How to Master AWS Basics for DevOps Learners - A Step-by-Step Guide: Day 38 of 90 Days of DevOps

How to Use AWS and IAM for Common DevOps Tasks: A Practical Guide with Examples

How to Master AWS Basics for DevOps Learners - A Step-by-Step Guide: Day 38 of 90 Days of DevOps
Play this article

Introduction

AWS stands for Amazon Web Services, which is a cloud computing platform that provides a wide range of services and features for various use cases. AWS allows you to create, manage, and scale your applications and infrastructure on demand, without having to worry about the underlying hardware or software.

Some of the benefits of using AWS are:

  • Cost-effectiveness: You only pay for what you use, and you can choose from different pricing models and options.

  • Scalability: You can easily scale up or down your resources according to your needs, and you can leverage the global network of AWS regions and availability zones.

  • Reliability: You can rely on the high availability and durability of AWS services, and you can use various tools and best practices to ensure your application’s performance and security.

  • Innovation: You can access the latest technologies and features that AWS offers, and you can experiment with different solutions and architectures.

IAM stands for Identity and Access Management, which is a service that allows you to manage users, groups, roles, policies, and permissions in AWS. IAM enables you to control who can access your AWS resources and what actions they can perform.

Some of the benefits of using IAM are:

  • Security: You can enforce strong authentication methods, such as passwords, multi-factor authentication, or access keys, for your users. You can also use encryption and auditing features to protect your data and monitor your activities.

  • Granularity: You can assign fine-grained permissions to your users, groups, roles, or resources, based on the principle of least privilege. You can also use conditions and tags to further restrict or allow access.

  • Flexibility: You can create custom policies that suit your specific needs, or use predefined policies that AWS provides. You can also use roles to delegate permissions to other users or services, without sharing your credentials.

In this blog post, we will learn how to use AWS and IAM for DevOps purposes. We will cover the following tasks:

  • Creating an IAM user and granting EC2 access.

  • Launching an EC2 instance and installing Jenkins and Docker.

  • Preparing a DevOps team of Avengers.

By the end of this blog post, you will have a better understanding of AWS and IAM basics, and you will be able to perform some common DevOps tasks on AWS.

Let’s get started!

Creating an IAM User and Granting EC2 Access

The first task is to create an IAM user and grant EC2 access. An IAM user is an entity that represents a person or an application that interacts with AWS. EC2 stands for Elastic Compute Cloud, which is a service that allows you to launch virtual servers on AWS.

To create an IAM user and grant EC2 access, follow these steps:

Step 1: Sign in to the AWS Management Console

The AWS Management Console is a web-based interface that allows you to access and manage your AWS resources.

To sign in to the AWS Management Console, go to https://aws.amazon.com/console/ and enter your email address and password. If you don’t have an account yet, you can create one for free by clicking on Create a new AWS account.

Step 2: Go to the IAM Dashboard

The IAM Dashboard is where you can view and manage your IAM users, groups, roles, policies, and permissions.

To go to the IAM Dashboard, click on Services at the top left corner of the console, and then select IAM under Security, Identity, & Compliance.

Step 3: Create a New User

To create a new user, click on Users in the left navigation pane, and then click on Create User.

Enter a user name of your choice. For example, you can use your own name or a nickname. In this blog post, we will use devops-learner as the user name.

Select the access type for the user. You can choose between Programmatic access and AWS Management Console access. Programmatic access means that the user can access AWS using an access key ID and a secret access key, which are credentials that can be used by applications or scripts. AWS Management Console access means that the user can access AWS using a username and a password, which are credentials that can be used by humans.

In this blog post, we will select both Programmatic access and AWS Management Console access, as we will need both types of access for our tasks.

Click on Next: Permissions.

Step 4: Attach the AmazonEC2FullAccess Policy

To attach a policy to the user, you can either add the user to an existing group, copy permissions from an existing user or attach existing policies directly. A policy is a document that defines the permissions that are allowed or denied for a user, group, role, or resource.

In this blog post, we will attach an existing policy directly to the user. An existing policy is a policy that AWS provides for common use cases. You can also create your own custom policies if you need more specific permissions.

To attach an existing policy directly to the user, click on Attach existing policies directly, and then search for AmazonEC2FullAccess in the search box. Select the checkbox next to AmazonEC2FullAccess, which is a policy that grants full access to EC2.

Click on Next: Tags.

Step 5: Download the User Credentials

To download the user credentials, you can either add tags to the user or skip this step. Tags are key-value pairs that you can use to organize and identify your resources.

In this blog post, we will skip this step and click on Next: Review.

Review the user details and click on Create user.

You will see a success message and a table with the user credentials. You will need these credentials later for accessing AWS programmatically or through the console.

Click on Download .csv to download a file with the user credentials. Save this file in a secure location, as you will not be able to access these credentials again from the console.

Click on Close to return to the Users page.

You have successfully created an IAM user and granted EC2 access.

Launching an EC2 Instance and Installing Jenkins and Docker

The second task is to launch an EC2 instance and install Jenkins and Docker on it. An EC2 instance is a virtual server that runs on AWS. Jenkins is a tool that automates the software development process, such as building, testing, and deploying. Docker is a tool that allows you to create, run, and share containers that contain your application and its dependencies.

To launch an EC2 instance and install Jenkins and Docker on it, follow these steps:

Step 1: Go to the EC2 Dashboard

The EC2 Dashboard is where you can view and manage your EC2 instances and other related resources.

To go to the EC2 Dashboard, click on Services at the top left corner of the console, and then select EC2 under Compute.

Step 2: Launch a New Instance

To launch a new instance, click on Launch Instance.

Step 3: Choose an AMI

An AMI stands for Amazon Machine Image, which is a template that contains the operating system and software configuration for your instance.

To choose an AMI, select Ubuntu Server 22.04 LTS (HVM), SSD Volume Type as the AMI. This is a free tier eligible AMI that comes with Ubuntu Linux and some pre-installed packages.

Click on Select.

Step 4: Choose an Instance Type

An instance type determines the hardware specifications of your instance, such as CPU, memory, storage, and network performance.

To choose an instance type, select t2.micro as the instance type. This is a free tier eligible instance type that provides 1 vCPU and 1 GB of memory.

Click on Next: Configure Instance Details.

Step 5: Configure Instance Details

To configure instance details, you can modify various settings for your instance, such as the number of instances, the network, the subnet, the IAM role, etc.

In this blog post, we will leave everything as default except for two settings:

  • User data: This is a script that runs when your instance launches. You can use user data to perform common tasks such as installing software or configuring settings.

  • IAM role: This is a role that grants permissions to your instance to access other AWS services or resources.

To configure user data, click on Advanced Details and enter the following script in the text box:

#!/bin/bash
sudo apt update
sudo apt install openjdk-11-jdk -y
wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add -
sudo sh -c 'echo deb https://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'
sudo apt update
sudo apt install jenkins -y
sudo systemctl start jenkins
sudo apt install docker.io -y
sudo usermod -aG docker $USER && newgrp docker

This script will do the following:

  • Update the package list

  • Install Java 11 JDK

  • Add the Jenkins repository key and source list

  • Install Jenkins

  • Start Jenkins service

  • Install Docker

  • Add the current user to the docker group

To configure the IAM role, click on Create new IAM role and enter a role name of your choice. For example, you can use ec2-jenkins-docker-role as the role name.

Click on Next: Permissions.

Select AmazonEC2ContainerRegistryFullAccess as the policy to attach to the role. This policy grants full access to Amazon Elastic Container Registry (ECR), which is a service that allows you to store and manage your Docker images.

Click on Next: Tags.

Click on Create role.

You will see a success message and a table with the role details. Click on Close.

You will be redirected back to the Configure Instance Details page. Select the role that you just created from the IAM role dropdown menu.

Click on Next: Add Storage.

Step 6: Add Storage

To add storage, you can modify the size and type of the storage volume for your instance. A storage volume is a block device that provides persistent storage for your instance.

In this blog post, we will leave everything as default and click on Next: Add Tags.

Step 7: Add Tags

To add tags, you can add key-value pairs that help you organize and identify your resources.

In this blog post, we will add one tag with Key as Name and Value as ec2-jenkins-docker-instance. This will help us recognize our instance later.

Click on Next: Configure Security Group.

Step 8: Configure Security Group

To configure the security group, you can define the inbound and outbound rules that control the traffic to and from your instance. A security group acts as a virtual firewall for your instance.

In this blog post, we will create a new security group with two rules:

  • Type: SSH, Protocol: TCP, Port Range: 22, Source: Anywhere (0.0.0.0/0), Description: SSH access

  • Type: Custom TCP Rule, Protocol: TCP, Port Range: 8080, Source: Anywhere (0.0.0.0/0), Description: Jenkins access

These rules will allow us to access our instance via SSH and Jenkins via port 8080.

Enter a security group name and description of your choice. For example, you can use ec2-jenkins-docker-sg as the name and Jenkins and Docker security group as the description.

Click on Review and Launch.

Step 9: Review and Launch

To review and launch, you can review your instance details and launch it.

Click on Launch.

Select an existing key pair or create a new one. A key pair consists of a public key and a private key that is used to encrypt and decrypt the login information for your instance. You will need the private key to connect to your instance via SSH.

Check the acknowledgment box and click on Launch Instances.

Wait for your instance to launch and note down its public IP address.

Step 10: Connect to the Instance

To connect to the instance, you can use SSH to establish a secure connection with your instance.

Open a terminal window and enter the following command:

ssh -i <keypair.pem> ubuntu@<public-ip-address>

Replace <keypair.pem> with the path to your private key file and <public-ip-address> with the public IP address of your instance.

For example, if your key pair file is called ec2-jenkins-docker-key.pem and your public IP address is 54.173.12.34, use:

ssh -i docker-advanced.pem ubuntu@54.173.12.34

You will see a message like this:

Type yes and press Enter.

You will see a message like this:

You have successfully connected to your instance.

Step 11: Create a Shell Script

To create a shell script, you can use a text editor to write a series of commands that can be executed as a single file.

In this blog post, we will create a shell script that will install Jenkins and Docker on our instance.

On your terminal window, enter the following command:

nano install.sh

This will open a text editor called nano.

Enter the following code in the text editor:

#!/bin/bash
sudo apt update
sudo apt install openjdk-11-jdk -y
wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add -
sudo sh -c 'echo deb https://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'
sudo apt update
sudo apt install jenkins -y
sudo systemctl start jenkins

Step 12: Run the Shell Script

To run the shell script, you need to make it executable and then execute it.

On your terminal window, enter the following commands:

chmod +x install.sh
./install.sh

These commands will make the shell script executable and then run it.

You will see some output on the terminal window as the script installs Jenkins and Docker on your instance.

Wait for the script to finish and then check the status of Jenkins and Docker using the following commands:

sudo systemctl status jenkins
sudo docker version

These commands will show you the status of the Jenkins service and the version of Docker installed.

You should see something like this:

This means that Jenkins and Docker are installed and running on your instance.

You have successfully launched an EC2 instance and installed Jenkins and Docker on it.

Preparing a DevOps Team of Avengers

The third task is to prepare a DevOps team of Avengers. We will create three IAM users for three Avengers and assign them to a DevOps group with the IAMFullAccess policy.

To prepare a DevOps team of Avengers, follow these steps:

Step 1: Create Three New Users

To create three new users, go back to the IAM Dashboard and click on Users in the left navigation pane. Then click on Add user.

Enter the user names for the three Avengers. For example, you can use ironman, captainamerica, and blackwidow as the user names.

Select the access type for the users. In this blog post, we will select Programmatic access only, as we will assume that these users will access AWS using applications or scripts.

Click on Next: Permissions.

Step 2: Create a DevOps Group

To create a DevOps group, click on Create group.

Enter a group name of your choice. For example, you can use avengers-devops as the group name.

Search for IAMFullAccess in the search box and select the checkbox next to it. This is a policy that grants full access to IAM.

Click on Create group.

You will see a success message and a table with the group details. Click on Next: Tags.

Step 3: Attach the IAMFullAccess Policy

To attach the IAMFullAccess policy to the group, you can either add tags to the group or skip this step. Tags are key-value pairs that you can use to organize and identify your resources.

In this blog post, we will skip this step and click on Next: Review.

Review the user details and click on Create user.

You will see a success message and a table with the user credentials. You can download or email these credentials to the users, or ask them to generate their own credentials later.

Click on Close to return to the Users page.

Step 4: Add the Users to the Group

To add the users to the group, select the checkbox next to each user name and click on Add user to groups.

Select the checkbox next to avengers-devops and click on Add to groups.

You will see a success message and a table with the user details. Click on Close.

You have successfully prepared a DevOps team of Avengers.

Conclusion

In this blog post, we have learned how to get started with AWS basics for DevOps learners. We have covered the following tasks:

  • Creating an IAM user and granting EC2 access.

  • Launching an EC2 instance and installing Jenkins and Docker.

  • Preparing a DevOps team of Avengers.

By completing these tasks, we have gained a better understanding of AWS and IAM basics, and we have performed some common DevOps tasks on AWS.

We hope you enjoyed this blog post and learned something new from it. If you want to learn more about AWS and DevOps, you can check out these resources:

  • AWS Training and Certification: This is where you can find various courses, certifications, and learning paths for AWS.

  • AWS Ramp-Up Guide: Developer: This is where you can find a curated list of resources for developers who want to learn more about AWS.

  • AWS DevOps Blog: This is where you can find articles, tutorials, and best practices for DevOps on AWS.

  • AWS Whitepapers: This is where you can find technical guides and overviews for various AWS topics and services.

Thank you for reading this blog post. Please feel free to share your feedback or questions in the comments section below.

Happy learning! 😊

Did you find this article valuable?

Support Ajit Fawade by becoming a sponsor. Any amount is appreciated!