In the previous article, we were given an introduction to user data in the task. So, let us proceed and learn more.
What is User Data in AWS?
Generally, user data in AWS can be referred to bash shell script file.
When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives.
You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).
This will save time and manual effort every time you launch an instance and want to install any application on it like Apache, Docker, Jenkins etc.
IAM (Identity and Access Management)
IAM stands for Identity and Access Management, which is a service provided by Amazon Web Services (AWS) that enables the management of access to AWS resources.
IAM allows the creation and management of users, groups, and permissions to access AWS resources. This service allows the secure control of access to AWS resources, which helps in ensuring the confidentiality, integrity, and availability of data and applications hosted on AWS.
Task-01
Launch the EC2 instance with already installed Jenkins on it. Once the server shows up in the console, hit the IP address in the browser and your Jenkins page should be visible. Take a screenshot of the Userdata and Jenkins page, this will verify the task completion.
As we saw in the previous blog, we created users and gave them full access to EC2 instances. Now, we will log in through the user named Tony-Stark and run this user data to automate the installation of Docker and Jenkins while launching an instance.
The output will look like this, and congrats, the task is completed.
Task-02
Read more on IAM Roles and explain the IAM Users, Groups and Roles in your terms.
IAM Users:
IAM users in AWS refer to Identity and Access Management users. They are entities that represent a person or service that interacts with AWS resources. These users are managed within the AWS account and can be granted specific permissions and access to various resources, such as EC2 instances, S3 buckets, or RDS databases. IAM users are commonly used for managing access and security in AWS environments, as they allow organizations to control who has access to specific resources and what actions they can perform.
IAM Groups:
IAM groups in AWS (Amazon Web Services) are collections of AWS Identity and Access Management (IAM) users. IAM groups make it easy to manage access permissions to AWS resources by defining permissions for a group rather than for individual users. IAM groups simplify the management of permissions and allow you to make changes to the permissions of multiple users at once. You can add or remove users from groups, and modify the permissions assigned to each group. IAM groups are used to assign common policies and permissions to a set of IAM users with similar job responsibilities.
IAM Roles:
IAM Roles in AWS (Identity and Access Management Roles) are a way to manage permissions for resources within an AWS account. These roles can be assigned to users, applications, or services and provide temporary access to resources without the need for permanent credentials or passwords. By using IAM roles, organizations can maintain strict control over who has access to which resources and simplify the process of managing user permissions across different services and accounts.
Create Roles named: DevOps-User and Test-User.
Step 1: Log in to the AWS console and open the IAM service.
Step 2: Next, click on the "Roles" option on the left side of the page, and then click on the "Create Role" button.
Step 3: Choose "AWS service" as the trusted entity type and select the use cases for the services where this role will be used.
Step 4: Then, click "Next" to attach permissions and policies to the role.
The "DevOps-User" role has an "AmazonEC2FullAccess" policy.
Step 5: Review the permissions and Click on "Create role"
Thus DevOps-User role is created.
Repeat the same process with Test-User and Admin roles.
We can provide the "AmazonEC2ReadOnlyAccess" policy to the "Test-User" role, & the "Admin" role with an "AdministratorAccess" policy.
Finally, three Roles created with different policies.
Reference
Thanks for reading my blogs.
Keep learning and Keep growing.