AWS - IAM Users, Groups and Roles

AWS - IAM Users, Groups and Roles

Day 39 of #90daysofdevops

Task1:

  • Launch the EC2 instance with already installed Jenkins on it. Once the server shows up in the console, hit the IP address in the browser and your Jenkins page should be visible.

  • Take screenshots of the Userdata and Jenkins page, this will verify the task completion.

Task2:

  • Read more on IAM Roles and explain the IAM Users, Groups and Roles in your terms.

  • Create three Roles named: DevOps-User, Test-User and Admin.

Solution

Task 1:

This is a continued task from the previous task.

#!/bin/bash

sudo yum update -y
sudo yum install httpd -y
sudo systemctl start httpd
sudo systemctl enable httpd
cd /var/www/html/
sudo touch index.html
sudo chmod 666 index.html
sudo echo '<div style="text-align:center;font-family:arial;"><h1>New instance created by Neel - Your DevOps Guy</h1></div>' > index.html

sudo amazon-linux-extras install java-openjdk11 -y
sudo wget -O /etc/yum.repos.d/jenkins.repo \
      https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key
sudo yum update -y
sudo yum install jenkins -y
sudo systemctl enable jenkins
sudo systemctl start jenkins

sudo yum install docker -y
sudo systemctl enable docker
sudo systemctl start docker

Before opening the Jenkins portal, make sure you have added the inbound rule of port 8080.


Task 2:

IAM Users: IAM Users are the users of your account with specific access permission of AWS resources. The IAM user represents the human user or workload who uses the IAM user to interact with AWS. A user in AWS consists of a name and credentials.

IAM Groups: An IAM user group is a collection of IAM users. User groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users.

IAM Roles: An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard long-term credentials such as a password or access keys associated with it. Instead, when you assume a role, it provides you with temporary security credentials for your role session.

-----

To create IAM Roles, log in to your AWS root account.

  • Then go to IAM and select "Role" from the left panel.

  • Next, select the trusted entity.

  • After that choose the use case.

  • Then after attach policies.

  • In the last step, assign the name of the role.

  • Similarly, create 3 different roles.