Day 39: AWS and IAM Basics

Welcome to Day 39 of our AWS journey, where we delve into the fascinating world of Identity and Access Management (IAM) and explore how it can propel your cloud infrastructure to new heights of efficiency and security. By now, you’ve undoubtedly gained valuable experience in setting up EC2 instances and manually installing various applications like Jenkins and Docker. Congratulations on reaching this milestone!

Throughout this article, we’ll guide you through the fundamentals of IAM, exploring essential concepts, best practices, and hands-on examples to illustrate its significance in managing your cloud infrastructure. By the end of this journey, you’ll be equipped with the knowledge to implement IAM in your AWS environment confidently.

What is User Data in AWS?

In AWS, User Data refers to a feature that allows you to run scripts or commands during the bootstrapping process of an EC2 instance. When you launch a new EC2 instance, you have the option to include User Data, which is essentially a script or set of commands that are executed automatically when the instance starts up for the first time.

1. shell scripts and
2. cloud-init directives.

You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls). This will save time and manual effort everytime you launch an instance and want to install any application on it like apache, docker, Jenkins etc

IAM Users

IAM Users are identity within your IAM account. IAM users have specific permission for a single application or person.

When to use IAM User? An IAM user is created if there is any specific use case that requires long-term credentials.

IAM users have their own set of credentials (username and password or access keys) that they use to authenticate themselves when accessing AWS services.

Each user has a unique set of credentials and can have specific permissions assigned to them.

IAM Groups

IAM Groups are a collection of IAM users. You can’t sign in as a Group. IAM Groups are used to specify permissions for multiple users at a time. IAM Groups make it easier to manage permissions for a large set of users.

IAM Roles

IAM Roles are identity within an AWS account that has specific permissions. IAM roles are used to grant permissions to entities or services within AWS, rather than to individual users.

IAM roles are designed to provide temporary security credentials to AWS services, applications, or other entities, enabling them to access AWS resources securely. Roles are typically used for applications running on AWS services, such as EC2 instances, Lambda functions, or ECS tasks.

Tasks -

Task 1) Launch EC2 instance with already installed Jenkins on it. Once server shows up in console, hit the IP address in browser and you Jenkins page should be visible. Take screenshot of Userdata and Jenkins page, this will verify the task completion.

Step 1) Open AWS Console > EC2 > Click on Launch an Instance.

Give details for the creation of new ec2 instance. Now expand the Advanced Details tab.

In the box, enter the script that we need to be executed.

#!/bin/bash
sudo apt-get update -y
sudo apt install openjdk-11-jre -y
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
  /usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
  /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins -y
sudo systemctl enable jenkins
sudo systemctl start jenkins

Make sure you have opened 8080 port in inbound rules to run Jenkins. Now click on Launch Instance.

Now your ec2 instance will be launched.

Here, I have my public address as 52.53.339.132. So, my jenkins will run at http://52.53.339.132:8080.

Let’s connect to our Jenkins Server by visiting the above URL

Yayyy, We can see our Jenkins Server page. Here you’ve installed Jenkins while launching your ec2 instance.

Task 2) Read more on IAM Roles and explain the IAM Users, Groups and Roles in your own terms. Create three Roles named: DevOps-User, Test-User and Admin.

Sure, here’s a concise explanation of IAM Users, Groups, and Roles:

1. IAM Users: Individual identities representing people or applications that need access to AWS resources. They have unique credentials and specific permissions.
2. IAM Groups: Collections of IAM Users with similar responsibilities. Permissions can be assigned to groups, making it easier to manage access for multiple users at once.
3. IAM Roles: Grant temporary permissions to entities like AWS services or external users. Roles are often used for secure access between services or cross-account access. They don’t have permanent credentials, reducing security risks.

Now go to aws dashboard and Open IAM console

From left panel, Open Roles

Click on Create role

Here, I’m selecting EC2 and after clicking Next. I’ve given AmazonEC2FullAccess.

Our “DevOps-User” is created.

Similarly, we will create roles Test-User and Admin.

In Test-User role, I’ve given ReadOnlyAccess and in Admin role I have given FullAdministrativeAccess.

We’ve created 3 roles here. The tasks has been completed.