AWS:

Amazon Web Services (AWS) is a comprehensive cloud computing platform provided by Amazon. It offers a range of services such as computing power, storage, databases, networking, machine learning, and security tools, all accessible on-demand. AWS allows businesses and developers to build, deploy, and scale applications without needing to manage physical infrastructure. Its popular services include EC2 (virtual servers), S3 (object storage), RDS (relational databases), and Lambda (serverless computing). It’s known for its scalability, flexibility, and pay-as-you-go pricing model.

IAM:

AWS Identity and Access Management (IAM) is a service that enables you to securely control access to AWS resources. With IAM, you can manage users, groups, roles, and permissions to define who can access specific resources and what actions they can perform. Key features include:

• Users and Groups: Create user accounts and organize them into groups for easier management.

• Roles: Grant temporary access to AWS resources for applications or services without sharing credentials.

• Policies: Attach fine-grained permission rules to users, groups, or roles to control access levels.

• MFA: Enable Multi-Factor Authentication for enhanced security.

IAM is essential for ensuring secure access control across AWS services.

Task1:

Create an IAM user with the username of your wish and grant EC2 Access. Launch your Linux instance through the IAM user that you created now and install Jenkins and docker on your machine via single Shell Script.

Here’s a step to complete the task:

---

1. Create an IAM User with EC2 Access

1. Log in to the AWS Console
   Go to the IAM Dashboard.

2. Create an IAM User

   • Username: Choose a name (e.g., ec2-admin).

   • Access type: Select Programmatic access (for CLI or API).

3. Attach Permissions

   • Select AmazonEC2FullAccess to grant EC2 access.

4. Complete Creation
   Download the access key and secret key for CLI configuration.

---

2. Launch EC2 Linux Instance

1. Configure AWS CLI (on your local machine):
   Run the following command and enter the access key, secret key, region, and output format:

    aws configure
   

2. Launch EC2 Instance via CLI
   Use the AWS CLI to launch an EC2 instance (replace ami-id and key-name):

    aws ec2 run-instances --image-id ami-0abcd12345 --count 1 --instance-type t2.micro --key-name your-key --security-groups default
   

---

3. Shell Script for Jenkins and Docker Installation

Create a shell script that installs Jenkins and Docker:

#!/bin/bash

# Update system
sudo apt update -y
sudo apt upgrade -y

# Install Java (Required for Jenkins)
sudo apt install -y openjdk-11-jdk

# Install Jenkins
wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add -
sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'
sudo apt update -y
sudo apt install -y jenkins

# Start Jenkins
sudo systemctl start jenkins
sudo systemctl enable jenkins

# Install Docker
sudo apt install -y docker.io

# Enable Docker Service
sudo systemctl start docker
sudo systemctl enable docker

# Add Jenkins user to Docker group (for permission)
sudo usermod -aG docker jenkins

echo "Jenkins and Docker installed successfully"

---

4. Execute the Script

1. Copy the script to the EC2 instance:
   Use scp or AWS Systems Manager to upload the script.

2. Run the Script:
   SSH into your instance and run:

    chmod +x install-jenkins-docker.sh
    ./install-jenkins-docker.sh
   

This should install Jenkins and Docker on your EC2 instance.

Task2:

In this task, you need to prepare a DevOps team of avengers. Create 3 IAM users of Avengers and assign them to DevOps groups with the IAM policy.

Here’s how you can create 3 IAM users (Avengers) and assign them to a DevOps group with proper permissions using AWS:

---

1. Create a DevOps Group with a Policy

1. Go to the IAM Console
   Navigate to the IAM dashboard.

2. Create a Group

   • Group Name: DevOps-Avengers

   • Attach Policy:
     Attach the AWS Managed Policy AdministratorAccess or a custom policy (if you want to limit permissions).

Alternatively, to create a custom policy with DevOps-like permissions:

• Click Create Policy → JSON tab → Enter:

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "ec2:*",
            "s3:*",
            "cloudwatch:*",
            "iam:List*",
            "iam:Get*",
            "codepipeline:*",
            "codedeploy:*",
            "eks:*"
          ],
          "Resource": "*"
        }
      ]
    }
  

• Attach this policy to the DevOps-Avengers group.

---

2. Create 3 IAM Users (Avengers)

1. Create Users

   • Usernames:

     • IronMan

     • CaptainAmerica

     • BlackWidow

   • Select Programmatic access (for CLI/API usage).

2. Add to Group

   • Assign each user to the DevOps-Avengers group during user creation.

---

3. Verify the Setup

• Ensure that all 3 users are successfully created and assigned to the DevOps-Avengers group.

• Download each user's credentials for CLI or programmatic access.

---

CLI Option (Automation)

If you prefer using the AWS CLI to automate the process, use the following commands:

1. Create Group

    aws iam create-group --group-name DevOps-Avengers
   

2. Attach Policy (replace PolicyArn with your policy):

    aws iam attach-group-policy --group-name DevOps-Avengers --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
   

3. Create Users and Add to Group

    aws iam create-user --user-name IronMan
    aws iam create-user --user-name CaptainAmerica
    aws iam create-user --user-name BlackWidow
   
    aws iam add-user-to-group --user-name IronMan --group-name DevOps-Avengers
    aws iam add-user-to-group --user-name CaptainAmerica --group-name DevOps-Avengers
    aws iam add-user-to-group --user-name BlackWidow --group-name DevOps-Avengers
   

This setup ensures your Avengers DevOps team has the necessary permissions to manage AWS resources securely.

AWS and IAM Basics

User Data in AWS:

User Data in AWS is a feature that allows you to run custom scripts or commands automatically when an EC2 instance is launched. It’s typically used for configuring the instance, installing software, or initializing settings without manual intervention.

Key Features of User Data

1. Automation: Automates instance setup tasks during boot (e.g., software installation, configuration, downloading files).

2. Shell Script Support: You can provide Linux shell scripts (Bash) or Windows PowerShell scripts.

3. Cloud-Init Support: On Amazon Linux and Ubuntu, User Data leverages the cloud-init package for more complex configurations.

How It Works

• You add the User Data script when launching an EC2 instance (via AWS Management Console, CLI, or SDK).

• When the instance starts, the script is executed once during the first boot.

Example Usage

Linux Example (installing Apache on launch):

#!/bin/bash
sudo yum update -y
sudo yum install httpd -y
sudo systemctl start httpd
sudo systemctl enable httpd

Windows Example (installing IIS):

<powershell>
Install-WindowsFeature -name Web-Server

Best Practices

1. Script Validation: Test your User Data scripts before deployment.

2. Logging: Use logging to track the success or failure of the script (/var/log/cloud-init-output.log for Linux).

3. Re-run Scripts: By default, scripts run only once. To re-run, you can modify the instance metadata or manually trigger it.

User Data is a powerful tool for automating DevOps tasks and simplifying instance configurations in AWS.

Task 3:

• Launch the EC2 instance with already installed Jenkins on it. Once the server shows up in the console, hit the IP address in the browser and your Jenkins page should be visible.

• Take a screenshot of the Userdata and Jenkins page, this will verify the task completion.

To complete Task 3, follow these steps:

---

1. Launch EC2 with Jenkins Pre-installed using User Data

1. Go to AWS EC2 Console:
   Navigate to the AWS EC2 dashboard and click "Launch Instance."

2. Configure Instance Details:

   • AMI: Choose Amazon Linux 2 or Ubuntu (whichever you prefer).

   • Instance Type: t2.micro (or as per your requirement).

   • User Data: Add the following script to install Jenkins automatically:

       #!/bin/bash
       sudo yum update -y
       sudo amazon-linux-extras install java-openjdk11 -y
       sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
       sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
       sudo yum install jenkins -y
       sudo systemctl enable jenkins
       sudo systemctl start jenkins
       sudo yum install docker -y
       sudo systemctl enable docker
       sudo systemctl start docker
       sudo usermod -aG docker jenkins
     

3. Security Group:
   Ensure port 8080 is open to allow access to Jenkins.

4. Launch the Instance.

---

2. Access Jenkins in the Browser

1. Once the instance is running, copy its public IP address.

2. Paste the IP address in the browser with the port 8080:

    http://<EC2-public-IP>:8080
   

3. You should see the Jenkins login or setup page.

---

Task 4:

• Explain the IAM Users, Groups, and Roles in your terms.

• Create three Roles named: DevOps-User, Test-User, and Admin.

Explanation of IAM Users, Groups, and Roles

1. IAM Users:
   Individual identities represent people or applications that need access to AWS resources. Users have their credentials (username, password, or access keys) and specific permissions.

2. IAM Groups:
   A collection of users with shared permissions. Instead of assigning permissions to each user individually, you attach policies to the group, and all users in the group inherit those permissions.

3. IAM Roles:
   Roles provide temporary credentials to allow access to AWS resources. Unlike users, roles are assumed rather than logged into and are typically used for cross-account access or granting permissions to AWS services (e.g., EC2 or Lambda).

---

Steps to Create Roles: DevOps-User, Test-User, Admin

To create these roles, follow these steps:

1. Go to AWS IAM Console:
   Navigate to the IAM dashboard.

2. Create DevOps-User Role:

   • Role Type: AWS service (e.g., EC2).

   • Policy: Attach policies for DevOps-like permissions (e.g., access to EC2, CodePipeline, and S3).

   • Role Name: DevOps-User.

3. Create Test-User Role:

   • Policy: Attach permissions for read-only access or testing environments (e.g., AmazonEC2ReadOnlyAccess, CloudWatchReadOnlyAccess).

   • Role Name: Test-User.

4. Create Admin Role:

   • Policy: Attach AdministratorAccess (full access to AWS services).

   • Role Name: Admin.

---

AWS CLI Option (Automation)

If you want to create these roles via AWS CLI, use the following commands:

1. DevOps-User Role Creation:

    aws iam create-role --role-name DevOps-User --assume-role-policy-document file://trust-policy.json
    aws iam attach-role-policy --role-name DevOps-User --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess
   

2. Test-User Role Creation:

    aws iam create-role --role-name Test-User --assume-role-policy-document file://trust-policy.json
    aws iam attach-role-policy --role-name Test-User --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess
   

3. Admin Role Creation:

    aws iam create-role --role-name Admin --assume-role-policy-document file://trust-policy.json
    aws iam attach-role-policy --role-name Admin --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
   

These steps will set up the three roles with appropriate permissions for different user types in a DevOps workflow.