Chapter 2 AWS Services

This chapter covers the services will be used in the tutorial.

2.1 Access AWS

An user can access AWS account by:

• AWS console, the web UI
• AWS Command Line (awscli)
• AWS SDK for different languages such as Python, Java, NodeJs

In the tutorial, we use awscli and terraform to create aws resources. awscli is a command line tool provided by AWS to interact with AWS. There is also a python SDK boto3 that can be used.

2.1.1 AWS Command Line (awscli)

Note: You only need to run the following commands if you are setting up awscli on your own environment. For this tutorial, we’ll use an ec2 instance inside cloud summit’s aws account. There’s no need to run the following command when you are following the instructor during the tutorial.

awscli can be installed from conda or pip.

• Install miniconda. Choose from one of the following to install miniconda.

  • Install miniconda system wide:

    wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
    bash Miniconda3-latest-Linux-x86_64.sh -b -p /opt/miniconda3

  • Install under user home:

    wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
    bash Miniconda3-latest-Linux-x86_64.sh -b -p ~/miniconda3

• Change PATH system variable. Add the following line to ~/.bashrc

  export PATH=$PATH:~/miniconda3/bin

• install awscli and boto3

  conda create -n aws python=3.7
  conda activate aws
  conda install -c conda-forge awscli -y
  conda install -c conda-forge boto3 -y

• Config awscli:

  aws configure

  Type in the access key and secret access key for your aws account.

2.2 IAM

All permissions to an AWS account is configured by the AWS Identity and Access Management (IAM) service. In IAM service, admins can create new users, add the user to groups or create roles for services and external users.

2.2.1 User, Group and Role

• A user is a unique identity recognized by AWS services and applications.
• A group is a collection of IAM users.
• An IAM role is an IAM entity that defines a set of permissions for making AWS service requests. EC2 instance profile is a container for an IAM role.

2.2.2 Policies and permissions

Access control policies are attached to users, groups, and roles to assign permissions to AWS resources. By default, IAM users, groups, and roles have no permissions; users with sufficient permissions must use a policy to grant the desired permissions.

2.3 VPC

VPC is the backbone of communication between EC2 instances and outside network. There is a default VPC with default subnets created for your account already.

2.3.1 Security Groups

Inside a VPC, security groups are used to control network communication within the VPC, between VPC and outside network. An EC2 instance need at least one security group defined to be able to communicate with outside world.

2.4 S3

S3 is the most populor storage service of AWS. It is organized by bucket and files are stored as objects.

2.5 EC2

EC2 is the virtual machine service of AWS.

2.6 Resources

• IAM FAQ