What is S3 Bucket in AWS?
Amazon Simple Storage Service (Amazon S3) is a scalable object storage service provided by Amazon Web Services (AWS). It is designed to store and retrieve any amount of data from anywhere on the web.
S3 is commonly used for a variety of purposes, such as backup and restore, archiving, content distribution, and hosting static websites.
What is IAM in AWS?
- IAM stands for Identity and Access Management. IAM is a web service that helps you securely control access to AWS resources. It enables you to manage users, groups, and permissions to securely access and use AWS services and resources.
key components of IAM:
Users
Groups
Roles
Policies
What is AWSCLI?
- The AWS Command Line Interface (AWS CLI) is a set of open-source command-line tools for interacting with Amazon Web Services (AWS) services. It allows users to control and manage AWS services directly from the command line, rather than using the AWS Management Console.
Tasks:
1) Make a private S3 bucket in AWS and change the policy so you can access its stuff without making it public.
Securing Your Data: Private S3 Buckets in AWS
Creating a Private S3 Bucket:
Access AWS Console: Log in to AWS and find the S3 service.
Bucket Creation: Click "Create Bucket" and follow the prompts, ensuring the bucket is private.
Policy Adjustment: Modify the bucket policy to allow your IAM user access while keeping it private.
Ensuring the security of your S3 bucket is crucial. Follow these simple steps to keep your data safe and accessible only to authorized users.
2) Configure AWSCLI on your Ubuntu machine.
Setting Up AWSCLI:
Installation: Open your terminal on Ubuntu and run below commands:
COPY
sudo apt update curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" sudo apt install unzip unzip awscliv2.zip sudo ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update
Configuration: Execute
aws configure
and input your AWS access key, secret key, default region, and output format.
3) Create an EC2 instance using AWSCLI.
Commanding the Cloud: Creating an EC2 Instance with AWSCLI
Crafting an EC2 Instance:
Command Execution: Use
below commands
to create an EC2 instance. Specify AMI, instance type, and key pair.COPY
aws ec2 create-key-pair --key-name MyKeyPair
COPY
aws ec2 authorize-security-group-ingress --group-id=<security-group-id> --protocol=tcp --port=443 --cidr=0.0.0.0/0 aws ec2 authorize-security-group-ingress --group-id=<security-group-id> --protocol=tcp --port=22 --cidr=0.0.0.0/0 aws ec2 authorize-security-group-ingress --group-id=<security-group-id> --protocol=tcp --p
COPY
aws ec2 run-instances --image-id=ami-0fc5d935ebf8bc3bc --instance-type=t2.micro --region=u
Verification: Confirm the instance creation with
aws ec2 describe-instances
.
With a few commands, you've spawned a virtual server, showcasing the magic of AWSCLI.
4) Setting Up AWS IAM for a New Team Member
IAM Basics: Tailoring Access for Your Team
Scenario: Configuring IAM for Alex at GlobalTech Inc.
Configuring IAM for Alex's AWS Access:
Understanding IAM Basics: Before we dive into the specifics, let's recap the essence of IAM. IAM is AWS's access management service, enabling you to control who can access your AWS resources and what actions they can perform.
Accessing IAM Console: Head to the AWS Management Console and locate the IAM service.
Creating a New IAM User - Alex: Begin by creating a new IAM user for Alex. Specify the user details and choose programmatic access for AWS CLI usage.
Assigning IAM Policies: IAM policies define permissions. For Alex's role, we'll create custom policies to grant access to EC2 instances and S3 bucket creation.
Granting Access to View EC2 Instances
Creating an EC2 Monitoring Policy:
Policy Creation: Craft a new IAM policy named "EC2-Monitoring-Policy" allowing the
ec2:DescribeInstances
action.COPY
{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":"ec2:DescribeInstances", "Resource":"*" } ] }
Attaching the Policy: Attach this policy to Alex's IAM user. Now, Alex has the capability to view, but not modify, EC2 instances.
Granting Access to Create S3 Buckets
Designing an S3 Bucket Creation Policy:
Policy Creation: Develop a new IAM policy named "S3-Bucket-Creation-Policy" granting the
s3:CreateBucket
action.COPY
{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":"s3:CreateBucket", "Resource":"*" } ] }
Attaching the Policy: Attach this policy to Alex's IAM user. Now, Alex holds the authority to create S3 buckets for diverse projects.
Testing Alex's Access
Verification for Peace of Mind:
IAM User Credentials: Ensure Alex has received the necessary IAM user credentials.
AWS CLI Check - EC2 Instances: Let Alex use AWS CLI with the configured credentials to run
aws ec2 describe-instances
. The response should display information on EC2 instances.AWS CLI Check - S3 Bucket Creation: Encourage Alex to run
aws s3 mb s3://new-project-bucket
. Success here confirms Alex's ability to create S3 buckets.
###