Getting Started with AWS: A Practical Guide to S3, IAM, EC2, and AWS CLI

Abhishek NegiAbhishek Negi
4 min read

In today's cloud-first world, Amazon Web Services (AWS) provides scalable solutions for everything from data storage to computing. In this blog, we will cover some key AWS services and tools, including:

  • Amazon S3 for scalable object storage.

  • IAM (Identity and Access Management) for secure resource management.

  • AWS CLI for efficient command-line operations.

  • How to create EC2 instances using AWS CLI.

  • Setting up AWS IAM access for a new team member.

These tasks will provide you with hands-on experience and a deeper understanding of how to work securely and effectively within the AWS ecosystem.

Section 1: What is Amazon S3 and How to Secure Your Bucket

What is Amazon S3?
Amazon Simple Storage Service (S3) is a scalable object storage service that allows you to store and retrieve any amount of data from anywhere on the web. It's widely used for backup, archiving, content distribution, and hosting static websites.

Why Use S3?

  • Scalability: Store virtually unlimited data without worrying about running out of space.

  • Security: Protect your data with multiple encryption options and access control mechanisms.

  • Cost-Effective: Pay only for the storage you use.

How to Secure an S3 Bucket:
Creating an S3 bucket and securing it from unauthorized access is crucial to maintaining data confidentiality. Here’s how to do it:

  1. Create a Private S3 Bucket:

    • Navigate to the S3 Console.

    • Click Create Bucket and provide a unique name (e.g., my-private-bucket).

    • Choose a region for your bucket.

    • Make sure to uncheck the option Block all public access to keep it private.

  2. Set Bucket Policy:
    To ensure that only authorized users can access the bucket, apply the following policy in the Bucket Policy section:

     jsonCopy{
   "Version": "2012-10-17",
   "Statement": [
     {
       "Sid": "DenyPublicAccess",
       "Effect": "Deny",
       "Principal": "*",
       "Action": "s3:GetObject",
       "Resource": "arn:aws:s3:::my-private-bucket/*",
       "Condition": {
         "StringEquals": {
           "aws:PrincipalAccount": "YOUR_ACCOUNT_ID"
         }
       }
     }
   ]
 }

    Replace "YOUR_ACCOUNT_ID" with your actual AWS account ID.

This ensures that only users from your AWS account can access the files within the bucket.

Section 2: Setting Up AWS CLI on Ubuntu

What is AWS CLI?
The AWS Command Line Interface (CLI) is an open-source tool that lets you interact with AWS services via the terminal, eliminating the need for the AWS Management Console.

Installing and Configuring AWS CLI on Ubuntu:

  1. Install AWS CLI:
    Open your terminal and run the following command to install AWS CLI:

     sudo apt update
 sudo apt install awscli -y

  2. Configure AWS CLI:
    After installation, configure AWS CLI by running:

     aws configure

    You’ll be prompted to enter the following details:

    • AWS Access Key ID: Found in the IAM console under your user credentials.

    • AWS Secret Access Key: Also found in the IAM console.

    • Default region name: Choose a region, such as us-east-1.

    • Default output format: Choose json or text.

This will enable you to interact with AWS resources directly from the command line.

Section 3: Creating an EC2 Instance Using AWS CLI

What is an EC2 Instance?
EC2 (Elastic Compute Cloud) provides resizable compute capacity in the cloud. It is essentially a virtual server that you can configure according to your needs.

How to Create an EC2 Instance via AWS CLI:

  1. Launch an EC2 Instance:
    To launch an EC2 instance, use the following command:

     aws ec2 run-instances \
   --image-id ami-xxxxxxxxxxxxxxxxx \
   --count 1 \
   --instance-type t2.micro \
   --key-name MyKeyPair \
   --security-group-ids sg-xxxxxxxx \
   --subnet-id subnet-xxxxxxxx

    Replace the placeholders as follows:

    • image-id: AMI ID you want to use (e.g., Amazon Linux 2).

    • instance-type: The type of EC2 instance (e.g., t2.micro).

    • key-name: SSH key pair to access your instance.

    • security-group-ids: Security group ID to apply to the instance.

    • subnet-id: The subnet where the instance will be launched.

  2. Verify the Instance:
    After the instance is created, check its status with:

     aws ec2 describe-instances --instance-ids i-xxxxxxxxxxxx

Section 4: Setting Up AWS IAM for a New Team Member (Alex)

Scenario:
Alex is a new team member at GlobalTech Inc., and you need to configure his AWS access. His responsibilities include monitoring EC2 instances and creating S3 buckets, but he should not have permission to modify EC2 instances.

Steps to Configure IAM for Alex:

  1. Create a New IAM User:

    • Go to the IAM Console.

    • Click Add user, enter alex as the username.

    • Select Programmatic access and AWS Management Console access.

    • Set a password for Alex’s console access.

  2. Assign Policies:

    • For View EC2 Instances: Attach the AmazonEC2ReadOnlyAccess policy.

    • For Create S3 Buckets: Attach the AmazonS3FullAccess policy.

  3. Review and Create User:
    After reviewing the details, click Create User.

  4. Share the Credentials:
    Provide Alex with the access credentials, including the Access Key, Secret Key, and Console Login URL.

Conclusion:

In this blog, we’ve covered the basics of Amazon S3, IAM, AWS CLI, and EC2, along with practical examples to help you get started. By following these best practices and instructions, you can effectively manage AWS resources, automate tasks using the CLI, and securely grant access to team members.

Key Takeaways:

  • Always secure your S3 buckets by setting appropriate access policies.

  • Use AWS CLI for efficient management of AWS resources.

  • Apply the principle of least privilege when setting IAM permissions.

0
Subscribe to my newsletter

Read articles from Abhishek Negi directly inside your inbox. Subscribe to the newsletter, and don't miss out.

ec2EC2 instanceS3-bucket

Written by

Abhishek Negi
Abhishek Negi