AWS IAM: Creating a User with EC2 Access and Installing Jenkins and Docker on Linux Instance
Introduction
Amazon Web Services (AWS) provides a wide range of services for businesses of all sizes. One of the most important services for managing your AWS resources is AWS Identity and Access Management (IAM). In this blog, we will discuss what IAM is, its benefits, and how to use it effectively.
What is AWS IAM?
AWS IAM is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (Signed-In) and authorized (has permission) to use resources.
You can create 5000 users, 300 groups and 1000 Roles in one AWS account and you can add one user in a maximum of 10 groups.
Features of IAM:-
Shared access to your AWS account.
Granular Permission: According to the level of the user you can give access to them.
Secure access to AWS resources for applications that run on Amazone EC2.
Multifactor Authentication (MFA): For extra security purposes.
Identity Federation
Task1:
Create an IAM user with the username of your own wish and grant EC2 Access. Launch your Linux instance through the IAM user that you created now and install jenkins and docker on your machine via single Shell Script.
Task2:
In this task you need to prepare a devops team of avengers. Create 3 IAM users of avengers and assign them in devops groups with IAM policy.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Task1: Created our own IAM User with the name EC2
As shown in the above picture we have created an EC2 user with AmazoneEC2FullAccess policy.
Go to the Security credentials and update the password and enable console access. Just open the Console Sign-in link and try to log in with your username and password.
We have successfully logged in as IAM user and created one instance with the name Ubuntu.
Now we have to install docker and Jenkins in created Ubuntu machine. For this, we are writing one simple shell script.
and give executable permission to the shell script file.
Check whether your Jenkins is running or not using the below command.
All are you know Jenkins runs on port number 8080. Open this port in the security group to access Jenkins on a web browser.
Go to the Security groups and Edit inbound rules add 8080 port number and save it.
Now open the 8080 port with the public IP address of the system and you will get the Jenkins page.
open the above path and you will get administrator password for the same
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Task2:- Creating a DevOps Team of Avengers with IAM Users and Policies
Steps to create a DevOps team of avengers by creating 3 IAM users and assigning them to a DevOps group with the appropriate IAM policy.
Step 1: Create the IAM Users
Log in to your AWS account and navigate to the IAM console.
Click on "Users" and then click on the "Add user" button.
Likewise, you can create other two users and add them to the DevOps group.
Step 2: Create an IAM policy
Navigate to the IAM console and click on "Policies".
Click on the "Create policy" button.
Choose the "JSON" tab and enter the following policy document:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:*",
"Resource": "*"
}
]
}
This policy allows the DevOps team members to have full access to EC2, S3, and IAM.
Click "Review policy".
Enter a name and description for the policy.
Click "Create policy".
Step 3: Assign the IAM policy to the DevOps group
Navigate to the IAM console and click on "Groups".
Click on the "Avengers DevOps Group" group that you created earlier.
Click on the "Permissions" tab.
Click on the "Attach Policy" button.
Search for the policy you just created and select it.
Click "Attach policy".
That's it! You have now created a DevOps team of Avengers by creating 3 IAM users and assigning them to a DevOps group with the appropriate IAM policy. The team members will now have full access to EC2, S3, and IAM.
