Skip to main content
HashnodeAmitabh Soni

Command Palette

Search for a command to run...

AWS Zero to Hero day 3

Updated
4 min read
AWS Zero to Hero day 3
A
Amitabh soni

Final-year BSc IT student and DevOps Engineer with strong hands-on experience in AWS and cloud-native technologies. I focus on building, deploying, and automating reliable systems using modern DevOps practices.

I have practical experience working with Docker and Kubernetes for containerization and orchestration, Terraform and Ansible for infrastructure automation, and CI/CD pipelines using Jenkins, GitHub Actions, and AWS CodePipeline. I enjoy solving real-world problems related to deployment, scalability, and system reliability.

What is S3 Bucket in AWS?

  • Amazon Simple Storage Service (Amazon S3) is a scalable object storage service provided by Amazon Web Services (AWS). It is designed to store and retrieve any amount of data from anywhere on the web.

  • S3 is commonly used for a variety of purposes, such as backup and restore, archiving, content distribution, and hosting static websites.

  • S3 Documentation: Click me

What is IAM in AWS?

  • IAM stands for Identity and Access Management. IAM is a web service that helps you securely control access to AWS resources. It enables you to manage users, groups, and permissions to securely access and use AWS services and resources.

key components of IAM:

  • Users

  • Groups

  • Roles

  • Policies

  • IAM Documentation: Click me

What is AWSCLI?

  • The AWS Command Line Interface (AWS CLI) is a set of open-source command-line tools for interacting with Amazon Web Services (AWS) services. It allows users to control and manage AWS services directly from the command line, rather than using the AWS Management Console.

  • AWSCLI Documentation: Click me

Tasks:

  1. Make a private S3 bucket in AWS and change the policy so you can access its stuff without making it public.

Note: Task1 will help you to understand how we can secure our S3 buckets.

ans:

  • Bucket created with blocked public access

  • Attached this bucket policy to access, create, and modify the created S3 bucket to particular IAM user

      {
      "Version": "2012-10-17",
      "Statement": [
          {
              "Sid": "AllowUserAccessToBucket",
              "Effect": "Allow",
              "Principal": {
                  "AWS": "arn:aws:iam::851725581476:user/aws-zero-to-hero-course-user"
              },
              "Action": [
                  "s3:GetObject",
                  "s3:PutObject",
                  "s3:ListBucket"
              ],
              "Resource": [
                  "arn:aws:s3:::aws-zero-to-hero-day-3",
                  "arn:aws:s3:::aws-zero-to-hero-day-3/*"
              ]
          }
      ]
  }

  • Then, I clicked on Save changes

  • After that, I launched the instance to test the working of this

  • You can see that i can not access all buckets, i can only access the specified bucket in my bucket policies, even though my IAM user does not have S3 permission

  • You can see that I can upload a file in my bucket without making it public by providing access to particular user in bucket policy

  • Content of test.txt:

  1. Configure AWSCLI on your Ubuntu machine.

    ans :

  2. Create an EC2 instance using AWSCLI.

    Note: Task3 will help you to understand AWSCLI more clearly.
    Hint:Resource to complete task3: EC2 using AWSCLI

    ans:

  • So, I have created the instance using the above guide

  • Which I can SSH too to it.

  • To run an instance with Tag Name, I ran this command: aws ec2 run-instances --image-id=ami-0fc5d935ebf8bc3bc --instance-type=t2.micro --region=us-east-1 --key-name=MyKeyPair --security-groups=my-sg --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=test-instance}]'

  • Note: An Instance will not be SSH if the private key is not properly formatted.

  1. Setting Up AWS IAM for a New Team Member

Scenario: Imagine you're working as an IT administrator at GlobalTech Inc., a multinational company with diverse cloud computing needs. The company heavily relies on AWS services for its operations. You have a new colleague, Alex, who recently joined your team. Alex's role involves monitoring the company's computing resources and managing data storage. Your task is to set up Alex's AWS access.

What needs to be done:

  • Configure AWS IAM (Identity and Access Management) to provide Alex with specific access rights. Alex should be able to:

    • View EC2 Instances: Alex needs to monitor the virtual servers running in the AWS cloud but should not be able to modify them.

    • Create S3 Buckets: Alex is responsible for creating new storage spaces for various projects.

ans:

  • So, I have created the User Alex with EC2ReadOnlyAccess and AmazonS3FullAccess for the above scenario

  • After that I logged in as Alex

  • And i tried to delete the EC2 service but i can not delete it because Alex has only Read permission

  • At the other place, with the permission of S3 full access, I can create bucket and upload object in that

Completed Day 3 of AWS Zero to Hero Challenge

#awsday3#devops#aws#awswithtws#devsecops#aws-ccp

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Amitabh Soni

90 posts