Amazon Web Services (AWS) is a comprehensive and widely adopted cloud platform, offering over 200 fully-featured services from data centers globally. AWS provides a range of services for computing, storage, networking, database, machine learning, and more. Let's dive into the basics of AWS, cloud computing service models, deployment models, and AWS Identity and Access Management (IAM).
Cloud Computing Service Models ☁️
Cloud computing services are typically categorized into three models:
1. Infrastructure as a Service (IaaS) 🏗️
Definition: Provides virtualized computing resources over the internet.
Examples: Amazon EC2, Google Compute Engine, Microsoft Azure VMs.
Benefits:
Scalability: Easily scale up or down based on demand.
Flexibility: Choose and configure the infrastructure according to your needs.
Cost-Effective: Pay only for the resources you use.
2. Platform as a Service (PaaS) 🧩
Definition: Offers hardware and software tools over the internet.
Examples: AWS Elastic Beanstalk, Google App Engine, Microsoft Azure App Service.
Benefits:
Simplified Development: Focus on coding without worrying about underlying infrastructure.
Integrated Development Environment: Access to development and deployment tools.
Cost-Effective: Pay for the platform and avoid costs of managing hardware and software.
3. Software as a Service (SaaS) 📦
Definition: Delivers software applications over the internet on a subscription basis.
Examples: Google Workspace, Salesforce, Microsoft Office 365.
Benefits:
Accessibility: Access applications from anywhere with an internet connection.
Maintenance-Free: Providers handle software updates and maintenance.
Cost-Effective: Subscription-based pricing reduces upfront costs.
Deployment Models of Cloud 🌐
Cloud deployment models define how the cloud services are made available to users:
1. Public Cloud 🏢
Definition: Services are delivered over the public internet and shared across organizations.
Examples: AWS, Google Cloud Platform (GCP), Microsoft Azure.
Benefits:
Cost-Effective: No capital expenses, pay-as-you-go pricing.
Scalability: Unlimited scalability with a large pool of resources.
Reliability: High availability and redundancy.
2. Private Cloud 🏠
Definition: Cloud infrastructure is dedicated to a single organization.
Examples: VMware, OpenStack.
Benefits:
Security: Enhanced security and privacy.
Customization: Tailored to specific business needs.
Control: Greater control over the infrastructure.
3. Hybrid Cloud 🔄
Definition: Combines public and private clouds, allowing data and applications to be shared between them.
Examples: AWS Outposts, Microsoft Azure Stack.
Benefits:
Flexibility: Optimize workloads between public and private clouds.
Cost-Effective: Balance between cost and performance.
Scalability: Scale resources as needed.
Identity and Access Management (IAM) in AWS 🔐
AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. IAM is a critical part of ensuring security in AWS.
Key Features:
Users and Groups: Create individual user accounts and group them to manage permissions collectively.
Roles: Define roles with specific permissions that can be assumed by users or services.
Policies: Attach policies to users, groups, and roles to define what actions they can perform.
Multi-Factor Authentication (MFA): Enhance security by requiring a second form of authentication.
Benefits:
Granular Access Control: Fine-tuned permissions for users and resources.
Improved Security: Control who can access your AWS resources.
Compliance: Meet regulatory and organizational security requirements.
Task 01:
Create an IAM user with username of your own wish and grant EC2 Access. Launch your Linux instance through the IAM user that you created now and install jenkins and docker on your machine via single Shell Script.
To create an IAM user and grant EC2 access, follow these steps:
Step 1: Sign in to the AWS Management Console
The AWS Management Console is a web-based interface that allows you to access and manage your AWS resources.
To sign in to the AWS Management Console, go to https://aws.amazon.com/console/ and enter your email address and password. If you don’t have an account yet, you can create one for free by clicking on Create a new AWS account.
Go to the IAM Dashboard
The IAM Dashboard is where you can view and manage your IAM users, groups, roles, policies, and permissions.
To go to the IAM Dashboard, click on Services at the top left corner of the console, and then select IAM under Security, Identity, & Compliance.
Create a New User
To create a new user, click on Users in the left navigation pane, and then click on Create User.
Enter a user name of your choice. In this blog post, we will use
Vaishas the user name.Select the access type for the user. You can choose between Programmatic access and AWS Management Console access. Programmatic access means that the user can access AWS using an access key ID and a secret access key, which are credentials that can be used by applications or scripts.
AWS Management Console access means that the user can access AWS using a username and a password, which are credentials that can be used by humans.
In this blog post, we will select both Programmatic access and AWS Management Console access, as we will need both types of access for our tasks.
Attach the AmazonEC2FullAccess Policy
To attach a policy to the user, you can either add the user to an existing group, copy permissions from an existing user or attach existing policies directly.
A policy is a document that defines the permissions that are allowed or denied for a user, group, role, or resource.
In this blog post, we will attach an existing policy directly to the user. An existing policy is a policy that AWS provides for common use cases. You can also create your own custom policies if you need more specific permissions.
To attach an existing policy directly to the user, click on Attach existing policies directly, and then search for AmazonEC2FullAccess in the search box. Select the checkbox next to AmazonEC2FullAccess, which is a policy that grants full access to EC2.
Download the User Credentials
To download the user credentials, you can either add tags to the user or skip this step.
In this blog post, we will skip this step and click on Next: Review. (Review the user details and click on Create user).
Click on Download .csv to download a file with the user credentials. Save this file in a secure location, as you will not be able to access these credentials again from the console.
You have successfully created an IAM user and granted EC2 access. Now, Launch a Linux instance by following these steps:
Go to the EC2 service in the AWS Management Console.
Click on “Launch Instance” and select an Amazon Machine Image (AMI) of your choice.
Choose an instance type, configure the instance details, and add storage as per your requirements.
Configure security groups to allow SSH access.
Review the instance details and launch the instance.
Once the instance is running, connect using your preferred option. In this case, I will use EC2 Instance Connect.
Install Jenkins and Docker on the Linux instance.
#Firstl install Java, then install Jenkins sudo apt-get update sudo apt install openjdk-11-jre -y java --version #jenkins installation curl -fsSL https://pkg.jenkins.io/debian/jenkins.io-2023.key | sudo tee \ /usr/share/keyrings/jenkins-keyring.asc > /dev/null echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \ https://pkg.jenkins.io/debian binary/ | sudo tee \ /etc/apt/sources.list.d/jenkins.list > /dev/null sudo apt-get update sudo apt-get install jenkins -y #install docker sudo apt install docker.io -y #check status of jenkins and docker systemctl status jenkins systemctl status docker
Task 02:
In this task you need to prepare a devops team of avengers. Create 3 IAM users of avengers and assign them in devops groups with IAM policy.
Open the IAM console.
In the left navigation pane, click on "User Groups" and then click on the "Create New Group" button.
Give the group a name, such as "devops-team-of-avengers" and click on "Next Step." and then Choose policies based on the specific permissions required for the DevOps team.
Finally, click on "Create Group" to create the DevOps group.
Now, follow these steps for each of the three IAM users:
In the left navigation pane of the IAM console, click on "Users" and then click on the "Add user" button.
Enter a desired username for the IAM user, such as "Vaish-1," in the "User name" field.
In the "Permissions" section, click on the "Add user to group" button.
Select the "devops-team-of-avengers" that you created earlier and click on "Add to groups."
Repeat these steps to create the remaining two IAM users for the Avengers DevOps team, assigning them to the "devops-team-of-avengers" in the "Add user to group" step.
Conclusion 🌟
AWS offers a robust cloud platform that caters to diverse computing neds through various service and deployment models. Understanding the basics of AWS, the different cloud computing service models, and deployment options can help you make informed decisions for your organization. Moreover, AWS IAM provides powerful tools to manage access and ensure the security of your AWS environment. Embracing cloud technology with AWS can lead to greater scalability, flexibility, and efficiency in your operations!