Day 39: AWS EC2 Automation and Jenkins

Today I have covered,

• AWS EC2 Automation and Jenkins with a single Shell-Script file.

• What are IAM Roles?

Why AWS?

• AWS is one of the most popular Cloud Provider that has free tier too for students and Cloud enthusiasts for their Handson while learning (Create your free account today to explore more on it).

What is AWS?

• Amazon Web Services (AWS) is a comprehensive and widely-used cloud computing platform provided by Amazon. It offers a vast array of cloud services and solutions designed to enable businesses, organizations, and individuals to build and manage their applications and infrastructure in a scalable, secure, and cost-effective manner.

User Data in AWS:

• When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives.

• You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).

• This will save time and manual effort every time you launch an instance and want to install any application on it like Apache, Docker, Jenkins etc

What is IAM?

• AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

Key Features of IAM :

• Shared access to your AWS account.

• Temporary access through IAM roles for time-limited permissions.

• Identity federation (including Active Directory, Facebook, LinkedIn, SAML, and OpenID Connect).

• Multifactor authentication (MFA).

• Provide temporary access for users/devices and services where necessary.

• Password rotation policy.

• Integrates with many different AWS services.

---

Task 1 :

Launch the EC2 instance with already installed Jenkins on it. Once the server shows up in the console, hit the IP address in the browser and your Jenkins page should be visible.

• Step 1: Open the AWS account as the root user.

• Step 2: Now we will the Console Home of AWS.

• Step 3: Now we will go to the IAM service. So Search for IAM in the search bar and click on the IAM service.

• Step 4: Now you will see the IAM Dashboard. Now click on the Users tab.

• Step 5: (Dashboard > Access Management > User > Create User)Now click on the Add User button. Also while creating the user make sure that you have selected the Programmatic Access and AWS Management Console Access.

• Step 6: After entering the username of your choice and click on the Next: Permissions button and give the EC2FullAccess permission to the user.

• Step 7: Now click on the Next: Tags button and then click on the Next: Review button.

• Step 8: You can view and download the user's password below or email the user's instructions for signing in to the AWS Management Console. This is the only time you can view and download this password.

• Step 9: Now we can see the downloaded CSV file which contains the username and password of the user.

• Step 10: Verify that the user has been created named "Student_Access" successfully.

• Step 11: Now we will login to the AWS account as the "Student_Access" user using the password that we have downloaded in the CSV file.

• Step 12: Now we will the Console Home of the IAM User named "Student_Access".

Take a screenshot of the Userdata and Jenkins page, this will verify the task completion.

• Step 1: Now we will go to the EC2 service. So Search for EC2 in the search bar and click on the EC2 service.

• Step 2: Now we will launch the EC2 instance. So click on the Launch Instance button and verify if the instances are running or not.

(Note that you can't connect to the instance using "EC2 Instance Connect" as you have not given the user access to ec2:InstanceConnect. So log in using ssh.)

• Step 3: Now we will connect the terminal and EC2 instance using ssh. So click on the Connect button and copy the ssh command.

(so copy the 3rd command and example from the above image of your terminal and paste it into the terminal.)

• Step 4: Now we will create a shell script named "install.sh" and copy the below code in it.

#!/bin/bash
sudo apt update
sudo apt install openjdk-8-jdk
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \
    /usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
    https://pkg.jenkins.io/debian-stable binary/ | sudo tee \
    /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt update
sudo apt install jenkins
sudo systemctl start jenkins
sudo systemctl status jenkins
sudo apt update
sudo apt install docker.io
sudo systemctl start docker

• Step 5: Now we will give the permission of the shell script to the user. So run the below command.

chmod +x install.sh
./install.sh

• Step 6: Now we will check the status of the Jenkins and docker. So run the below commands.

sudo systemctl status docker

sudo systemctl status jenkins

• Step 7: Now go to your browser, open PublicIP:8080 and you must be able to see the Unlock Jenkins page.

---

Task 2:

IAM Roles or explain the IAM Users, Groups.

• An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it. Also, a role does not have standard long-term credentials such as a password or access key is associated with it. Instead, when you assume a role, it provides you with temporary security credentials for your role session.

• Groups are a way to group together collections of users under one name. Instead of attaching policies to individual users, you can attach the policies to a group and then any user that is a member of that group will inherit those policies. This makes it easier to manage permissions for a set of users, rather than having to manage permissions for each individual user.

Create three Roles named: DevOps-User, Test-User and Admin.

• Step1: Goto IAM service and click on the Roles tab and Create a new role.

• Step 2: Now select the AWS service and click on the EC2 service.

• Step3: Add Permissions and attach the AmazonEC2FullAccess policy to it and we have created the first Role named "DevOps-User"

• Step 4: Do the same for the Test-User and Admin Roles.

• We can verify that we have created three Roles.

---

Happy Learning :)