Skip to main content
HashnodeDevOps journey

Command Palette

Search for a command to run...

AWS Day3

AWS-zero-to-hero 7 days Challange

Published
5 min read
AWS Day3
A
Anju

What is S3 Bucket in AWS?

  • Amazon Simple Storage Service (Amazon S3) is a scalable object storage service provided by Amazon Web Services (AWS). It is designed to store and retrieve any amount of data from anywhere on the web.

  • S3 is commonly used for a variety of purposes, such as backup and restore, archiving, content distribution, and hosting static websites.

  • S3 Documentation: Click me

What is IAM in AWS?

  • IAM stands for Identity and Access Management. IAM is a web service that helps you securely control access to AWS resources. It enables you to manage users, groups, and permissions to securely access and use AWS services and resources.

key components of IAM:

  • Users

  • Groups

  • Roles

  • Policies

  • IAM Documentation: Click me

What is AWSCLI?

  • The AWS Command Line Interface (AWS CLI) is a set of open-source command-line tools for interacting with Amazon Web Services (AWS) services. It allows users to control and manage AWS services directly from the command line, rather than using the AWS Management Console.

  • AWSCLI Documentation: Click me

Tasks:

1) Setting Up AWS IAM for a New Team Member

Scenario: Imagine you're working as an IT administrator at GlobalTech Inc., a multinational company with diverse cloud computing needs. The company heavily relies on AWS services for its operations. You have a new colleague, Alex, who recently joined your team. Alex's role involves monitoring the company's computing resources and managing data storage. Your task is to set up Alex's AWS access.

What needs to be done:

  • Configure AWS IAM (Identity and Access Management) to provide Alex with specific access rights. Alex should be able to:

    • View EC2 Instances: Alex needs to monitor the virtual servers running in the AWS cloud but should not be able to modify them.

    • Create S3 Buckets: Alex is responsible for creating new storage spaces for various projects

solution: search IAM in AWS management console

In the left-hand menu, click on "Users".

Add a new user:

Click the "Add user" button, enter Alex’s username (e.g., alex), and click on Next.

Set permissions: Choose "Attach policies directly" to add policies to the user

In this step, we can add both the “AmazonS3FullAccess” and “EC2FastLaunchFullAccess” policies as suggested in the task.

and Click "Next: Tags" (optional: you can add tags if needed).

Thus, we have created a user Alex and attached policies to provide him EC2 and S3 bucket access.

Now we will create an access key to configure AWS CLI

Use Case: Command Line Interface (CLI) > Next

it’s done:)

2) Make a private S3 bucket in AWS and change the policy so you can access its stuff without making it public.

Note: Task1 will help you to understand how we can secure our S3 buckets.

Solution: search S3 Bucket in AWS management console

Amazon S3 > Buckets > Create bucket

Create a new bucket:

  • Click on the "Create bucket" button.

  • Click on General purpose

  • Enter a unique Bucket name (e.g., my-bucket1).

  • Choose an appropriate Region (e.g., Oregon).

  • Click "Next" to proceed through the options

    • In the "Set permissions" step, make sure the "Block all public access" option is enabled. This will ensure the bucket is private by default.

Bucket created successfully.

we can add objects in this bucket

Amazon S3 > Buckets > anju-new-bucket1 > upload

3) Configure AWSCLI on your Ubuntu machine.

To start this task, we will first create an EC2 instance and connect to it.

EC2 > Instances > Launch an instance

we can use AWSCLI Documentation to install AWSCLI: Click me

Note: Make sure unzip is installed on your machine; if not, you can install it with the command below.

sudo apt install unzip

To install the AWS CLI, run the following commands.

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip

Once unzipped, run the install shell script in the AWS folder using the command below.

sudo ./aws/install

To check the version, use the command below.

aws --version

AWSCLI installation is complete :)

Now we will Configure AWS CLI

Obtain AWS credentials:

Run below command to configure AWS

aws configure

we'll need an AWS Access Key ID and Secret Access Key, which we have created in task 1. we can get these from the AWS Management Console under IAM (Identity and Access Management) -> Users -> Your user -> Security credentials.

from here we will get Access Key and secret access key

we can skip region name and output format.

Now that AWS is configured, we can access all S3 buckets because we have given our user Alex full S3 access.

By using the command below, we can access all objects and folders in the bucket named "anju-new-bucket1".

aws s3 ls anju-new-bucket1

4) Create an EC2 instance using AWSCLI.

Note: Task3 will help you to understand AWSCLI more clearly.
Hint:Resource to complete task2: EC2 using AWSCLI

Solution: AWSCLI is already set up to perform this task.

Create Key pair: In this step, we will create a new key pair named "NewKeyPair" for the new instance.

aws ec2 create-key-pair --key-name NewKeyPair

Create Security Group to attach to ec2 instance: In this step, we will create a new security group named "my-sg" for the new instance.

aws ec2 create-security-group --group-name=my-sg --description="MySecurityGroup"

Note: Copy group-id

Add an inbound rule to the security group: for "sg-089100391fb1d65c8," copy this group ID from the last step.

aws ec2 authorize-security-group-ingress --group-id=sg-089100391fb1d65c8 --protocol=tcp --port=443 --cidr=0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-id=sg-089100391fb1d65c8--protocol=tcp --port=22 --cidr=0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-id=sg-089100391fb1d65c8 --protocol=tcp --port=80 --cidr=0.0.0.0/0

Create instance:

aws ec2 run-instances --image-id=ami-05134c8ef96964280 --instance-type=t2.micro --region=us-west-2 --key-name=NewKeyPair --security-groups=my-sg

  • Command: aws ec2 run-instances

  • AMI ID: ami-0fc5d935ebf8bc3bc (defines the software and OS)

we can get AMI ID from EC2 Dashboard on AWS console > images > AMI catalogue

  • Instance Type: t2.micro (specifies compute capacity)

  • Region: us-west-2 (launch location)

  • Key Pair: NewKeyPair (for SSH access)

  • Security Group: my-sg (firewall rules)

Check ec2 dashboard and try to access new instance.

Congratulations 🎉

We have created an ec2 instance using AWSCLI.

#aws-amazonwebservices-ec2-iam-awscli-cloudcomputing-awsmanagementconsole-ami-instancetypes-awsinfrastructure-awscloud-awsinstances-awsconfiguration-cloudsecurity-awsadmin-cloudautomation-awscommands-awssetup-awsbestpractices-cloudtech

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

DevOps journey

34 posts

In this DevOps journey, we’ll explore a range of DevOps tools and related projects.