DEV Community: Srikanth

AWS User Groups: What Are They? What does it do for us? What are the steps for creating IAM User Groups?

Srikanth — Fri, 04 Jun 2021 08:06:36 +0000

User Groups in AWS:

In AWS, User Groups are a way to combine users that share/ require similar permissions or policies.

Such that, When certain policies/permissions are assigned to a group, those policies/permissions are applied to all of the users in that group.

For example, you may create a group with three users, and then assign EC2 Access to the group, which allows those three users to access EC2 too.

Creating an User Group in AWS:

We've discussed what is an IAM User and how to create an IAM User in this article

• Create additional users (perhaps three) from your IAM account and memorise their passwords as well as the link (needed to login) provided on the Success page.

However, While creating those users, provide the 'AmazonS3FullAccess' permission/ policy.

• Now click on 'User Groups' from the 'IAM dashboard.'

• Now click 'create group' in the following page and

👉🏼 Provide a Group name

👉🏼 Select the Users who needed to be a part of the group.

👉🏼 And don't provide any permissions/ policies for now

• Remember the link you've been provided after creating users? Use it to login in an incognito mode as an IAM User who is part of the group you've just created (or logout in the current tab before you login).

• and then search for EC2 in the 'IAM Dashboard' or 'search bar' and open it in new tab.

• And you can see that you can access S3 as you've provided the permission directly while creating that user. And you can see error at EC2 tab since you've not provided any permission for that.

• Return to your 'IAM Account' and click on the group you just created inside User groups.

• then pick 'add permission' > 'Attach policies' from the 'permissions' tab.

• select 'AmazonEC2FullAccess' and save it.

• Now open that incognito tab and reload the EC2 tab and you can see its working even though you haven't granted the permission directly to that user but have granted the permission to the group he is in.

• Now try signing in with the rest of the users in that group and see whether they all have access to 'EC2'.

Bottom Line:

👉🏼 Users that require the same permissions can be grouped together, making the work of granting or deleting permissions easier.

👉🏼 Changes made to a group are reflected to all users within that group.

This is part of #100DaysOfCode of AWS started by Sarthaksavvy .
You can visit his profile on Github

Feel free to leave a comment if you enjoyed or disliked this post. I'd appreciate it if you could provide feedback.

Follow me on twitter

In AWS, what is an IAM user? What is the need for one, and why is it necessary?

Srikanth — Fri, 04 Jun 2021 08:05:45 +0000

AWS provides a variety of services, resulting in a variety of responsibilities and the necessity to keep the servers accessible only to those with authorisation.

In AWS, Identity Access Management (IAM) allows us to create a digital identity for an account, allowing the account holder (user) to execute certain tasks or utilise particular policies/resources while we, as the root user, can keep track of which services they used or accessed.

Your questions would be

What is a root account, specifically?
What is the purpose of creating a user?
How do you make one?

What is a root account, specifically?

The root account is the one you get when you set up your AWS account for the first time.

What is the purpose of creating a user?

Rather than utilising our root account to accomplish regular tasks, we as root users must create an user with 'Administrative access' and perform the regular tasks using that account.
and the users we create using the root account are known as 'IAM Users'.
You should only use the root account for the most vital operations.

and how do you make one?

To create a User Account search for 'IAM Dashboard' on your account and click the link.

You can see the options for Users, User Groups ...

Click Users

Give yourself a username that you can use to log in later.

When creating a user, you must choose between the following access types:

i. Programmatic access : Provides an access key (for authorization) and secret key (for using API, SDK and different AWS tools) ****

ii. AWS Management Console access : Provides a password required to log into AWS Management Console

For now we go with the second option i.e., AWS Management Console access

Setting Permissions:

Since we haven't created a group nor have an existing user click 'Attach Existing Policies' and check 'AdministratorAccess' and proceed to Next Page.

Adding tags:

Tags come in handy when we need to find a certain person in a huge group.

It **is optional, so let's just skip it for now and proceed to **Next Page.
Review:

We're sent to a page that lists all of the options we've selected so far.

Success Page:

You've arrived at a success page indicating that you've created a user account.

If you've previously checked Programmatic access, you may have received two keys labelled access key and secret key, which you must COPY to a safe location because it is only available once.

Keep an eye out for a link like (https://your_ID.signin.aws.amazon.com/console), and that's the site you'll need to use to log in as an IAM User.

Before you login as an User open the URL in incognito mode or you may need to Sign Out first in the current browser window.

Now Redirect to the above-mentioned site and log in using the username and password you gave.

You'll see that you've logged in as a 'IAM User' on your profile.

As this user, you can utilise services like EC2, S3, and others, since you've given 'Administrative Access'

This is part of #100DaysOfCode of AWS started by Sarthaksavvy .
You can visit his profile on Github

Feel free to leave a comment if you enjoyed or disliked this post. I'd appreciate it if you could provide feedback.

Follow me on twitter

In AWS, what is a user? What is the need for one, and why is it necessary?

Srikanth — Wed, 02 Jun 2021 10:49:23 +0000

AWS provides a variety of services, resulting in a variety of responsibilities and the necessity to keep the servers accessible only to those with authorisation.

Your questions would be

What is a root account, specifically?
What is the purpose of creating a user?
How do you make one?

What is a root account, specifically?

The root account is the one you get when you set up your AWS account for the first time.

What is the purpose of creating a user?

Rather than utilising our root account to accomplish regular tasks, we as root users must create an user with 'Administrative access' and perform the regular tasks using that account.
and the users we create using the root account are known as 'IAM Users'.
You should only use the root account for the most vital operations.

and how do you make one?

To create a User Account search for 'IAM Dashboard' on your account and click the link.

You can see the options for Users, User Groups ...

[ ] Click Users

Give yourself a username that you can use to log in later.

When creating a user, you must choose between the following access types:

i. Programmatic access : Provides an access key (for authorization) and secret key (for using API, SDK and different AWS tools) ****

ii. AWS Management Console access : Provides a password required to log into AWS Management Console

For now we go with the second option i.e., AWS Management Console access

[ ] Setting Permissions:

Since we haven't created a group nor have an existing user click 'Attach Existing Policies' and check 'AdministratorAccess' and proceed to Next Page.

[ ] Adding tags:

Tags come in handy when we need to find a certain person in a huge group.

It **is optional, so let's just skip it for now and proceed to **Next Page.
[ ] Review:

We're sent to a page that lists all of the options we've selected so far.

[ ] Success Page:

You've arrived at a success page indicating that you've created a user account.

Keep an eye out for a link like (https://your_ID.signin.aws.amazon.com/console), and that's the site you'll need to use to log in as an IAM User.

Before you login as an User open the URL in incognito mode or you may need to Sign Out first in the current browser window.

Now Redirect to the above-mentioned site and log in using the username and password you gave.

You'll see that you've logged in as a 'IAM User' on your profile.

As this user, you can utilise services like EC2, S3, and others, since you've given 'Administrative Access'

This is part of #100DaysOfCode of AWS started by Sarthaksavvy .
You can visit his profile on Github

Feel free to leave a comment if you enjoyed or disliked this post. I'd appreciate it if you could provide feedback.

Follow me on twitter

What is Amazon Web Services (AWS)? and what makes it so popular?

Srikanth — Tue, 01 Jun 2021 13:47:57 +0000

What is AWS?

AWS stands for Amazon Web Services.

It provides services such as databases, servers to build, deploy, and manage Websites on a remotely located virtual machine for which they charge.

Customers include Netflix, Twitch, Facebook.

Advantages:

Fast
Secure
Reliable
Cost-effective
Well documented
Auto-scaling is easy
Pay for only what you use
Quick and easy to set up a new
server or extend the storage capacity
Avoids the agony of setting up physical
hardware for a server or storage and configuring it

Disadvantages:

Technical support fee.
Common Cloud Computing Problems.
Limitations of services based on region.
Require more time to develop and maintain the more complex applications.

Global Infrastructure:

Regions: clustered data centers.

Availability Zones: Individual data centre that is self-contained, with its own maintenance and security.

Local Zones: Keeps important services like video and gaming, which require no latency, closer to end-users while also offering high bandwidth.

Primary Region: This is the first Region where you established your directory.

AWS Wavelength: Allows developers to create apps with single-digit millisecond latency for end-users and mobile devices.

Edge location: the location closest to the user who is using an AWS service. Instead of a server, a tiny configuration is installed.

Factors to consider while picking a AWS Region:

Compliance: with data governance (Few people govern data to keep it local.)

Proximity to the customer: reduces latency for end-user

Availability of service: Certain services are limited in a few regions.
Pricing: Varies from region to region

Global vs Regional features:

Global features:

Accessible to all regions.

Changes made are implemented to all the regions that are inherited from the primary region

Regional features:

Accessible to particular regions.

Changes are applied only to the corresponding region

Global services of AWS:

Identity and access management (IAM): is a framework of policies and technologies that facilitates the management of electronic or digital identities

CloudFront: fastest CDN service that securely delivers data, media, and APIs to customers globally with low latency

Route 53: DNS service.

Web Application Firewall (WAF): firewall that filters, monitors, and blocks HTTP traffic to and from a web service

Resources:

Github repositry:

https://github.com/sarthaksavvy/100DaysOfAWS/blob/main/Day-1-Getting-Started-with-AWS.md

Pics:

https://aws.amazon.com/wavelength/
1. https://www.instaclustr.com/around-the-world-in-approximately-8-data-centres-globally-distributed-storage-streaming-and-search-part-1/

For more information:

Visit https://aws.amazon.com/

If you like or dislike this article, please leave a comment.

Appreciate your feedback...