instance Jenkins should be running and Git should be installed
Task 4:
Create three Roles named: DevOps-User, Test-User and Admin.
Step 1:
Log in as Root User and create a DevOps-User
DevOps-User: This role would be suitable for a user who needs to manage AWS resources related to development and operations. To create this role, follow these steps:
Navigate > IAM > Roles > create role
Give it a role name and click on create
Click on create role.
Test-User: This role would be suitable for a user who needs to manage AWS resources related to testing. To create this role, follow these steps:
Admin: This role would be suitable for a user who needs full access to all AWS resources within an account. In policies, you can provide full admin access
All the three roles are created