Getting Started with AWS

-

IAM and AWS CLI

IAM console

IAM (Identity and Access Management) in AWS helps you securely control who can access your AWS resources. It allows you to create users, groups, and roles, and assign specific permissions to them. This ensures that only authorized people or applications can access certain AWS services or data, keeping your environment secure.

IAM policies in AWS are sets of permissions that define what actions users or services can perform on AWS resources. Policies are written in JSON format and can be attached to users, groups, or roles. They specify which resources can be accessed and what actions (like reading, writing, or deleting) can be performed.

There are two main types of IAM policies:

1. Managed Policies: Predefined by AWS or custom-made, reusable policies.

2. Inline Policies: Policies directly attached to a specific user, group, or role for more fine-grained control.


AWS CLI (Command Line Interface) is a tool that allows you to manage AWS services using commands in your terminal or command prompt, rather than through the AWS Management Console. With the CLI, you can automate tasks, control multiple AWS services, and manage resources efficiently from a single interface.

Common uses include:

- Creating and managing EC2 instances.

- Uploading files to S3.

- Monitoring services with CloudWatch.

It supports scripts and can be integrated into automation workflows for efficient cloud management.


AWS Console

AWS CloudShell is a browser-based command-line tool that lets you run AWS CLI commands directly in the AWS Management Console without needing to install or configure anything on your local machine. It provides a pre-configured environment with the AWS CLI, scripting tools, and even 1 GB of storage for files.

CloudShell is ideal for quick access to AWS resources and performing tasks like managing EC2 instances, deploying applications, or running automation scripts, all from your browser.

IAM Roles:

IAM roles in AWS are like temporary access permissions for users or services. Instead of assigning long-term access (like with IAM users), roles give temporary permissions to access resources. For example, a service like EC2 can assume a role to access S3 without needing credentials.

IAM Security:

IAM helps secure your AWS environment by controlling who can do what. It ensures only authorized users or services can access specific resources. By using roles and permissions, you limit access to what’s necessary.

Best Practices:

1. Use roles, not users, for applications: Always assign permissions to roles instead of embedding credentials.

2. Follow the principle of least privilege: Only grant users or services the minimum permissions they need.

3. Enable Multi-Factor Authentication (MFA): Add an extra layer of security for users.

4. Rotate credentials regularly: Update passwords and access keys to reduce risk.

5. Monitor activity with AWS CloudTrail: Track who is accessing what, and regularly review permissions.

These best practices help keep your AWS environment secure and controlled.





Location: Kathmandu 44600, Nepal

Comments

Post a Comment

Popular posts from this blog

Deploy Quasar + Laravel + MySQL on AWS EC2 (Default VPC)

-
AWS EC2 Laravel Quasar / Vue.js MySQL A complete, step-by-step guide to deploying a full-stack application — Quasar (Vue.js) frontend, Laravel API backend, and MySQL database — on a single EC2 instance using the default VPC. ARCHITECTURE OVERVIEW Quasar SPA :80 / → Nginx reverse proxy → Laravel API :8000 /api → MySQL 8 :3306 All running on a single EC2 instance (Ubuntu 22.04) inside the default VPC TABLE OF CONTENTS Prerequisites Launch EC2 Instance Install Dependencies Set Up MySQL Deploy Laravel Backend Deploy Quasar Frontend Configure Nginx SSL with Let's Encrypt Troubleshooting STEP 01 Prerequisites Before starting, make sure you have: An AWS account with access to the EC2 dashboard A domain name pointed to your server (optional, but needed for SSL) Your Quasar + Laravel project pushed to a Git repository A local SSH key pair ℹ️ This guide assumes a single-server deployment. For production at scale, consider separat...
Read more

Nginx Load Balancing Lab on AWS EC2

-
Nginx Load Balancing Lab on AWS EC2 — Romanch Jung Rayamajhi Back to Portfolio Nginx AWS EC2 DevOps Nginx Load Balancing Lab on AWS EC2 A hands-on lab guide to setting up Nginx as a load balancer across multiple EC2 instances — covering round-robin, least connections, IP hash, and health checks. RJ Romanch Jung Rayamajhi April 2026 10 min read Architecture Overview Clients users / traffic → Nginx LB :80 load balancer → Backend 1 :8080 app server Backend 2 :8080 app server Backend 3 :8080 app server Nginx distributes traffic acro...
Read more

EC2 Fundamentals

-
Image
 Amazon: Elastic Compute Cloud (EC2) Basics Amazon EC2 (Elastic Compute Cloud) is a service within AWS (Amazon Web Services) that lets you rent virtual computers (servers) in the cloud to run applications. Think of it as hiring a computer remotely that you can control, customize, and use just like a computer at home or work. Here’s a breakdown of EC2 in simple terms: What EC2 Is : EC2 provides scalable virtual servers (instances) in the cloud. You can choose different types of instances based on your needs, like more CPU power, memory, or storage. Why Use EC2 : You only pay for what you use. You can scale up or down quickly—      add more instances when you need more computing  power and shut them down when you don’t. No need to manage physical servers or deal with maintenance. How It Works : Launch:         Start a new server (instance) by choosing an Amazon Machine Image (AMI), which is like a template of an operating system and basic soft...
Read more