AWS stands for Amazon Web Services. It is a comprehensive and widely used cloud computing platform provided by Amazon. AWS offers a broad range of cloud services that include computing power, storage options, networking, databases, machine learning, analytics, developer tools, security, and more.
These services are designed to help individuals, organizations, and businesses of all sizes to build and deploy applications and services quickly and securely, while also providing scalability and cost-effectiveness.
In simple words AWS allows you to do the following things-
Running web and application servers in the cloud to host dynamic websites.
Securely store all your files on the cloud so you can access them from anywhere.
Using managed databases like MySQL, PostgreSQL, Oracle or SQL Server to store information.
Deliver static and dynamic files quickly around the world using a Content Delivery Network (CDN).
Send bulk email to your customers and much more!
Basic Terminologies in AWS:
Region — A region is a geographical area around the world where AWS’s data centers are located. Each region consists of 2 (or more) availability zones.
Availability Zone — It is simply a group of one or more data centers.
Edge Location — They are CDN (Content Delivery Network) endpoints for CloudFront. Cached data is stored here to reduce latency to the end users.
Local Zone — Allows you to deploy AWS services, like compute and storage services, closer to your end-users for low-latency requirements.
Wavelength — It embeds AWS compute and storage services within 5G networks hence allowing developers to build applications that deliver single-digit millisecond latencies to mobile devices and end-users.
Outposts — It brings AWS services and infrastructure to virtually any on-premises or edge location helping you build a consistent hybrid experience
Now that you know what you can do with AWS, lets have an overview of various AWS services. There are more than 200 services:
EC2 (Elastic Compute Cloud) — These are just the virtual machines in the cloud on which you have the OS level control. You can run whatever you want in them.
ECS (Elastic Container Service) — It is a highly scalable container service to allows you to run Docker containers in the cloud.
EKS (Elastic Container Service for Kubernetes) — Allows you to use Kubernetes on AWS without installing and managing your own Kubernetes control plane.
Lambda — AWS’s serverless technology that allows you to run functions in the cloud. It’s a huge cost saver as you pay only when your functions execute.
Storage:
S3 (Simple Storage Service) — Storage service of AWS in which we can store objects like files, folders, images, documents, songs, etc. It cannot be used to install software, games or Operating System.
EFS (Elastic File System) — Provides file storage for use with your EC2 instances. It uses NFSv4 protocol and can be used concurrently by thousands of instances.
EBS (Elastic Block Storage) — It is a scalable, high-performance block storage service for EC2 instances. In simple words, it is the HDDs or SSDs attached to your EC2 instances. One EBS volume can only be attached to a single EC2 instance.
Networking & Content Delivery:
VPC (Virtual Private Cloud) — It is simply a data center in the cloud in which you deploy all your resources. It allows you to better isolate your resources and secure them.
CloudFront -It is AWS’s Content Delivery Network (CDN) that consists of Edge locations that cache resources.
Route53 — It is AWS’s highly available DNS (Domain Name System) service. You can register domain names through it.
Direct Connect — Using it you can connect your data center to an Availability zone using a high speed dedicated line.
API Gateway — Allows you to create, store and manage APIs at scale.
Security, Identity, and Compliance:
IAM (Identity and Access Management) — Allows you to manage users, assign policies, create groups to manage multiple users.
Inspector — It is an agent that you install on our virtual machines, which then reports any security vulnerabilities.
Certificate Manager — It gives free SSL certificates for your domains that are managed by Route53.
Use Cases Of AWS:
The AWS services are using by both startup and MNC companies as per their usecase. The startup companies are using overcome hardware infrasture cost and applications deployments effectively with cost and performance.
Whereas large scale companies are using AWS cloud services for the management of their Infrastructure to completely focus on the development of products widely.
The following the Real-world industrial use-cases of AWS services:
Netflix: The Large streaming gaint using AWS for the storage and scaing of the applications for ensuring seamless content delivery with low latency without interruptions to millions of users globally.
Airbnb: By utilizing AWS, Airbnb manages the various workloads and provides insurable and expandable infrastructure for its virtual marketplace and lodging offerings.
Applications of AWS:
1. Storage and Backup: AWS offers multiple types of storage to choose from and is easily accessible as well. It can be used for storage and file indexing as well as to run critical business applications.
2. Gaming: There is a lot of computing power needed to run gaming applications. AWS makes it easier to provide the best online gaming experience to gamers across the world.
3. Mobile, Web and Social Applications: A feature that separates AWS from other cloud services is its capability to launch and scale mobile, e-commerce, and SaaS applications. API-driven code on AWS can enable companies to build uncompromisingly scalable applications without requiring any OS and other systems.
4.Augmented Reality and Virtual Reality: Amazon Sumerian service enables users to make the use of AR and VR development tools to offer 3D web applications, E-commerce & sales applications, Marketing, Online education, Manufacturing, Training simulations, and Gaming.
5. Internet of Things: AWS IoT service offers a back-end platform to manage IoT devices as well as data ingestion to database services and AWS storage.
What is IAM?
IAM stands for Identity and Access Management. It is a service provided by AWS that enables you to manage access to your AWS resources securely. IAM allows you to control who can access your AWS resources and what actions they can perform.
The key components of IAM are:
Users: IAM allows you to create individual user accounts for people who will be accessing your AWS resources. Each user is assigned unique security credentials to authenticate their identity.
Groups: IAM groups are collections of users. Instead of assigning permissions to individual users, you can create groups and assign permissions to the groups. This simplifies the management of permissions, especially in large organizations.
Roles: IAM roles are similar to users, but they are not associated with a specific person. Roles are used to grant permissions to entities or services outside of AWS, such as applications running on EC2 instances or AWS services accessing resources.
4.Policies: IAM policies are JSON documents that define permissions. You can attach policies to users, groups, or roles to grant or deny access to AWS resources. Policies define what actions are allowed or denied on specific resources.
Example Use Case of IAM Roles
Consider the following very simple architecture: an EC2 instance running an application that needs full access to an S3 bucket.
How would you give the EC2 instance the permission to read and write objects from an S3 bucket? This is explained in the diagram below:
Attaching a policy to an IAM role and letting an EC2 instance assume that role
Create an IAM role for your EC2 instance
Attach an IAM policy to the role that gives full access to the S3 bucket
Let the EC2 instance assume the role
The IAM policy for full S3 access mentioned in step #2 is:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*",
"s3-object-lambda:*"
],
"Resource": "*"
}
]
}
You can now read from and write to the S3 bucket. Notice that in the policy above, it doesn’t specify any ARN, but just says “*” for the resource. This means all S3 buckets. If that is what you want, then this policy is fine. But if you want to specify a single bucket, then you need to give the bucket ARN.
Features of IAM:
Centralised control of your AWS account: You can control creation, rotation, and cancellation of each user's security credentials. You can also control what data in the aws system users can access and how they can access.
Shared Access to your AWS account: Users can share the resources for the collaborative projects.
Granular permissions: It is used to set a permission that user can use a particular service but not other services.
Identity Federation: An Identity Federation means that we can use Facebook, Active Directory, LinkedIn, etc with IAM. Users can log in to the AWS Console with same username and password as we log in with the Active Directory, Facebook, etc.
Networking controls: IAM also ensures that the users can access the AWS resources within the organization's corporate network.
Provide temporary access for users/devices and services where necessary: If you are using a mobile app and storing the data in AWS account, you can do this only when you are using temporary access.
Task1:
Create an IAM user with username of your own wish and grant EC2 Access. Launch your Linux instance through the IAM user that you created now and install jenkins and docker on your machine via single Shell Script.
Step 1: Create an IAM User
Log into the AWS Management Console:
Go to the AWS Management Console at aws.amazon.com.
Sign in with your AWS account credentials or create a new AWS account if you don't have one.
Step2: Access IAM Service:
From the AWS Management Console, navigate to the IAM (Identity and Access Management) service. It's usually located under the "Security, Identity, & Compliance" section.
Step3: Create a New IAM User:
Inside the IAM dashboard, select "Users" from the left-hand menu
Step 4: Give Username and password. Please remember the password then click on Next.
Step 5: Click on Attach Policies and Give Permission to Create an EC2 instance.
Step 6: Recheck all the details and Click on Create User.
Step 7:
Congratulations!! you successfully Created IAM user.
- NOTE: Download the CSV file that contains the access key ID and secret access key. You'll need these credentials to configure your AWS CLI.
Step 8: Launch a Linux EC2 Instance
Now that we have an IAM user with EC2 access, you can use the AWS Management Console to launch an EC2 instance:
Sign in to the AWS Management Console if you're not already logged in.
Go to the EC2 dashboard.
Click the "Launch Instance" button to start the EC2 instance creation process.
Follow the EC2 instance creation wizard, specifying instance details, adding storage, configuring security groups (ensure that SSH access is allowed for connecting to your instance), and finally, reviewing and launching the instance.
- Name of the instance:
Os type:
Select the instance type and create new Key pair : here I have selected t2.micro which is free tier .
A key pair is used for secure authentication and access control to instances (virtual machines) created using Amazon Elastic Compute Cloud (EC2) and for other AWS services. Key pairs consist of two parts: a public key and a private key.
configuring security group
Now click on launch instance and wait for the prompt saying succesfully created EC2 instance.
Step9: Install Jenkins and Docker with a Shell Script
Once your EC2 instance is up and running, you can go SSH into it and execute a shell script to install Jenkins and Docker.
Here's a sample shell script (install-jenkins-docker.sh) that you can use:
#!/bin/bash
# Update the system
sudo apt update -y
# Install Java
sudo apt install openjdk-17-jre
# Install Jenkins
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
/usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
/etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt-get update
sudo apt-get install jenkins
# Start Jenkins
sudo systemctl start jenkins
sudo systemctl enable jenkins
# Install Docker
sudo apt install docker.io -y
sudo service docker start
sudo usermod -aG docker
Use any editor such as nano or vim , copy the script and save it as install.sh
Give the necessary permissions (execute permission) use
chmod +xfilename to give execute permission. Use ./filename.sh to execute the script.
Now check the status of docker and jenkins using command
java --version docker --version sudo systemctl status docker sudo systemctl status jenkins
Task 2:
Creating IAM Users for a DevOps Team
Log into the AWS Management Console:
- If you're not already logged in, access the AWS Management Console.
Access IAM Service:
- Navigate to the IAM service as explained in Task 1.
Create IAM Users:
Inside the IAM dashboard, select "Users" from the left-hand menu.
Click the "Add user" button to create three IAM users, one for each member of your DevOps team. Provide usernames and select "Provide user access to AWS management console" for each user.
Assign Users to a DevOps Group:
After creating the users, you can group them together. Select "Groups" from the left-hand menu and create a new group (e.g., "Avengers-DevOps").
Add the three IAM users to this group.
Create an IAM Policy:
To define what actions the Avengers-DevOps team members can perform, you'll need to create an IAM policy.
Scroll down and you will find policy.
Use the policy editor to specify the permissions you want. For example, you can grant permissions to access specific EC2 instances, manage S3 buckets, and interact with other AWS services.
Now click on Create Group on bottom right hand side .
Now if you go the user group section in IAM , you can see that the group is created.
Now, each user is associated with a specific DevOps group with the necessary IAM policies. You can add more users by clicking “Add users”.
Thank you for 📖reading my blog, 👍Like it and share it 🔄 with your friends.
Happy learning😊😊