AWS IAM: Creating a User with EC2 Access and Installing Jenkins and Docker on Linux Instance

Introduction

Amazon Web Services (AWS) provides a wide range of services for businesses of all sizes. One of the most important services for managing your AWS resources is AWS Identity and Access Management (IAM). In this blog, we will discuss what IAM is, its benefits, and how to use it effectively.

What is AWS IAM?

AWS IAM is a web service that enables you to manage access to AWS services and resources securely. It allows you to create and manage AWS users and groups, and control access to AWS resources by creating policies that determine what actions can be performed on those resources.

The benefits of using AWS IAM

Using AWS IAM has several benefits for businesses, including:

1. Secure access to AWS resources: IAM allows you to control who can access your AWS resources, and what they can do with them. This helps you maintain the security of your AWS environment and protect sensitive data.

2. Granular control: IAM enables you to grant different levels of access to different users, depending on their roles and responsibilities. This helps you maintain a least privilege access model and reduces the risk of accidental or intentional data breaches.

3. Centralized management: IAM allows you to manage all your AWS users, groups, and policies from a single location. This helps you save time and effort, and ensures consistency across your AWS environment.

4. Compliance: IAM helps you meet compliance requirements by providing detailed audit logs and reports that show who has accessed your AWS resources, when, and what actions they performed.

Task 1: Creating an IAM User with EC2 Access and Installing Jenkins and Docker

Steps and Shell Script to create an IAM user with EC2 access, launch a Linux instance through the IAM user, and install Jenkins and Docker on the instance via a single Shell Script:

Step 1: Create an IAM user

1. Log in to your AWS account and navigate to the IAM console.

2. Click on "Users" and then click on the "Add user" button.

3. Enter a username of your choice and select "Programmatic access" and "AWS Management Console access" as the access type.

4. Click "Next" and then create a password or let AWS generate one for you.

5. Click "Next" again and then add the user to a group or create a new group with the appropriate permissions.

6. Click "Next" and then review the user details before clicking "Create user".

7. Take note of the Access key ID and Secret access key, as you will need them later.

Step 2: Launch a Linux instance through the IAM user

1. Log in to the AWS Management Console using the IAM user you just created.

   

2. Navigate to the EC2 console and click on "Launch Instance".

   

3. Choose a Linux AMI that is compatible with Jenkins and Docker, such as Amazon Linux 2.

   

4. Select an instance type, such as t2.micro, and configure the instance details as needed.

   

5. In the "Configure Security Group" step, create a new security group and allow inbound traffic on ports 22, 80, and 8080.

6. Review the instance details and launch the instance.

Step 3: Install Jenkins and Docker via Shell Script

1. Connect to your instance using SSH or another remote connection method.

   

2. Create a new Shell Script file with the following content:

#!/bin/bash

# Update package repositories
sudo yum update -y

# Install Jenkins
sudo yum install java-devel
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io.key
sudo yum install -y jenkins

# Install Docker
sudo yum install -y docker
sudo service docker start
sudo usermod -aG docker $USER

# Start Jenkins and Docker on boot
sudo systemctl enable jenkins.service
sudo systemctl enable docker.service

1. Save the file as "install-jenkins-docker.sh".

2. Make the file executable by running the command: chmod +x install-jenkins-docker.sh.

3. Run the Shell Script by running the command: ./install-jenkins-docker.sh.

   

4. Wait for the installation process to complete.

5. Access Jenkins by navigating to the instance's public IP address on port 8080 in your web browser.

   

That's it! 🥳🥳You have now created an IAM user with EC2 access, launched a Linux instance through the IAM user, and installed Jenkins and Docker on the instance via a single Shell Script.

Task 2: Creating a DevOps Team of Avengers with IAM Users and Policies

Steps to create a DevOps team of avengers by creating 3 IAM users and assigning them to a DevOps group with the appropriate IAM policy:

Step 1: Create the IAM Users

1. Log in to your AWS account and navigate to the IAM console.

2. Click on "Users" and then click on the "Add user" button.

   

3. Enter a username of your choice for the first DevOps team member and select "Programmatic access" and "AWS Management Console access" as the access type.

   

4. Click "Next" and then create a password or let AWS generate one for you.

5. Click "Next" again and then add the user to a group or create a new group called "Avengers DevOps Group".

6. Click "Next" and then review the user details before clicking "Create user".

   

7. Repeat these steps to create two more IAM users for the other two DevOps team members.

Step 2: Create an IAM policy

1. Navigate to the IAM console and click on "Policies".

2. Click on the "Create policy" button.

3. Choose the "JSON" tab and enter the following policy document:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "iam:*",
      "Resource": "*"
    }
  ]
}

This policy allows the DevOps team members to have full access to EC2, S3, and IAM.

1. Click "Review policy".

2. Enter a name and description for the policy.

3. Click "Create policy".

Step 3: Assign the IAM policy to the DevOps group

1. Navigate to the IAM console and click on "Groups".

2. Click on the "Avengers DevOps Group" group that you created earlier.

3. Click on the "Permissions" tab.

4. Click on the "Attach Policy" button.

5. Search for the policy you just created and select it.

6. Click "Attach policy".

Step 4: Assign the IAM users to the DevOps group

1. Navigate to the IAM console and click on "Groups".

2. Click on the "Avengers DevOps Group" group that you created earlier.

3. Click on the "Members" tab.

4. Click on the "Add Users to Group" button.

5. Select the three IAM users you created earlier.

6. Click "Add Users".

That's it! You have now created a DevOps team of avengers by creating 3 IAM users and assigning them to a DevOps group with the appropriate IAM policy. The team members will now have full access to EC2, S3, and IAM.