AWS Classroomnotes 27/Aug/2022

IAM Roles

  • IAM Roles is permission given to AWS service/resource to access other AWS Resources

Lab Setup

  • Create an ec2 instance with Amazon Linux.
    Preview
  • Create a IAM Policy which allows users to do any operations on s3 and ec2
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*",
                "s3-object-lambda:*"
            ],
            "Resource": "*"
        },
        {
            "Action": "ec2:*",
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "elasticloadbalancing:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "cloudwatch:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "autoscaling:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "iam:AWSServiceName": [
                        "autoscaling.amazonaws.com",
                        "ec2scheduled.amazonaws.com",
                        "elasticloadbalancing.amazonaws.com",
                        "spot.amazonaws.com",
                        "spotfleet.amazonaws.com",
                        "transitgateway.amazonaws.com"
                    ]
                }
            }
        }
    ]
}
  • Create one more ec2 instance
    Preview
  • Create one s3 bucket
    Preview

Activity 1

  • Lets give permissions to amazon linux instance to do anything with ec2 and s3.
  • For this we have created a policy already
  • Since we need to give permssion to an ec2 to access other ec2 instances and s3 buckets, let create a role
    Preview
    Preview
    Preview
    Preview
    Preview
  • Once the role is created, lets attach this role to the amazon linux
    Preview
    Preview
  • Note: in Amazon linux aws cli is preinstalled.
  • Using this role we can programattic access

    • AWS CLI
    • Code using AWS SDK
  • Majorly for automation purposes, roles are assigned to
    • EC2
    • Lambda

Activity 2

  • Give permission to Lambda function to access s3 and ec2
  • Create a roles for lambda

IAM Programatic Access For Users

  • Create 3 users with only programattic access
    • developer
    • admin
    • tester
      Preview
  • Dont give any permissions
  • Once we create the users we get Access Key ID and Secret Access Key ID
    Preview
  • We need to keep the Secret Access Keys Secret.
  • As an admin/operations we are suppose to rotate Credentials.
  • Access Key ID can be viewed any time, but secret access key can be viewed only during creation
    Preview
  • Once we are done using, its a better idea to deactivate these credentials

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner