Day 3: S3, AWS CLI, and IAM

Day 3: S3, AWS CLI, and IAM

What is S3 Bucket in AWS?

  • Amazon Simple Storage Service (Amazon S3) is a scalable object storage service provided by Amazon Web Services (AWS). It is designed to store and retrieve any amount of data from anywhere on the web.

  • S3 is commonly used for a variety of purposes, such as backup and restore, archiving, content distribution, and hosting static websites.

What is IAM in AWS?

  • IAM stands for Identity and Access Management. IAM is a web service that helps you securely control access to AWS resources. It enables you to manage users, groups, and permissions to securely access and use AWS services and resources.

key components of IAM:

  • Users

  • Groups

  • Roles

  • Policies

What is AWSCLI?

  • The AWS Command Line Interface (AWS CLI) is a set of open-source command-line tools for interacting with Amazon Web Services (AWS) services. It allows users to control and manage AWS services directly from the command line, rather than using the AWS Management Console.

Tasks:

1) Make a private S3 bucket in AWS and change the policy so you can access its stuff without making it public.

Securing Your Data: Private S3 Buckets in AWS

Creating a Private S3 Bucket:

  1. Access AWS Console: Log in to AWS and find the S3 service.

  2. Bucket Creation: Click "Create Bucket" and follow the prompts, ensuring the bucket is private.

  3. Policy Adjustment: Modify the bucket policy to allow your IAM user access while keeping it private.

Ensuring the security of your S3 bucket is crucial. Follow these simple steps to keep your data safe and accessible only to authorized users.

2) Configure AWSCLI on your Ubuntu machine.

Setting Up AWSCLI:

  1. Installation: Open your terminal on Ubuntu and run below commands:

  2. COPY

      sudo apt update
      curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
      sudo apt install unzip
      unzip awscliv2.zip
      sudo ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update
    
  3. Configuration: Execute aws configure and input your AWS access key, secret key, default region, and output format.

3) Create an EC2 instance using AWSCLI.

Commanding the Cloud: Creating an EC2 Instance with AWSCLI

Crafting an EC2 Instance:

  1. Command Execution: Use below commands to create an EC2 instance. Specify AMI, instance type, and key pair.

  2. COPY

      aws ec2 create-key-pair --key-name MyKeyPair
    

    COPY

      aws ec2 authorize-security-group-ingress --group-id=<security-group-id> --protocol=tcp --port=443 --cidr=0.0.0.0/0
      aws ec2 authorize-security-group-ingress --group-id=<security-group-id> --protocol=tcp --port=22 --cidr=0.0.0.0/0
      aws ec2 authorize-security-group-ingress --group-id=<security-group-id> --protocol=tcp --p
    

    COPY

      aws ec2 run-instances --image-id=ami-0fc5d935ebf8bc3bc --instance-type=t2.micro --region=u
    

    Verification: Confirm the instance creation with aws ec2 describe-instances.

With a few commands, you've spawned a virtual server, showcasing the magic of AWSCLI.

4) Setting Up AWS IAM for a New Team Member

IAM Basics: Tailoring Access for Your Team

Scenario: Configuring IAM for Alex at GlobalTech Inc.

Configuring IAM for Alex's AWS Access:

Understanding IAM Basics: Before we dive into the specifics, let's recap the essence of IAM. IAM is AWS's access management service, enabling you to control who can access your AWS resources and what actions they can perform.

  1. Accessing IAM Console: Head to the AWS Management Console and locate the IAM service.

  2. Creating a New IAM User - Alex: Begin by creating a new IAM user for Alex. Specify the user details and choose programmatic access for AWS CLI usage.

  3. Assigning IAM Policies: IAM policies define permissions. For Alex's role, we'll create custom policies to grant access to EC2 instances and S3 bucket creation.

Granting Access to View EC2 Instances

Creating an EC2 Monitoring Policy:

  1. Policy Creation: Craft a new IAM policy named "EC2-Monitoring-Policy" allowing the ec2:DescribeInstances action.

    COPY

      {
         "Version":"2012-10-17",
         "Statement":[
            {
               "Effect":"Allow",
               "Action":"ec2:DescribeInstances",
               "Resource":"*"
            }
         ]
      }
    
  2. Attaching the Policy: Attach this policy to Alex's IAM user. Now, Alex has the capability to view, but not modify, EC2 instances.

Granting Access to Create S3 Buckets

Designing an S3 Bucket Creation Policy:

  1. Policy Creation: Develop a new IAM policy named "S3-Bucket-Creation-Policy" granting the s3:CreateBucket action.

    COPY

      {
         "Version":"2012-10-17",
         "Statement":[
            {
               "Effect":"Allow",
               "Action":"s3:CreateBucket",
               "Resource":"*"
            }
         ]
      }
    
  2. Attaching the Policy: Attach this policy to Alex's IAM user. Now, Alex holds the authority to create S3 buckets for diverse projects.

Testing Alex's Access

Verification for Peace of Mind:

  1. IAM User Credentials: Ensure Alex has received the necessary IAM user credentials.

  2. AWS CLI Check - EC2 Instances: Let Alex use AWS CLI with the configured credentials to run aws ec2 describe-instances. The response should display information on EC2 instances.

  3. AWS CLI Check - S3 Bucket Creation: Encourage Alex to run aws s3 mb s3://new-project-bucket. Success here confirms Alex's ability to create S3 buckets.

###