Day 39 of 90 Days of DevOps Challenge: AWS and IAM Basics ☁️
Welcome back, DevOps enthusiasts! By now, you've manually launched EC2 instances and installed applications like Jenkins and Docker. Today, we’re stepping into the world of automation—let's make your life easier by automating these repetitive tasks! 🚀 Sounds interesting, right? Let's dive in!
Today's Tasks
Task 1: Launch EC2 Instance with Pre-installed Jenkins Using User Data
In this task, you'll launch an EC2 instance and use User Data to automate the installation of Jenkins. User Data allows you to run a script when the instance starts, saving time and reducing manual steps.
Step-by-Step Guide:
Sign in to AWS Management Console:
Navigate to AWS Console.
Log in with your AWS credentials.
Launch an EC2 Instance:
Go to EC2 by typing "EC2" in the search bar at the top of the AWS Management Console and selecting EC2 from the dropdown.
Click Launch Instance.
Choose AMI (Amazon Machine Image):
- Select Amazon Linux 2 AMI (HVM) (free tier eligible).
Choose Instance Type:
Choose the t2.micro instance type (free tier eligible).
Click Next: Configure Instance Details.
Configure Instance Details:
In the Advanced Details section, you will see a field labeled User Data. Here, you can add your script for automating the setup.
Copy and paste the following User Data script to install Jenkins:
#!/bin/bash
# Update the instance
sudo apt update -y
# Install Java (OpenJDK 11)
sudo apt install openjdk-17-jdk -y
# Add Jenkins repository and install Jenkins
wget -q -O - https://pkg.jenkins.io/debian/jenkins.io.key | sudo tee /usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian binary/ | sudo tee /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt update -y
sudo apt install jenkins -y
# Start and enable Jenkins
sudo systemctl start jenkins
sudo systemctl enable jenkins
# Install Docker
sudo apt install docker.io -y
sudo systemctl start docker
sudo systemctl enable docker
# Add 'docker' group permissions to both 'ubuntu' user and 'jenkins' user
sudo usermod -aG docker $USER
sudo usermod -aG docker jenkins
# Restart Jenkins to apply Docker group changes
sudo systemctl restart jenkins
Add Storage:
- Keep the default storage settings (usually 8 GiB) unless you need more.
Add Tags (Optional):
Tag your instance for easy identification. For example:
- Key:
Name
, Value:Jenkins-Instance
- Key:
Configure Security Group:
Create a new security group.
Add the following Inbound Rules:
SSH: Port 22 (for accessing your instance via SSH).
HTTP: Port 80 (to access Jenkins in the browser).
Click Review and Launch.
Launch the Instance:
Choose an existing key pair or create a new one to access your instance.
Launch your instance.
Access Jenkins:
Once your instance is running, grab the Public IP address from the EC2 dashboard.
In your browser, go to:
http://<Your-Instance-Public-IP>:8080
to access Jenkins.The Jenkins setup wizard should be displayed.
Take Screenshots:
Capture a screenshot of the User Data you entered.
Capture a screenshot of the Jenkins setup wizard.
Task 2: Understanding IAM Roles
In this task, you'll explore IAM Roles, Users, and Groups in AWS and create IAM Roles for your DevOps team.
Step-by-Step Guide:
Sign in to AWS Management Console:
- Go to AWS Console and log in.
Navigate to IAM (Identity and Access Management):
- In the AWS Console, search for IAM and click on it.
Learn About IAM:
IAM lets you manage access to AWS services and resources securely. With IAM, you can:
Users: Create individual identities for people in your team.
Groups: Manage multiple users by grouping them and applying common permissions.
Roles: Assign permissions to AWS services or applications, allowing them to assume certain privileges.
Create IAM Users:
In the IAM dashboard, go to Users > Add Users.
Create 3 users: DevOps-User, Test-User, and Admin.
Select the Programmatic access and AWS Management Console access for each user.
Create IAM Groups:
Navigate to Groups in the IAM dashboard.
Create 3 groups: DevOps-Team, Test-Team, and Admin-Team.
Add the corresponding users to each group.
Assign Policies to the Groups:
For each group, assign appropriate IAM policies that give them access to the resources they need:
DevOps-Team: Assign policies that allow full EC2, S3, and IAM access.
Test-Team: Assign limited permissions, like read-only access to EC2.
Admin-Team: Assign the AdministratorAccess policy for full permissions across all AWS resources.
Create IAM Roles:
Navigate to Roles in the IAM dashboard.
Click Create Role and select the AWS service option. Choose EC2 to allow the role to access EC2 services.
Create the following roles:
DevOps-User: Attach a policy with access to EC2, S3, and Jenkins.
Test-User: Attach a read-only policy for testing purposes.
Admin: Attach the AdministratorAccess policy for full permissions.
Review and Save:
Review all your configurations and ensure that the correct users, groups, and roles have the appropriate permissions.
Take a screenshot of the users, groups, and roles you've created.
Task Summary:
Task 1: Automate the setup of Jenkins on an EC2 instance using User Data.
Task 2: Create and manage IAM Users, Groups, and Roles to understand how AWS handles permissions.
By the end of today’s tasks, you'll have automated the Jenkins setup using AWS EC2 user data and built a clear understanding of how IAM users, groups, and roles work.
Conclusion
In Day 39, we dove deeper into AWS with a focus on EC2 User Data and IAM roles, adding more automation to our deployment processes. You now know how to leverage EC2 User Data to automate application installations during instance launch, saving valuable time. Additionally, we explored IAM roles to better control user access, ensuring security and effective resource management in AWS.
Keep pushing your AWS and DevOps knowledge, and don’t forget to share your progress with #90DaysOfDevOps! 🚀