AWS Zero to Hero day 3

Amitabh soniAmitabh soni
4 min read

Table of contents

What is S3 Bucket in AWS?

  • Amazon Simple Storage Service (Amazon S3) is a scalable object storage service provided by Amazon Web Services (AWS). It is designed to store and retrieve any amount of data from anywhere on the web.

  • S3 is commonly used for a variety of purposes, such as backup and restore, archiving, content distribution, and hosting static websites.

  • S3 Documentation: Click me

What is IAM in AWS?

  • IAM stands for Identity and Access Management. IAM is a web service that helps you securely control access to AWS resources. It enables you to manage users, groups, and permissions to securely access and use AWS services and resources.

key components of IAM:

  • Users

  • Groups

  • Roles

  • Policies

  • IAM Documentation: Click me

What is AWSCLI?

  • The AWS Command Line Interface (AWS CLI) is a set of open-source command-line tools for interacting with Amazon Web Services (AWS) services. It allows users to control and manage AWS services directly from the command line, rather than using the AWS Management Console.

  • AWSCLI Documentation: Click me

Tasks:

  1. Make a private S3 bucket in AWS and change the policy so you can access its stuff without making it public.

Note: Task1 will help you to understand how we can secure our S3 buckets.

ans:

  • Bucket created with blocked public access

  • Attached this bucket policy to access, create, and modify the created S3 bucket to particular IAM user

      {
      "Version": "2012-10-17",
      "Statement": [
          {
              "Sid": "AllowUserAccessToBucket",
              "Effect": "Allow",
              "Principal": {
                  "AWS": "arn:aws:iam::851725581476:user/aws-zero-to-hero-course-user"
              },
              "Action": [
                  "s3:GetObject",
                  "s3:PutObject",
                  "s3:ListBucket"
              ],
              "Resource": [
                  "arn:aws:s3:::aws-zero-to-hero-day-3",
                  "arn:aws:s3:::aws-zero-to-hero-day-3/*"
              ]
          }
      ]
  }

  • Then, I clicked on Save changes

  • After that, I launched the instance to test the working of this

  • You can see that i can not access all buckets, i can only access the specified bucket in my bucket policies, even though my IAM user does not have S3 permission

  • You can see that I can upload a file in my bucket without making it public by providing access to particular user in bucket policy

  • Content of test.txt:

  1. Configure AWSCLI on your Ubuntu machine.

    ans :

  2. Create an EC2 instance using AWSCLI.

    Note: Task3 will help you to understand AWSCLI more clearly.
    Hint:Resource to complete task3: EC2 using AWSCLI

    ans:

  • So, I have created the instance using the above guide

  • Which I can SSH too to it.

  • To run an instance with Tag Name, I ran this command: aws ec2 run-instances --image-id=ami-0fc5d935ebf8bc3bc --instance-type=t2.micro --region=us-east-1 --key-name=MyKeyPair --security-groups=my-sg --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=test-instance}]'

  • Note: An Instance will not be SSH if the private key is not properly formatted.

  1. Setting Up AWS IAM for a New Team Member

Scenario: Imagine you're working as an IT administrator at GlobalTech Inc., a multinational company with diverse cloud computing needs. The company heavily relies on AWS services for its operations. You have a new colleague, Alex, who recently joined your team. Alex's role involves monitoring the company's computing resources and managing data storage. Your task is to set up Alex's AWS access.

What needs to be done:

  • Configure AWS IAM (Identity and Access Management) to provide Alex with specific access rights. Alex should be able to:

    • View EC2 Instances: Alex needs to monitor the virtual servers running in the AWS cloud but should not be able to modify them.

    • Create S3 Buckets: Alex is responsible for creating new storage spaces for various projects.

ans:

  • So, I have created the User Alex with EC2ReadOnlyAccess and AmazonS3FullAccess for the above scenario

  • After that I logged in as Alex

  • And i tried to delete the EC2 service but i can not delete it because Alex has only Read permission

  • At the other place, with the permission of S3 full access, I can create bucket and upload object in that

Completed Day 3 of AWS Zero to Hero Challenge

0
Subscribe to my newsletter

Read articles from Amitabh soni directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSDay3DevopsAWS#awswithtwsDevSecOpsaws ccp

Written by

Amitabh soni
Amitabh soni

DevOps Enthusiast | Passionate Learner in Tech | BSc IT Student I’m a second-year BSc IT student with a deep love for technology and an ambitious goal: to become a DevOps expert. Currently diving into the world of automation, cloud services, and version control, I’m excited to learn and grow in this dynamic field. As I expand my knowledge, I’m eager to connect with like-minded professionals and explore opportunities to apply what I’m learning in real-world projects. Let’s connect and see how we can innovate together!