AWS Day 3: Comprehensive Guide to AWS Infrastructure and Access Management: S3 Bucket, AWSCLI, and IAM.

Introducing the comprehensive guide to AWS infrastructure and access management. Explore essential components like S3 Bucket, AWSCLI, EC2, and IAM, vital for building secure and scalable cloud architectures. Learn how S3 provides durable object storage, AWS CLI streamlines management tasks, and EC2 offers resizable compute capacity. Dive into IAM's granular access controls and best practices to ensure robust security and compliance in your AWS environment. Unlock the power of AWS with this essential guide.

What is IAM in AWS?🔐

Security is paramount in the cloud. IAM (Identity and Access Management) is the cornerstone of AWS security, allowing you to control who can access your resources and what actions they can perform. IAM lets you create users, groups, and roles, and define granular permissions through policies. This ensures that only authorized users have access to specific resources, minimizing the risk of unauthorized access or accidental data modification.

What is S3 Bucket in AWS? ✅

Imagine a virtually limitless filing cabinet – that's what Amazon S3 (Simple Storage Service) provides. S3 buckets are secure, scalable storage repositories for your data, from documents and images to application backups. They're incredibly cost-effective and perfect for static content hosting, data archiving, and disaster recovery.

What is AWSCLI? 👩‍💻

While the AWS Management Console offers a user-friendly interface, the AWS CLI empowers you to manage your AWS resources directly from the command line. This allows for scripting automation, batch operations, and integration with other tools. Whether you're a seasoned developer or just starting with the command line, the AWS CLI is a powerful tool to master.

Let's do some hands-on practice on this topic...🐱‍👤:

1. Setting Up AWS IAM for a New Team Member

   Scenario: Imagine you're working as an IT administrator at GlobalTech Inc., a multinational company with diverse cloud computing needs. The company heavily relies on AWS services for its operations. You have a new colleague, Alex, who recently joined your team. Alex's role involves monitoring the company's computing resources and managing data storage. Your task is to set up Alex's AWS access.

   What needs to be done:

   • Configure AWS IAM (Identity and Access Management) to provide Alex with specific access rights. Alex should be able to:

   • View EC2 Instances: Alex needs to monitor the virtual servers running in the AWS cloud but should not be able to modify them.

-> First Go to the AWS Management Console and sign in with your administrator account credentials.

-> Once signed in, navigate to the IAM service.

-> Create a New IAM User for Alex:

• Enter a username for Alex (e.g., "Alex").

• Choose the access type. Since Alex will be accessing AWS programmatically (via API) and through the console, select both "Programmatic access" and "AWS Management Console access".

-> Set a the below Permission for the user:

-> Click "Create user".

After the user is created, you'll be prompted to download a CSV file containing the access key ID and secret access key for Alex. Keep this information secure, as it will be needed to configure access programmatically.

Once these steps are completed, Alex will have the necessary access rights to view EC2 instances in the AWS cloud without being able to modify them.

2. Make a private S3 bucket in AWS and change the policy so you can access its stuff without making it public.

   • First open S3 service by clicking on "Services" at the top left corner, then selecting "S3" under "Storage".

   • Click on the "Create bucket" button. Provide a unique name for your bucket, select the region where you want to create it, and click "Next".

• After creating the bucket, click on it, and in the "Set permissions" section, uncheck the "Block all public access" option. This ensures that the bucket won't have public access by default.

• After that, you need to define a bucket policy to control access to the bucket.

• For that click on the policy generator Here's bucket policy that allows only your AWS account to access the bucket:

• Select policy type, copy your bucket arn here, and click on Add Statement.

• Then click on generate policy. From this screen, copy your policy and paste it in the bucket policy section.

• Go to the Permissions tab of your bucket in the S3 console. Click on "Bucket Policy" and paste the policy JSON and add /* after your arn in the resource object. Click "Save" to apply the policy.

• Go to your bucket and click on the object to which you have uploaded it, and click on the object url. Now you can access your private bucket publicly.

3. Configure AWS CLI on your Ubuntu machine and Create an EC2 instance.

• Install AWS CLI: If you haven't already installed the AWS CLI, you can do so by running the following command in your terminal:

sudo apt-get update
sudo snap install aws-cli --classic

• Configure AWS CLI: After installation, you need to configure the AWS CLI with your AWS credentials. Run the following command:

aws configure

• You'll be prompted to enter your AWS Access Key ID, Secret Access Key, default region, and output format. You can find your Access Key ID and Secret Access Key in the AWS Management Console under IAM (Identity and Access Management) > Users > (Your User) > Security credentials.

AWS Access Key ID [None]:
AWS Secret Access Key [None]:
Default region name [None]:
Default output format [None]:

• Create an EC2 Instance: Once the AWS CLI is configured, you can create an EC2 instance using the aws ec2 run-instances command. Here's an command to create a basic EC2 instance:

aws ec2 run-instances --image-id ami-09040d770ffe2224f --key-name ec2_key --instance-type t2.micro

• To see the status of your instance, execute the below comand:

aws ec2 describe-instances --instance-ids i-01e5b2a3786db80bd

Conclusion:

By mastering S3 buckets, IAM, and the AWS CLI, you've unlocked a powerful trio for managing your AWS infrastructure. Remember, security is always a top priority. Leverage IAM to maintain tight control over access, and utilize the AWS CLI to streamline your workflow and become a true AWS ninja.

This blog post is just a starting point. As you delve deeper into AWS, explore the vast documentation and tutorials available to unlock the full potential of these services and conquer your cloud environment. Happy learning...!😄