Building a DevOps Team of Avengers: A Journey into IAM User Management and DevOps Group Setup in AWS
Introduction:
In the world of DevOps, assembling a team of skilled individuals is crucial for achieving seamless collaboration and accelerating the development and deployment process. In this blog, we will explore how to create IAM users and assign them to DevOps groups using AWS Identity and Access Management (IAM). We will also embark on an exciting mission to bring together a DevOps team of Avengers, each armed with specific IAM policies to wield the power of AWS services effectively.
Task 1: Creating an IAM User with EC2 Access and Installing Jenkins and Docker
To start our journey, we need to create an IAM user with EC2 access and launch a Linux instance using this user. We'll then proceed to install Jenkins and Docker on the instance through a single Shell Script.
Step 1: Creating the IAM User: Let's create an IAM user with a username of our choice, "DevOpsHero," and grant them EC2 access.
aws iam create-user --user-name DevOpsHero
# Attach EC2 Full Access Policy to the user
aws iam attach-user-policy --user-name DevOpsHero --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess
Step 2: Launching the Linux Instance and Installing Jenkins and Docker: We'll use the AWS CLI and UserData to launch the Linux instance and install Jenkins and Docker automatically.
#!/bin/bash
# UserData script for instance launch
# Update and install necessary packages
sudo yum update -y
sudo yum install -y java-1.8.0-openjdk-devel
# Install Jenkins
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat/jenkins.repo
sudo rpm --import https://pkg.jenkins.io/redhat/jenkins.io.key
sudo yum install -y jenkins
sudo systemctl start jenkins
sudo systemctl enable jenkins
# Install Docker
sudo amazon-linux-extras install docker -y
sudo service docker start
sudo usermod -a -G docker ec2-user
Now, our DevOpsHero IAM user has launched an EC2 instance with Jenkins and Docker installed, all set to embark on DevOps adventures!
Task 2: Creating a DevOps Team of Avengers with IAM Users and Groups
In this task, we will form a DevOps team of Avengers, each with specific IAM policies, to perform various tasks within the AWS environment.
Step 1: Creating IAM Users for Avengers: Let's create three IAM users: IronMan, Thor, and Hulk, each representing an Avenger.
aws iam create-user --user-name IronMan
aws iam create-user --user-name Thor
aws iam create-user --user-name Hulk
Step 2: Creating IAM Groups and Assigning Users: Next, we will create DevOps IAM groups and assign our Avengers to these groups.
aws iam create-group --group-name DevOpsGroup
# Adding users to the DevOps IAM group
aws iam add-user-to-group --group-name DevOpsGroup --user-name IronMan
aws iam add-user-to-group --group-name DevOpsGroup --user-name Thor
aws iam add-user-to-group --group-name DevOpsGroup --user-name Hulk
Step 3: Defining IAM Policies for DevOpsGroup: To ensure our Avengers have access to specific AWS services, we'll create IAM policies and attach them to the DevOpsGroup.
// policy-ec2-full-access.json
{
"Version": " ",
"Statement": [
{
"Effect": "Allow",
"Action": "ec2:*",
"Resource": "*"
}
]
}
aws iam create-policy --policy-name EC2FullAccessPolicy --policy-document file://policy-ec2-full-access.json
aws iam attach-group-policy --group-name DevOpsGroup --policy-arn arn:aws:iam::YOUR_ACCOUNT_ID:policy/EC2FullAccessPolicy
Conclusion:
In this adventure-filled blog, we explored the power of AWS IAM and formed a mighty DevOps team of Avengers. With IAM users, groups, and policies, we equipped our team to conquer AWS tasks efficiently. Remember, a strong DevOps team can unleash the full potential of AWS services and lead to exceptional development and deployment experiences.
To connect with me - https://www.linkedin.com/in/subhodey/