Hey, Learners! Welcome back. We understood the concept of IAM and how IAM is used to secure our cloud by providing limited access to manage AWS resources as per the requirement. Moving forward with IAM we'll look concept of user data, Roles, Groups, etc. Let's start...
User Data in AWS:-
When you launch an EC2 instance in AWS, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to EC2: Shell Scripts and cloud-init directives.
You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).
This will save time and manual effort every time you launch an instance and want to install any application on it like Nginx, Apache, Docker, Jenkins, etc.
Task 1- Launch the EC2 instance with already installed Jenkins on it.
Go to the EC2 dashboard, select Instances and click Launch Instances.
Enter the name for the EC2 instance select OS image Ubuntu and type t2.micro. Go to Advanced details and select User data.
We can add a script as a file or write a script directly.
sudo apt update
sudo apt install docker docker.io -y
sudo systemctl start docker
sudo apt install openjdk-11-jdk -y
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
/usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins -y
sudo systemctl start jenkins
Launch instance and wait till the instance gets started.
After starting the instance allow port 8080 in SG and access through web.
Task 2-
1- Explain the IAM Users, Groups and Roles in your terms.
IAM Users:- IAM users are individual AWS accounts that you create for the people or applications that require access to your AWS resources. Each user has a unique set of security credentials, including a username and password, access keys, and permissions. You can create, modify and delete users as needed, and grant them specific permissions to access or manage AWS resources.
IAM Groups:- IAM Groups are the collection of IAM users. We can use groups to simplify permissions management, by assigning permissions to groups instead of individual users. The user gets all the group's permissions automatically when added to the group.
IAM Roles:- IAM roles are another way to manage access to AWS resources. Roles are similar to users, but they are not associated with a specific person or account. Instead, roles are assumed by trusted entities, such as EC2 instances, Lambda Functions, or other AWS services. Roles can have permissions policies attached to them which define the specific permissions that the role is allowed to use.
2- Create three Roles named: DevOps-User, Test-User and Admin.
Log in to the AWS console and search for IAM. Select Roles from the IAM dashboard. Select Create role.
Select the appropriate case for the role. Example:- for EC2
Choose Permission policies for roles. You can create custom policies also. Click Next
Enter the name for the role, review the details provided and click on Create role.
Repeat the same procedure for the remaining two Roles.
Note:- Give permissions as per requirement. For Example:- For the Admin role give Administrator access and for the Test role give ReadOnly access.
For Admin
For Test-User
Thank you so much for taking the time to read till the end! Hope you found this blog informative.
Feel free to explore more of my content, and don't hesitate to reach out if need any assistance from me or in case of you have any questions.
Find me on:- Hashnode LinkedIn Github
Happy Learning!