AWS Classroomnotes 27/Aug/2022

IAM Roles

  • IAM Roles is permission given to AWS service/resource to access other AWS Resources

Lab Setup

  • Create an ec2 instance with Amazon Linux.
  • Create a IAM Policy which allows users to do any operations on s3 and ec2
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*",
                "s3-object-lambda:*"
            ],
            "Resource": "*"
        },
        {
            "Action": "ec2:*",
            "Effect": "Allow",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "elasticloadbalancing:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "cloudwatch:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "autoscaling:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "iam:CreateServiceLinkedRole",
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "iam:AWSServiceName": [
                        "autoscaling.amazonaws.com",
                        "ec2scheduled.amazonaws.com",
                        "elasticloadbalancing.amazonaws.com",
                        "spot.amazonaws.com",
                        "spotfleet.amazonaws.com",
                        "transitgateway.amazonaws.com"
                    ]
                }
            }
        }
    ]
}
  • Create one more ec2 instance
  • Create one s3 bucket

Activity 1

  • Lets give permissions to amazon linux instance to do anything with ec2 and s3.
  • For this we have created a policy already
  • Since we need to give permssion to an ec2 to access other ec2 instances and s3 buckets, let create a role




  • Once the role is created, lets attach this role to the amazon linux

  • Note: in Amazon linux aws cli is preinstalled.
  • Using this role we can programattic access
    • AWS CLI
    • Code using AWS SDK
  • Majorly for automation purposes, roles are assigned to
    • EC2
    • Lambda

Activity 2

  • Give permission to Lambda function to access s3 and ec2
  • Create a roles for lambda

IAM Programatic Access For Users

  • Create 3 users with only programattic access
    • developer
    • admin
    • tester
  • Dont give any permissions
  • Once we create the users we get Access Key ID and Secret Access Key ID
  • We need to keep the Secret Access Keys Secret.
  • As an admin/operations we are suppose to rotate Credentials.
  • Access Key ID can be viewed any time, but secret access key can be viewed only during creation
  • Once we are done using, its a better idea to deactivate these credentials
Published
Categorized as Uncategorized Tagged

By continuous learner

devops & cloud enthusiastic learner

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Animated Social Media Icons by Acurax Responsive Web Designing Company

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Exit mobile version
%%footer%%