Table of contents
- What is AWS?
- IAM
- Tasks
- Task 1: Create an IAM user with the username of your wish and grant EC2 Access. Launch your Linux instance through the IAM user that you created now and install Jenkins and docker on your machine via a single Shell Script.
- Task 2: Prepare a DevOps team of Avengers. Create 3 IAM users of Avengers and assign them to DevOps groups with the IAM policy.
Until now, I have discussed with all of you Git, Linux, Shell Scripting, Docker, Jenkins, and Kubernetes. It's time to move to the cloud. Let's get started with AWS!
There are many Cloud Service Providers (CSPs) that provide cloud computing services to businesses and individuals. They offer IaaS(Infrastructure as a Service), PaaS(Platform as a Service), and SaaS(Software as a Service).
There are many cloud providers namely AWS(Amazon Web Services), Microsoft Azure, GCP(Google Cloud Platform), IBM Cloud, Oracle Cloud, etc.
Let us explore AWS.
What is AWS?
AWS (Amazon Web Services) is a cloud computing platform offered by Amazon. It provides a wide range of cloud services that help businesses and individuals build and deploy various types of applications and services in a flexible, scalable, and cost-effective manner.
AWS Global Infrastructure
At the moment of writing this blog, The AWS Cloud spans 99 Availability Zones within 31 geographic regions around the world, with announced plans for 15 more Availability Zones and 5 more AWS Regions in Canada, Israel, Malaysia, New Zealand, and Thailand.
Amazon Web Services (AWS) has a global network of 450+ Points of Presence (PoPs), 400+ Edge Locations, and 13 Regional Edge Caches. These PoPs, Edge Locations, and Edge Caches are used to deliver content to end users with lower latency.
Points of Presence (PoPs) are distributed points of presence (PoPs) located in multiple cities around the world that are used to cache and deliver content to users with low latency.
Edge Locations are smaller, more focused deployments of infrastructure that are designed to be closer to end users. Edge Locations can be used to improve the performance of applications by reducing the distance that data has to travel.
Regional Edge Caches are larger, more centralized deployments of infrastructure that are designed to cache content for a specific region. Regional Edge Caches can be used to improve the performance of applications by reducing the load on the origin servers.
What are Regions?
A region is a geographic area that is served by a specific set of AWS infrastructure.
Each region has multiple Availability Zones, which are isolated from each other by distance and independent power and cooling. This helps to ensure that your applications are highly available even if there is a problem with one Availability Zone.
Each region is identified by a two-letter code, such as us-east-1 for the US East (N. Virginia) region.
AWS also offers several Local Zones, which are smaller, more focused deployments of infrastructure that are designed to be closer to end users.
What are Availability Zones?
An Availability Zone is an isolated data center within an AWS region that is designed to provide high availability and fault tolerance for applications and services.
High Availability: High availability refers to the ability of a system or application to remain operational and accessible for an extended period, typically measured in terms of uptime.
Fault Tolerance: Fault tolerance refers to the ability of a system or application to continue functioning properly, or at a degraded level, even in the presence of faults or failures.
In other words, an Availability Zone (AZ) is a distinct location within a region that is isolated from other AZs by distance and independent power and cooling. This helps to ensure that your applications are highly available even if there is a problem with one AZ.
As per the latest update, A region should have a minimum of 3 AZs and a maximum of 6 AZs.
Services in AWS for a DevOps Engineer
As of May 2023, there are over 200 AWS services available. In those 200+ services, a few services that you may use as a DevOps Engineer are:
Compute: EC2, ECS, Lambda, Fargate, EKS.
Storage: S3, RDS, DynamoDB, ElastiCache.
Networking: VPC, Route53, CloudFront.
Security: IAM, KMS, Secrets Manager.
DevOps: CodeBuild, CodePipeline, CodeCommit, CodeDeploy.
Logging & Monitoring: CloudWatch, OpenSearch, CloudTrail.
These are the few services you will have to learn to become a Cloud Admi or a Cloud Engineer.
In the upcoming blogs, I will discuss in depth the above services.
For today, let me discuss the most important service: Security (IAM).
IAM
IAM is the abbreviation of Identity Access Management. It provides centralized control and management of user access to AWS resources.
IAM enables you to securely manage user identities, permissions, and authentication for your AWS environment.
IAM allows you to create and manage AWS user accounts, groups, and roles, and assign permissions to control access to various AWS resources and services.
With IAM, you can define fine-grained access policies that specify which actions users or roles can perform on specific resources.
Let's perform a few tasks so that we can understand what IAM is before completely dwelling on the theory part.
Tasks
Login to your AWS Console as a root user.
Task 1: Create an IAM user with the username of your wish and grant EC2 Access. Launch your Linux instance through the IAM user that you created now and install Jenkins and docker on your machine via a single Shell Script.
Search for IAM in the search bar. The IAM dashboard like the below one appears:
In the left corner, you can see Access Management. Go to Users.
Click on Add Users.
Step 1: Specify user details
Provide the username you want.
Select the checkbox for "Provide user access to the AWS Management Console - optional".
Select "I want to create an IAM user"
Click on Next.
Step 2: Set permissions
Select "Attach policies directly" in the Permission Options.
In the Permission Policies search bar, search for EC2 and select "AmazonEC2FullAccess".
Click on Next.
Step 3: Review and create
Review the details and click on "Create User".
Step 4: Retrieve the password
You can view and download the user's password below or email the user's instructions for signing in to the AWS Management Console. This is the only time you can view and download this password.
Make it a point to download the .csv file, if you are not accessing the AWS through IAM user immediately.
Click on Return to User's list.
Let's log in to AWS as an IAM user. Open in any other browser.
Account ID will be the 12-digit number we had in the console sign-in URL.
Log in using the Account ID.
Now sign in as an IAM user using the username and password that you have downloaded as a .csv file.
You will be asked to reset the password. Go ahead and change the password using the details you have.
Once you are in the AWS console, launch an EC2 instance.
Connect to the instance.
Note that you can't connect to the instance using "EC2 Instance Connect" as you have not given the user access to ec2:InstanceConnect. So log in using ssh.
Let's install docker and Jenkins in this instance using a shell script.
Create a file named install.sh.
#!/bin/bash
sudo apt update
sudo apt install openjdk-11-jre -y
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
/usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins -y
sudo systemctl enable jenkins
sudo systemctl start jenkins
sudo apt-get update
sudo apt-get install docker.io -y
sudo systemctl start docker
Let's run this script now.
Provide the file execute permissions.
chmod +x <filename>
Meanwhile, let's open port 8080 for Jenkins to access this instance.
Verify if Jenkins and Docker were installed successfully.
sudo systemctl status jenkins
sudo systemctl status docker
The status of both Docker and Jenkins is Active(Running), which means the installation was successful.
Now go to your browser, open PublicIP:8080 and you must be able to see the Unlock Jenkins page.
Task 2: Prepare a DevOps team of Avengers. Create 3 IAM users of Avengers and assign them to DevOps groups with the IAM policy.
Log in to the AWS console as a root user. Go to IAM.
Go to Access Management > User Groups > Create Group > User Group Name "Avengers"
Attach permissions policies > Give this user group access to S3 Full Access and EC2 Full Access > Click on Create User Group.
Go to Access Management > Users > Create 3 users named IronMan, CaptainAmerica, and Thor.
Go to User Groups > Open the Group Avengers > In the Users section > Click on Add Users >
We can see that Users are added to the group.
What's notable is that I had not given any permissions to these users while creating them. After adding them to the User Group, they have got the permissions attached to the policy of the Avengers group.
It's a new day in learning. In this blog, I have discussed AWS and its global infrastructure. Also discussed basic IAM concepts and created users with attached policies. If you have any questions or would like to share your experiences, feel free to leave a comment below. Don't forget to read my blogs and connect with me on LinkedIn and let's have a conversation.
To help me improve my blog and correct my mistakes, I am available on LinkedIn as Sneha K S. Do reach me and I am open to suggestions and corrections.
#Day38 #90daysofdevops