AWS - IAM create user, add to group and attach policies

AWS - IAM create user, add to group and attach policies

Day 38 of #90daysofdevops

IAM: AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

Tasks

Task 1

Create an IAM user with username of your own wish and grant EC2 Access. Launch your Linux instance through the IAM user that you created now and install jenkins and docker on your machine via single Shell Script.

Task 2

In this task you need to prepare a devops team of avengers. Create 3 IAM users of avengers and assign them in devops groups with IAM policy.

Solutions

Task 1 Solution

Step 1: Specify user details.

  • To begin with, Log in to your AWS account and search IAM.

  • Secondly, click on "Users" from the left panel.

  • Then click on the "Create User" button.

  • Then enter the user name and check(tick) the option given just below it.

  • After that click on "I want to create an IAM user" and choose the password method. Then click on "Next".

Step 2: Set permission

  • Here, click on "Attach policy directly" and search for "EC2FullPermission". Then select it.

  • Click on "Next".

Step 3: Review and Create

  • Review the details and click on "Create user".

Step 4: Retrieve password

  • You can download the credentials of the IAM user by clicking on the download button.

The IAM user has been successfully created.

Step 5: Log out and Log in

  • Log out from your root account and Log in to the IAM user account.

Step 6: Launch EC2

  • Search for EC2 and click on launch instance.

  • Next, fill up the form and at the end in the "Advanced Details" section enter user data.

  • Enter data as given below for installing httpd, jenkins, java, and docker.

  •   sudo yum update -y
      sudo yum install httpd -y
      sudo systemctl start httpd
      sudo systemctl enable httpd
      cd /var/www/html/
      sudo touch index.html
      sudo chmod 666 index.html
      sudo echo '<div style="text-align:center;font-family:arial;"><h1>New instance created by Neel - Your DevOps Guy</h1></div>' > index.html
    
      sudo amazon-linux-extras install java-openjdk11 -y
      sudo wget -O /etc/yum.repos.d/jenkins.repo \
            https://pkg.jenkins.io/redhat-stable/jenkins.repo
      sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key
      sudo yum update -y
      sudo yum install jenkins -y
      sudo systemctl enable jenkins
      sudo systemctl start jenkins
    
      sudo yum install docker -y
      sudo systemctl enable docker
      sudo systemctl start docker
    
  • After this, make sure to add the inbound rule for port 8080 in your security group.

  • After clicking on the "Launch Instance", the instance will be created with mentioned tools installed.

Task 2 Solution

Step 1: Create a User and a Group

  • Create a new user same as mentioned in the above task.

  • In the next step, click on "Create group".

    • Enter the name of the group, attach the policy and click on "Create user group".

    • Next, click on create user.

    • Do the same with the 3rd user, however at this time you need to just select the group in permission policy step.

Step 2: Add a user in the group.

  • click on user groups from the left panel and select the "Avengers" group

  • Then click on Add user button.

  • Select the user and click on add user button.

  • After this step all three users are added to the group. You can also create group first and after that you can add user at once with the last step.

Thank you.