#LifeKoKaroLift
1
�Course : Cloud Computing
Module Name: AWS Basics
Instructor : Harshwardhan Singh
2
� Today’s Agenda
● AWS Basics
3
���Identity and Access Management (IAM)
AWS IAM
� Identity and Access Management (IAM)
AWS Identity and Access Management (IAM) is a service that helps you securely manage
access to AWS services and resources. It provides several components to control and
monitor user access effectively.
● Users: IAM allows you to create and manage individual users for accessing AWS.
Each user has their own set of permissions and credentials.
● Groups: Users can be organized into groups to simplify the management of
permissions. Instead of assigning permissions to each user individually, you can
assign permissions to groups, and users added to those groups inherit those
permissions.
● Permissions: IAM enables you to define fine-grained permissions for users and
groups. You can specify what actions they are allowed or denied on AWS resources.
� Identity and Access Management (IAM)
● Multi-Factor Authentication (MFA): It is highly recommended to enable MFA for all
IAM users, including the root user. MFA adds an extra layer of security by requiring
an additional authentication factor, such as a code generated on a mobile device,
along with the regular password.
● Roles: Roles are a secure way to grant temporary access to AWS resources. Instead
of creating IAM users, roles can be assigned to different entities, such as AWS
services or EC2 instances, allowing them to access resources securely without the
need for permanent credentials.
● Policies: IAM policies are the rules that define what actions are allowed or denied
for users, groups, or roles. Policies can be attached to these entities to grant or
restrict access to specific AWS resources.
� TASK1 : Create IAM Groups and add IAM Users
In this task, we are going to create new IAM groups and will add the users to their
respective groups. Moreover, we will be adding permissions to the group so that users
within the group have the access to the services allocated to them using the
permission policies.
1. Select the User groups in the left panel and click on the Create group
2. Set Group Name:
● User group name: Enter Dev-Team
● Scroll down and select John and Sarah under Add Users to the group.
● Scroll down to the Attach permissions Policies section and search for
AmazonEC2ReadOnlyAccess and AmazonS3ReadOnlyAccess policies. These
policies provide read access for EC2 and S3 to the added users in the group.
● Review all details and click on Create group button.
� TASK 2: Creating an IAM Policy for EC2
In this task, we are going to create an IAM policy specifically for the EC2 (Elastic
Compute Cloud) service. EC2 is a core AWS service that provides virtual servers in the
cloud. By creating an IAM policy for EC2, users can define the permissions and actions
that are allowed or restricted for EC2 resources.
● Navigate to the Services menu at the top, then click on IAM in the Security, identity, &
Compliance section.
● In the left menu, select Policies.
● Click on Create Policy button.
● Under Visual, Type EC2 in the search box and select EC2.
● In the Actions, specify the actions allowed in EC2. For this service, We'll choose List.
● Click on Resources, scroll down and choose All resources so that there is no need to
specify the resource ARN.
�Amazon EC2
� Amazon EC2
AWS EC2, short for Elastic Compute Cloud, is a service provided by Amazon Web Services that allows you
to create and manage virtual machines, known as instances, in a cloud environment. With EC2, you can
easily scale your computing capacity up or down based on the demands of your applications or services.
This means that you don't need to invest in physical hardware and can quickly adjust the number of
instances to match your needs. EC2 provides you with full control over your virtual servers, allowing you
to configure security settings, manage networking, and handle storage. Additionally, AWS offers a wide
range of instance types tailored for different use cases, giving you flexibility in terms of processing
power and memory for your EC2 instances.
● Instance Types Selection: Based on need one should select the instance type and size such as
General Purpose – (T2, M4, M3), Compute Optimized – (C5, C4, C3), Memory Optimized – (X1, R4,
R3), Accelerated Computing (P3, P2, G3, F1), Storage optimized-(I3), Dense-storage Instances –
(D2)
● Storage Selection: Select and use storage as per need, allocate as per application need, and
don't overestimate, if need huge storage to store some data then store in AWS S3 instead of EBS
Volume, and if need multiple instances need to use a common storage location then use AWS
EFS
� Amazon EC2
● Network Selection & Configuration: Configure secure VPC by configuring Public/Private subnets,
assign Elastic IPS properly, and use only if needed else release the same, make sure configure
security groups properly and allow port that needed and to the targeted users, allow ssh to
particular IP addresses, only necessary persons should have .pem access or even better use AWS
SSM
● Cost Optimization: Use Spot Instances, Reserve Instances, Saving Plans and create a strategy to
reduce the cost, use auto-scaling to scale in when resources not needed and scale up and when
needed, use auto turn off instances if instances not in use, use serverless tech (Lambda) if the
application is intermittent of event- based
�Amazon EC2
�Virtual Private Cloud
� Virtual Private Cloud
Amazon Virtual Private Cloud (Amazon VPC) is a service that allows you to create your own
isolated virtual network within the Amazon Web Services (AWS) cloud. It gives you full control over
your network environment, allowing you to define IP address ranges, create subnetworks, and
configure routing and connectivity options. You can use both IPv4 and IPv6 addresses to ensure
secure access to your resources.
● CIDR (Classless Inter-Domain Routing): CIDR is a method used to allocate and manage IP addresses
in a more efficient way. It involves specifying a network address and a prefix length to define the
range of IP addresses available in a network.
● Subnet: A subnet is a smaller network within your VPC. It helps organize your resources and allows
you to apply different configurations or security settings to specific subsets of resources.
● Internet Gateway: An internet gateway enables communication between your VPC and the
internet. It acts as a gateway for traffic going in and out of your VPC.
� Virtual Private Cloud
● NAT Gateway & NAT Instances: Network Address Translation (NAT) allows private resources within
your VPC to access the internet. NAT Gateway and NAT Instances are the two options available for
setting up NAT. They enable outbound internet connectivity for resources with private IP
addresses.
● Security Groups: Security Groups act as virtual firewalls that control inbound and outbound traffic
for your resources within the VPC. You can define rules to allow or deny specific types of traffic
based on protocols, ports, and IP addresses.
When working with VPCs, it's important to check the pricing estimate for specific services like NAT
Gateway as they may have associated costs.
� Task 3: Creating a Virtual Private Cloud
● Make sure you are in the N.Virginia Region.
● Navigate to the Services menu and click on VPC under Networking & Content Delivery.
● Click on Create VPC button.
● In VPC Settings:
○ Resources to create: Select VPC and more
○ Name tag : Enter myfirstvpc
○ IPV4 CIDR block: Enter 10.0.0.0/16
○ IPV6 CIDR block: Select No IPv6 CIDR block
○ Number of Availability zones : Select 1
○ Number of Public subnet: Select 1
○ Number of Private subnet: Select 1
○ VPC endpoints : Select None
○ Click on Create VPC button.
● Your VPC has been created successfully. Click on View VPC button.
�Task 3: Creating a Virtual Private Cloud
� Task 3: Walk through the resources created by the VPC
● Under the dashboard, click Your VPC’s to see the VPC you created.
● Navigate to Subnets where you can see the public and private subnets created in VPC.
� Task 3: Walk through the resources created by the VPC
● Navigate to Route Tables from the left menu. You can see two route tables (one for the
public subnet and one for the private subnet).
● Navigate to Internet gateways from the left menu and you can see an Internet gateway
attached to the myfirstvpc.
