DEV Community: Ifeanyi Duru

Setting up Secure and Scalable Storage Architecture With Low Latency

Ifeanyi Duru — Sat, 06 Apr 2024 14:50:32 +0000

This project focuses on establishing a storage infrastructure that is both scalable and secure, while also ensuring minimal latency.

Understanding AWS S3 Bucket

An AWS S3 Bucket is a cloud-based object storage service provided by Amazon Web Services (AWS), it is a virtual container within Amazon Simple Storage Service (S3) that acts like a digital file folder and is also designed to store and retrieve any amount of data from anywhere on the web.

Here are some key features and functionalities of the S3 Bucket:

Scalability: S3 is highly scalable, meaning it can accommodate a virtually unlimited amount of data. As your storage requirements grow, S3 automatically scales to meet your needs without any upfront provisioning.

Durability: Stores data redundantly across multiple facilities to ensure exceptional data durability of almost 100%. This high level of durability is achieved by replicating data across multiple geographically dispersed data centers.

Security: S3 offers various security features to help you protect your data. This includes access control mechanisms such as bucket policies and Access Control Lists (ACLs), encryption options for data in transit and at rest, and integration with AWS Identity and Access Management (IAM) for fine-grained access control.

Versioning: S3 supports versioning, which allows you to keep multiple versions of an object in the same bucket. This feature helps protect against accidental deletion or overwrite of objects.

Cost-Effectiveness: Provides various storage classes to optimize costs based on your data access frequency.

Integration with Other AWS Services: S3 integrates seamlessly with other AWS services, making it easy to use as a storage backend for applications hosted on AWS. For example, you can use S3 to host static websites, store backups for Amazon EC2 instances, or serve as a data lake for analytics workloads.

Logging and Monitoring: S3 provides logging capabilities to track access to your bucket and objects, allowing you to audit and monitor usage. Additionally, you can configure event notifications to trigger AWS Lambda functions or other AWS services in response to specific bucket events.

We have three (3) tasks to accomplish in this project, namely;

Task 1: Data stored in the S3 bucket must not have a single point of failure.

Task 2: Create a narration.txt file and store financial information in it. Without granting IAM access, create a temporary link that will expire after 10 minutes to someone in the IT department.

Task 3: Create an s3 bucket and upload an object, but you are not allowed to execute this task using the console, what would be your approach?

Before going into our first task, we need to create an s3 bucket.

To sign in to the AWS Management Console,
visit https://console.aws.amazon.com/

Then navigate to S3 by clicking on the "Services" dropdown menu at the top-left corner and select "S3" under the "Storage" section.

Click on Create S3 bucket.

TASK 1

Data stored in the S3 bucket must not have a single point of failure.

To achieve more than one point of failure, enable cross-region replication and implement multiple availability zones/regions in the S3 bucket creation. Select a region closer to the region where the bucket is created, then select the directory option. Choose an availability zone closer to the AWS region that was selected.

Then create bucket.

Task 2:

Create a narration.txt file and store financial information in it. Without granting IAM access, create a temporary link that will expire after 10 minutes to someone in the IT department.

navigate into the bucket by clicking on its name. Then click on the "Upload" button.

Click on the "Add files" button and select the narration.txt file containing the financial information from your local file system.

To create a temporary link that will expire after 10 minutes to someone in the IT department, we will need to configure AWS in CLI.

Step 1
To do this, Go to IAM Dashbaord and navigate to users, click on the user you want to use.

Step 2
Click on Security Credentials, Under Access keys, click on create access keys.

Step 3
Choose Command Line Interface(CLI) and give it a description then create. DO write down or download the keys

Step 4
Open Command Prompt(cmd) and configure aws usng

aws configure

Step 5
type this command

aws s3 presign s3://your-bucket-name/account.txt --expires-in 600

Task 3:
Create an s3 bucket and upload an object, but you are not allowed to execute this task using the console, what would be your approach?

If I cannot use the AWS Management Console to create an S3 bucket and upload an object, I can achieve this task using the AWS Command Line Interface (CLI)

Using the 'aws s3 mb s3://mybucket' command, I would create a new S3 bucket. I would specify the bucket name and the region where I want to create the bucket.

To upload an image in the bucket, do the following command.

aws s3 cp /path/to/local/file/example.txt s3://my-bucket-name/example.txt

By following these steps, I would be able to create an S3 bucket and upload an object without using the AWS Management Console, leveraging the AWS CLI for automation and scripting purposes.

Thanks for following through on this point. Do comment and subscribe

The Big Shift: How Cloud Computing Took Over the World

Ifeanyi Duru — Fri, 29 Mar 2024 18:09:08 +0000

Cloud computing has become essential in handling information these days. This article explores how this technology went from a cool idea to something everyone uses. We'll look at where it all began, what major moments shaped it, and how it changed the use of computers.

From Dream to Reality

The early 2000s saw tech visionaries develop a new way to deliver computing power over the internet. Big names like Amazon, Google, and Salesforce were the first to make this a reality, paving the way for a massive change in the IT world.

Key Moments in Cloud Computing

2006: The Cloud Opens for Business - Amazon Web Services (AWS) launches, offering on-demand cloud storage and computing that can grow as needed. This marked the start of a new age for cloud infrastructure.
Software on Demand Takes Off - Companies like Salesforce, Google, and Microsoft have started offering software that runs online, eliminating the need to install and maintain it on individual computers.
Building Apps in the Cloud Gets Easier - Platforms like Google App Engine and Microsoft Azure appear, giving developers tools to create, deploy, and scale their applications without managing the servers themselves.
Mixing and Matching Clouds - Businesses start using a mix of public cloud services, their servers, and even clouds from different providers. This lets them find the best balance of performance, cost, and reliability.
How Cloud Computing Changed Everything
Growing When You Need To, Shrinking When You Don't - Cloud computing lets businesses add or remove resources as needed, making it perfect for workloads that change over time. It also helps them use their resources more efficiently.
Saving Money - With cloud services, businesses only pay for what they use. This cuts down on upfront costs and ongoing expenses, making cloud computing a good option for companies of all sizes.
Speeding Up Innovation - Cloud services give developers access to cutting-edge technologies like artificial intelligence and big data analysis. This lets them create new things and drive digital transformation faster.
Reaching the Whole World - Cloud providers have data centers all over the globe. This lets businesses deploy apps and services closer to their users, which means things run faster and smoother.
Challenges and the Road Ahead

Cloud computing is great, but it also comes with challenges like data security, following regulations, and getting locked into a single provider's system. However, careful planning, good management practices, and strong security measures can help businesses avoid these risks and get the most out of the cloud.

The Future is Cloudy (and Bright!)

Cloud computing has gone from a niche technology to something critical for businesses to be innovative and adaptable. As more and more companies move to the cloud, the future holds even more possibilities for using cloud computing to succeed in the digital age.

Thanks for reading. Do comment and share.

Cheers.

Introduction to AWS IAM: Identity and Access Management.

Ifeanyi Duru — Thu, 28 Mar 2024 19:28:40 +0000

Overview: AWS Identity and Access Management (IAM) offers comprehensive management of permissions within your AWS account, allowing precise regulation of user access to specific services and resources. With IAM policies, you can tailor permissions for users or applications, ensuring they only have access to the resources necessary for their tasks, and defining conditions for how and when access is granted.

Key Components of IAM:

Users: Users are entities that represent individual people, applications, or services that interact with AWS. Each user has a unique name and credentials (username and password or access keys) for accessing AWS resources.
Groups: Groups are collections of users. Instead of attaching policies directly to individual users, you can create groups, assign policies to them, and then add users to those groups. This simplifies permission management, especially in larger organizations with multiple users.
Policies: Policies are JSON documents that define permissions. You can attach policies to users, groups, or roles to grant or restrict access to AWS resources. Policies specify what actions are allowed or denied on which resources. AWS provides managed policies with predefined permissions, or you can create custom policies tailored to your specific needs.
Roles: Roles are similar to users, but they are not associated with a specific person or identity. Instead, roles are meant to be assumed by entities such as AWS services, applications, or users from another AWS account. Roles define a set of permissions, and when an entity assumes a role, it temporarily takes on those permissions.

Core Concepts:

Authentication: The process of verifying the identity of a user, application, or service. IAM supports various authentication methods, including username/password authentication for users, and access keys for programmatic access by applications or scripts.
Authorization: Determining what actions a user, group, or role is allowed to perform on AWS resources. This is controlled through IAM policies, which define the permissions associated with each entity.
Least Privilege: Following the principle of least privilege means granting users, groups, and roles only the permissions they need to perform their intended tasks, and no more. This reduces the risk of unauthorized access and potential security breaches.

Project Objective

In this project, the following tasks will be accomplished.

Create a user,
⁠Create a group and add the user to the group,
⁠Attach 3 policies to that group: the user must have the ability to create IAM user, vpc, and s3 policies,
⁠Create a customized customer-managed policy to deny a user access to creating an RDS instance snapshot and allow the user to create an EC2 instance,
⁠Create an organization: add two accounts to the organization 1: Developer account and 2: An operations account and switch roles between the accounts.

A step-by-step pictorial approach will be used for better guidance and understanding.

To start with, Open your web browser and go to the AWS Management Console at https://aws.amazon.com/console/.
Sign in using your AWS account credentials.

Once you're logged in, navigate to the IAM dashboard.

In the top-left corner, search for "IAM" in the services search bar, and select "IAM" from the results.

IAM allows you to manage access to AWS services and resources securely.

Task 1:

Click on users in the left-hand corner to create a user. Then click on create a user.

Input your desired user name, then click next.

Task 2:
Next, our task is to create a user group and add the user into the group.

To achieve this, click on create user group. Input the group user name and click on create user group.

We then need to add the user to the group we created. To get this done, click on the group name and then click on add users.

Then input the user name in the search bar and add user to the group.

We have successfully created a user and added the user to a group.

Task 3:
The next step is to attach policies to the user group we created.

To attach policies click on permissions by the right of users tab.

then click on the add permission arrow on the right-hand side, and click on attach policies.

On the permission policies screen, to add IAM policy, search for IAMfullacess.

check on IAMfullacess and click attach policies

IAMfullacess policy has been successfully attached to the group.

Repeat the above steps to attach vpc and s3 policies to the group.

All three policies have been attached to the group.

Task 4:

*Now, we have to customize a customer-managed policy to deny a user from creating an RDS instance snapshot, while allowing the user to create an EC2 instance. *

To create a customized policy, we will click on the permission policy arrow by the right hand, then click on create an inline policy.

On services, choose RDS

Select All RDS and all resources, then select deny, and click next.

Then create policy.

To allow the user to create an EC2 instance, go to inline policy, and click on services, then click on EC2.

All policies have been applied.

Task 5:

The last task of this project is to create two accounts and be able to switch between roles.

Creating accounts under the AWS organization to switch roles.

First, go to AWS organization and click on create an account, fill in the details, and create an account.

After creating an account, we will need to create roles for each account. To do this, navigate to role in IAM features, then create roles.

Under trusted entity type, select AWS account and under an AWS account choose this account, then next.

Attach administrator access to the role, click next.

Put in the role name and create role.

Do this for any more roles you want to create.

To switch roles, navigate to IAM dashboard and click on the top right corner arrow, then click on switch role.

Put in the account ID and the ARN characters from the account role then switch.

Thanks for reading through to this point. I'm assured you have gotten insightful steps to guide you on exploring the AWS IAM feature.

Feel free to comment and ask questions where necessary, I'll be glad to respond.

Cheers.