Day 39: Understanding AWS and IAM Fundamentals

Day 39: Understanding AWS and IAM Fundamentals


5 min read

Amazon Web Service (AWS):

Amazon Web Services is one of the most popular Cloud Providers that has a free tier for students and Cloud enthusiasts for their Hands-on while learning (Create your free account today to explore more on it).

AWS has the largest and most dynamic community, with millions of active customers and tens of thousands of partners globally.

AWS is architected to be the most flexible and secure cloud computing environment available today.

User Data in AWS:

  • When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives.

  • You can also pass this data into the launch instance wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).

  • This will save time and manual effort every time you launch an instance and want to install any application on it like Apache, docker, Jenkins etc

Identity and Access Management (IAM):

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. With IAM, you can centrally manage permissions that control which AWS resources users can access. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

When you create an AWS account, you begin with one sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account.

IAM Features:

  • Shared access to your AWS account

  • Granular permissions

  • Secure access to AWS resources for applications that run on Amazon EC2

  • Multi-factor authentication (MFA)

  • Identity federation

  • Identity information for assurance. etc


Launch the EC2 instance with already installed Jenkins on it. Once the server shows up in the console, hit the IP address in the browser and your Jenkins page should be visible.


  • Log into your AWS console using your credentials.

  • Navigate to the EC2 service in the AWS Management Console.

  • Click on "Instances" in the left sidebar.

  • Click the "Launch Instance" button to start the instance creation process.

  • In the instance creation wizard, select an AMI that includes a Linux distribution of your choice (e.g., Amazon Linux, Ubuntu).

  • Choose the desired instance as required.

  • In the "Configure Instance" step, you can configure instance details like the number of instances, network settings, and more. Ensure that you select the appropriate VPC, subnet, and security group settings.

  • Configure the security group to allow inbound traffic on port 80 (HTTP) and port 8080 (Jenkins web interface) from your IP address.

  • Review and Launch your instance.

  • Wait for the instance to launch successfully.

  • Once the instance is running, note its public IP address or DNS name.

  • Open a web browser and enter the IP address or DNS name followed by port 8080 (e.g., http://your-instance-ip:8080).

  • To unlock Jenkins, SSH into your instance (using the key pair you created) and retrieve the initial admin password from the Jenkins server log. Use this password to unlock Jenkins via the web interface.

  • Follow the on-screen instructions to complete the initial Jenkins setup.


Read more on IAM Roles and explain the IAM Users, Groups and Roles.

Create three Roles named: DevOps-User, Test-User and Admin.

IAM Users:

  • IAM Users are individual identities associated with your AWS account.

  • Each user has unique security credentials (username and password or access keys).

  • Users can be assigned permission to access AWS resources.

  • Users are typically used for providing access to individual people, applications, or services within your AWS account.

IAM Groups:

  • IAM Groups are collections of IAM Users.

  • Groups make it easier to manage permissions by assigning policies to a group rather than to individual users.

  • For example, you can create a "DevOps" group and add multiple users to it. Then, assign policies to the group to grant permissions to all users in that group.

IAM Roles:

  • IAM Roles are similar to users but are meant to be assumed by AWS resources or services.

  • Roles don't have permanent security credentials like users. Instead, they have temporary security credentials that can be assumed by AWS services.

  • Roles are often used to grant permissions to AWS resources, such as EC2 instances, Lambda functions, or other services.

  • For example, you can create a "DevOps-User" role and assign it to an EC2 instance. This allows the EC2 instance to access other AWS services based on the permissions granted to the role.

To create the users mentioned in the task, follow the steps below:

  • Log in to the AWS Management Console.

  • Navigate to the IAM service.

  • In the IAM dashboard, select "Roles" from the left sidebar.

  • Click the "Create role" button.

  • Choose the type of trusted entity that can assume this role. For example, if it's for an EC2 instance, select "AWS service" and then choose "EC2."

  • In the permissions policy, attach the policies that define the permissions for each role. For "DevOps-User," you might attach policies related to development and deployment. For "Test-User," policies related to testing, and for "Admin," policies with full administrative access.

  • Complete the role creation process, including specifying a name and description for each role.

<That's all for today. HOPE you like it. FOLLOW to join me in the journey of DevOps>