#DAY3-S3 Bucket, IAM & AWS CLI

Shefali MishraShefali Mishra
5 min read

Amazon S3 in AWS

Amazon Simple Storage Service (Amazon S3) is a scalable object storage solution provided by Amazon Web Services (AWS). Engineered to handle the storage and retrieval of data seamlessly, it empowers users to manage any volume of data effortlessly, irrespective of location or time.

Commonly utilized for tasks like backup and restore, archiving, content distribution, and hosting static websites, S3 serves as a versatile and reliable storage option within the AWS ecosystem.

IAM in AWS

IAM, or Identity and Access Management, is a crucial web service within Amazon Web Services (AWS). Functioning as a robust security tool, IAM allows users to exercise secure control over access to AWS resources. This service facilitates the management of users, groups, and permissions, ensuring a secure and streamlined approach to accessing and utilizing AWS services and resources.

Key components of IAM include Users, Groups, Roles, and Policies, each playing a distinct role in the management of access controls.

AWS CLI

The AWS Command Line Interface (AWS CLI) comprises a collection of open-source command-line tools designed for seamless interaction with Amazon Web Services (AWS) services. Offering a direct command-line interface, AWS CLI enables users to efficiently control and manage AWS services without relying on the AWS Management Console.

Tasks:

TASK 1- Make a private S3 bucket in AWS and change the policy so you can access its stuff without making it public.

Creating a Private S3 Bucket:

  1. Access AWS Console: Log in to AWS and find the S3 service.

  2. Bucket Creation: Click "Create Bucket" and follow the prompts, ensuring the bucket is private.

  3. Policy Adjustment: Modify the bucket policy to allow your IAM user access while keeping it private.

TASK 2- Configure AWSCLI on your Ubuntu machine.

  1. Install AWS CLI using curl and unzip: Open a terminal and run the following commands:
  •    # Install unzip if not already installed
   sudo apt update
   sudo apt install unzip

   # Download and install AWS CLI using curl
   curl "https://d1vvhvl2y92vvt.cloudfront.net/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
   unzip awscliv2.zip
   sudo ./aws/install

  • Configure AWS CLI: After installing the AWS CLI, you still need to configure it. Run the following command:

 aws configure

Enter your AWS access key, secret key, default region, and output format as prompted.

Example:

  •    AWS Access Key ID [None]: YOUR_ACCESS_KEY
   AWS Secret Access Key [None]: YOUR_SECRET_KEY
   Default region name [None]: YOUR_REGION
   Default output format [None]: json

    Replace YOUR_ACCESS_KEY, YOUR_SECRET_KEY, and YOUR_REGION with your actual AWS access key, secret key, and desired region.

    Note: Keep your AWS credentials secure.

  • Verify Configuration: To verify that the configuration is successful, you can run a simple command such as:

  1.   aws s3 ls

    If your configuration is correct, it should list your S3 buckets.

Now you have the AWS CLI installed and configured on your Ubuntu machine using curl and unzip.

TASK 3 -

Create an EC2 instance using AWSCLI.

Step1: Install aws cli

Step2:Create key pair

aws ec2 create-key-pair --key-name mydemokey

Step3: Create Security group to attach to ec2 instance

aws ec2 create-security-group --group-name=mynew-sg --description="My security group"

Now, Copy that security group's id

Step4:Add inbound rule to security group

aws ec2 authorize-security-group-ingress --group-id=sg-00f062ee58f0beb73 --protocol=tcp --port=443 --cidr=0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-id=sg-00f062ee58f0beb73 --protocol=tcp --port=22 --cidr=0.0.0.0/0
aws ec2 authorize-security-group-ingress --group-id=sg-00f062ee58f0beb73 --protocol=tcp --port=80 --cidr=0.0.0.0/0

Step5: Create instance

aws ec2 run-instances --image-id=ami-0fc5d935ebf8bc3bc --instance-type=t2.micro --region=us-east-1 --key-name=mydemokey --security-groups=mynew-sg

Now, navigate to your ec2 dashboard. you can see the instance(demo-ec2) there.

TASK 4 - Setting Up AWS IAM for a New Team Member

Scenario: Imagine you're working as an IT administrator at Global Tech Inc., a multinational company with diverse cloud computing needs. The company heavily relies on AWS services for its operations. You have a new colleague, Alex, who recently joined your team. Alex's role involves monitoring the company's computing resources and managing data storage. Your task is to set up Alex's AWS access.

What needs to be done:

  • Configure AWS IAM (Identity and Access Management) to provide Alex with specific access rights. Alex should be able to:

    • View EC2 Instances: Alex needs to monitor the virtual servers running in the AWS cloud but should not be able to modify them.

    • Create S3 Buckets: Alex is responsible for creating new storage spaces for various projects.

Solution:

Step1: Creating a New IAM User-For our new member ALEX, create an IAM user-named as "alex".Specify the user details and choose programmatic access for AWS CLI usage.

Step2: Assigning IAM Policies -IAM policies define permissions. For Alex's role, we'll create custom policies to grant access to monitor EC2 instances and create S3 bucket.

Creating an EC2 Monitoring Policy:

  1. Policy Creation: Craft a new IAM policy named "EC2-Monitoring-Policy" allowing the ec2:DescribeInstances action.
{
     "Version":"2012-10-17",
     "Statement":[
        {
           "Effect":"Allow",
           "Action":"ec2:DescribeInstances",
           "Resource":"*"
        }
     ]
  }

2.Attaching the Policy: Attach this policy to Alex's IAM user. Now, Alex has the capability to view, but not modify, EC2 instances.

S3 Bucket Creation Policy:

  1. Policy Creation: create a new IAM policy named "S3-Bucket-Creation-Policy" granting the s3:CreateBucket action.
{
     "Version":"2012-10-17",
     "Statement":[
        {
           "Effect":"Allow",
           "Action":"s3:CreateBucket",
           "Resource":"*"
        }
     ]
  }
  1. Attaching the Policy: Attach this policy to Alex's IAM user. Now, Alex holds the authority to create S3 buckets.

Testing Alex's Access:

1)Now, Alex can utilize the AWS CLI with the configured credentials to execute the command 'aws ec2 describe-instances,' which will provide information about the EC2 instances.

2)Next, Allow Alex to execute the command aws s3 mb s3://new-demo1-bucket1 and verify the results in the S3 bucket dashboard.

The bucket named 'new-demo1-bucket1' has been successfully created.

Thanks for reading my article of Day3 on AWS S3, IAM, CLI.

0
Subscribe to my newsletter

Read articles from Shefali Mishra directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#amazoncliTrainWithShubhamamazonwebservices

Written by

Shefali Mishra
Shefali Mishra