Today's topic is on S3 Bucket, IAM & AWS CLI.
What is S3 Bucket in AWS?
Amazon Simple Storage Service (Amazon S3) is a scalable object storage service provided by Amazon Web Services (AWS). It is designed to store and retrieve any amount of data from anywhere on the web.
S3 is commonly used for a variety of purposes, such as backup and restore, archiving, content distribution, and hosting static websites.
What is IAM in AWS?
- IAM stands for Identity and Access Management. IAM is a web service that helps you securely control access to AWS resources. It enables you to manage users, groups, and permissions to securely access and use AWS services and resources.
Key components of IAM:
Users - A user is an entity that you create in AWS.
Groups - An identity that specifies a collection of IAM users.
Roles - Roles are entities you create and assign specific permissions to that allow trusted identities such as workforce identities and applications to perform actions in AWS.
Policies - A policy is an object in AWS that, when associated with an identity or resource, defines their permissions.
What is AWSCLI?
- The AWS Command Line Interface (AWS CLI) is a set of open-source command-line tools for interacting with Amazon Web Services (AWS) services. It allows users to control and manage AWS services directly from the command line, rather than using the AWS Management Console.
Tasks:
1) Make a private S3 bucket in AWS and change the policy so you can access its stuff without making it public.
Access AWS Console: Log in to AWS and find the S3 service.
Bucket Creation: Click "Create Bucket" and follow the prompts, ensuring the bucket is private.
- Make sure the bucket name should be unique.
Policy Adjustment: Modify the bucket policy to allow your IAM user access while keeping it private.
Ensuring the security of your S3 bucket is crucial. Follow these simple steps to keep your data safe and accessible only to authorized users.
2) Configure AWS CLI on your Ubuntu machine.
Setting Up AWS CLI:
Installation: Open your terminal on Ubuntu and run the below commands:
sudo apt update
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo apt install unzip
unzip awscliv2.zip
sudo ./aws/install --bin-dir /usr/local/bin --install-dir /usr/local/aws-cli --update
Configuration: Execute aws configure
and input your AWS access key, secret key, default region, and output format.
3) Create an EC2 instance using AWS CLI.
Crafting an EC2 Instance:
Command Execution: Use
below commands
to create an EC2 instance. Specify AMI, instance type, and key pair.aws ec2 create-key-pair --key-name your-key-pair-name --query 'KeyMaterial' --output text > your-key-pair-name.pem
aws ec2 run-instances --image-id ami-xxxxxxxxxxxxxx --instance-type t2.micro --key-name your-key-pair-name --security-group-ids your-security-group-id --subnet-id your-subnet-id
aws ec2 run-instances --image-id ami-0287a05f0ef0e9d9a --instance-type t2.micro --key-name key.pem --security-group-ids sg-0c1f24b1a7f82dd7b --subnet-id subnet-0184412107cf6b310
Verification: Confirm the instance creation with
aws ec2 describe-instances
.
4) Setting Up AWS IAM for a New Team Member
Scenario: Configuring IAM for Alex at GlobalTech Inc.
Configuring IAM for Alex's AWS Access:
Understanding IAM Basics: Before we dive into the specifics, let's recap the essence of IAM. IAM is AWS's access management service, enabling you to control who can access your AWS resources and what actions they can perform.
Accessing IAM Console: Head to the AWS Management Console and locate the IAM service.
Creating a New IAM User - Alex: Begin by creating a new IAM user for Alex. Specify the user details and choose programmatic access for AWS CLI usage.
Assigning IAM Policies: IAM policies define permissions. For Alex's role, we'll create custom policies to grant access to EC2 instances and S3 bucket creation.
Let's start:
Create the user and make the password auto-generated and make the user create a new password at the next sign-in so that he/she can change the password of choice.
As per said in the task, we have to give permissions to the user Alex.
From the attach polices we can directly give permissions.
Configure AWS IAM (Identity and Access Management) to provide Alex with specific access rights. Alex should be able to:
View EC2 Instances: Alex needs to monitor the virtual servers running in the AWS cloud but should not be able to modify them.
Create S3 Buckets: Alex is responsible for creating new storage spaces for various projects.
User-created successfully with permissions.
DAY 3 Completed, Challenge taken from GitHub Repo.
Take the same, and you will enjoy this journey π
Feel free to explore more of my content, and don't hesitate to reach out if need any assistance from me or in case of you have any questions.
Happy Learning!
~kritika :)