8. AWS Primer for Terraform

# 8. AWS Primer for Terraform [toc] **Topics** :::success - [x] Create an S3 bucket via AWS Console - [x] Create AWS Access key id and Secret access key via AWS Console - [x] Get AWS Access key id and Secret access key via Simplilearn LMS - [x] Configure and work with AWS CLI ::: --- ### AWS Authentication mechanisms --- :::warning - AWS Console (GUI) --> User id + Password - AWS CLI (Command line) --> Access key id + Secret access key - AWS SDK (Programmatic access) --> Access key id + Secret access key ::: --- ### Create an S3 bucket via AWS Console --- ##### Login to AWS Console (console.aws.amazon.com) and click on *"View all services"*. ![](https://hackmd.io/_uploads/SkfWpQt82.png) ##### Scroll down to subcategory *"Storage"* and click *"S3"* ![](https://hackmd.io/_uploads/SyxcpXtUn.png) ##### On S3 Dashboard click on *"Create Bucket"* ![](https://hackmd.io/_uploads/SJPhT7FL3.png) ##### Provide a DNS compliant (Globally unique) name for your bucket. ![](https://hackmd.io/_uploads/H1igCQKIn.png) ##### Keep the rest of the setting to default, scroll down to the bottom of the page and click *"Create Bucket"* ![](https://hackmd.io/_uploads/HkzfkVtUn.png) ##### Your bucket should be created and listed under your *"Buckets"* ![](https://hackmd.io/_uploads/B1NUJ4KU2.png) :arrow_right: *If bucket creation fails, then add some additional characters to your proposed bucket name to make it globally unique.* --- ### Create AWS *access_key* and *secret_access_key* via AWS Console --- ##### Login into AWS Console ##### Navigate to IAM Dashboard --> Users --> select the user --> select "security credentials" ![](https://hackmd.io/_uploads/Bkp_yZtIn.png) ##### Scroll down to "Access Keys" and click on "Create access key" ![](https://hackmd.io/_uploads/SJ8sy-FUh.png) ##### Select the first option to create access key for CLI access, agree to terms and conditions and click *"Next"* ![](https://hackmd.io/_uploads/SyJGxZF83.png) ##### Provide an appropriate description tag for your credentials ![](https://hackmd.io/_uploads/rJ1DxZF8n.png) ##### Copy/download access key and secret access key ![](https://hackmd.io/_uploads/BkRCyZtUn.png) :arrow_right: *Make sure to copy/download the secret access key from the summary page. Once you exit the page this information cannot be retrieved again.* --- ### Get AWS Access key id and Secret access key via Simplilearn LMS --- ##### Login to your Simplilearn LMS and navigate to *Practice Labs* ![](https://hackmd.io/_uploads/BJEOPWYUn.png) ##### Make sure to select *AWS* as your lab environment and click on *Launch Lab* ![](https://hackmd.io/_uploads/Skf2DWtI3.png) ##### Click on *Launch Lab* again ![](https://hackmd.io/_uploads/ry40vWF82.png) ##### Select the Tile which says *AWS Web Console* and click on *Auth url* ![](https://hackmd.io/_uploads/HytG_-FIh.png) ##### Select the Tile which says *AWS API Access*. This will show the following details on screen - Access Key - Secret Key - Security Token ![](https://hackmd.io/_uploads/ry3O_WKLn.png) :arrow_right: *Make sure to copy all 3 in a text editor. We will need it when we write our terraform policy files.* --- ### Configure and work with AWS CLI --- #### AWS CLI installation - Login to your Simplilearn Lab Machine - Check if aws cli is installed already via the following command: ````yaml= Command: aws --version Expected Output: aws-cli/2.11.8 Python/3.11.2 Darwin/22.5.0 exe/x86_64 prompt/off ```` :arrow_right: *refere to [awscli installation](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) page if AWSCLI is not installed already* #### AWS CLI configuration - Run the *aws configure* command to configure aws cli on the system. Please note that you would need *access_key* and *secret_access_key* gathered in the previous steps. ````yaml= $ aws configure AWS Access Key ID [None]: <<your access-key-id here>> AWS Secret Access Key [None]: <<your secret-access-key here>> Default region name [None]: us-east-1 Default output format [None]: json ```` ![](https://hackmd.io/_uploads/rynroWtI2.png) #### Validate the configuration - Run any aws command to see if you are able to access your AWS account via CLI ````yaml= aws s3 ls aws ec2 describe-regions --output table ```` ![](https://hackmd.io/_uploads/Hy8YsZFI3.png) :arrow_right: *To understand more about AWS CLI commands refer the following AWS documentation link --> https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-commandstructure.html* ### References :::success - https://aws.amazon.com/free/ - https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html - https://aws.amazon.com/developer/tools/ **AWS Control Tower Resources** Workshops - [AWS Control Tower workshop](https://catalog.workshops.aws/control-tower/en-US) - [AWS Control Tower Immersion Day](https://controltower.aws-management.tools/immersionday/) Whitepapers - [Organizing Your AWS Environment Using Multiple Accounts [AWS Whitepaper]](https://docs.aws.amazon.com/pdfs/whitepapers/latest/organizing-your-aws-environment/organizing-your-aws-environment.pdf) - [AWS Security Reference Architecture [AWS Presctive Guidance]](https://d1.awsstatic.com/APG/aws-security-reference-architecture-v4.pdf) Talks/Webinars - [AWS re:Invent 2022 - Reimagining multi-account deployments for security and speed (NFX305)](https://www.youtube.com/watch?v=MKc9r6xOTpk) - [AWS re:Invent 2022 - Multi-Region design patterns and best practices (ARC306)](https://www.youtube.com/watch?v=ilgpzlE7Hds) :::