Omkar Kasture Blogs

DevOps Kickstart: Essential Tools, and Signups and AWS Set-Up

Omkar Kasture's photo
Omkar Kasture
·

10 min read

DevOps Kickstart: Essential Tools, and Signups and AWS Set-Up

Table of contents

Embarking on a DevOps journey starts with the right tools, sign-ups, and configurations. In this blog, we’ll guide you step by step through downloading essential resources, creating necessary accounts, and setting up your machine to gear up for a smooth DevOps experience.

Chocolatey

The first tool we’ll install is Chocolatey. Chocolatey is a package manager for Windows that simplifies software installation, configuration, and management. It allows users to install applications, tools, and utilities from the command line or scripts.

This is not a mandatory tool—you can always search for software on the internet, download it, and install it manually. However, Chocolatey makes the process quicker and more convenient, especially for DevOps practitioners managing multiple tools.

How to Install Chocolatey: https://chocolatey.org/install

  • Open PowerShell or Command Prompt as an administrator.

Run the following command to install Chocolatey:

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

Troubleshoot: if you face any error in powershell; open windows powersell as administrator and try again.

Homebrew

Similar to chocolatey, Homebrew is a popular package manager for macOS and Linux that simplifies installing software and tools via the command line.

Tools for Windows

Now let’s install all required tools one by one.

To check all software installed using chocolatey, simply run following command in windows powershell (run as administrator)

choco list

Install following tools as per requirement

choco install virtualbox --version=7.1.4 -y
choco install vagrant --version=2.4.3 -y
choco install git -y
choco install corretto17jdk -y
choco install maven -y
choco install awscli -y
choco install intellijidea-community -y
choco install vscode -y
choco install sublimetext3 -y

Tools for MacOs

Run all the below commands in Terminal

  • brew install --cask virtualbox (Not For MacOs M1/M2)

  • brew install --cask vagrant

  • brew install --cask vagrant-manager

  • brew install git brew install openjdk@17 sudo ln -sfn $HOMEBREW_PREFIX/opt/openjdk@17/libexec/openjdk.jdk /Library/Java/JavaVirtualMachines/openjdk.jdk exec zsh -l

  • brew install maven

  • brew install --cask visual-studio-code

  • brew install --cask intellij-idea

  • brew install --cask intellij-idea-ce

  • brew install --cask sublime-text brew install awscli

Setting Up for DevOps Journey

  1. GitHub Setup:

    • Visit GitHub.

    • Sign up with a username, email, and password.

    • Verify your email to activate the account.

    • Choose the free plan and configure your profile based on your needs.

  2. Purchasing a Domain: ( Not compulsory, Do it whenever you need it for production use cases)

    • Go to GoDaddy or any domain registrar.

    • Purchase the domain for one year, which is sufficient for most use cases.

  3. Docker Hub Setup:

    • Visit Docker Hub.

    • Sign up with a username, email, and password.

    • Choose the free plan.

    • Verify your email to complete the setup.

  4. SonarCloud Setup:

    • Visit SonarCloud.

    • Sign up using your GitHub account (log in to GitHub in the same browser).

    • Authorize SonarCloud for your GitHub account.

Setting Up AWS

(Refer some youtube videos)

  1. Create an AWS FreeTier Account:

    • Visit AWS.

    • sign up with your email and set up a free tier account.

    • Provide payment details (needed for free-tier access but will charge only if limits are exceeded).

  2. Configure IAM User with Multi-Factor Authentication (MFA):

    • Navigate to the IAM Service in AWS.

    • Create a new user with minimal permissions for day-to-day operations.

    • Enable MFA for added security.

    • Use a virtual authenticator app like Google Authenticator or Authy for MFA.

  3. Set Up a Billing Alarm:

    • Open the CloudWatch service.

    • Create an alarm for billing metrics.

    • Set a threshold for receiving notifications (e.g., $5 or any custom limit).

    • Configure an SNS topic to send email alerts for spikes in billing.

  4. Generate an HTTPS Certificate using AWS ACM:

    • Go to the AWS Certificate Manager (ACM) service.

    • Request a new public certificate for your domain (purchased earlier).

    • Validate domain ownership using DNS or email.

    • Use this certificate later for securing your services with HTTPS.

Why These Steps?

  • IAM with MFA: Prevents unauthorized access.

  • Billing Alarm: Keeps costs under control.

  • ACM Certificate: Essential for secure HTTPS connections in real-world applications.

Key Concepts in AWS Console

In the AWS Console, the following terms are key components for managing access and security:

1. Root User

  • The Root User is the account created when you first sign up for AWS. It has unrestricted access to all resources and services in your AWS account.

  • Root User Privileges: The root user has full administrative access, meaning they can:

    • Create and delete IAM users and roles.

    • Manage billing information.

    • Configure and manage all AWS services.

  • Security Best Practices:

    • Use the root user sparingly.

    • Enable multi-factor authentication (MFA) for additional security.

    • Avoid using the root user for day-to-day operations—create IAM users instead.

2. IAM (Identity and Access Management)

  • IAM allows you to create and manage users, groups, and permissions in AWS.

    • IAM Users: Individual accounts created for users who need access to AWS resources. Each IAM user has unique credentials (username/password and optionally access keys).

    • IAM Groups: A collection of IAM users that share the same permissions. By assigning permissions to groups, you can easily manage access for multiple users.

    • IAM Roles: Roles are a set of permissions that define what actions are allowed on specific AWS resources. Unlike IAM users, IAM roles can be assumed by both AWS services and IAM users.

3. MFA (Multi-Factor Authentication)

  • MFA adds an additional layer of security to your AWS account, requiring both your password and a second factor (such as a phone or hardware device) to access your account.

  • Root User MFA: Highly recommended for the root user to secure the account.

In Summary:

  • Root User: Full access, used for account setup and management.

  • IAM Users, Groups, and Roles: Used to manage access with restricted permissions.

  • MFA: Adds extra security to your AWS account.

What are IAM Users in AWS?

An IAM User is an identity within your AWS account that you create to represent a person, application, or service that needs access to your AWS resources. Each IAM user has specific permissions associated with it, which define what actions the user can perform on AWS services.

Key Features of IAM Users:

  1. Unique Identity:
    Each IAM user has a unique name and associated credentials, including a password and/or access keys, to interact with AWS services.

  2. Permissions:
    You assign permissions to an IAM user to allow or deny access to specific AWS resources. Permissions are assigned via IAM policies, which are either directly attached to users or inherited through IAM groups.

  3. Security Credentials:
    An IAM user can have different credentials based on the access type:

    • Password: Used for AWS Console access (sign in via the web UI).

    • Access Keys: Used for programmatic access to AWS via the CLI or SDKs (AWS CLI, AWS SDK).

    • Multi-Factor Authentication (MFA): Adds an extra layer of security for logging in by requiring a second factor in addition to the password.

  4. Group Membership:
    IAM users can be assigned to IAM groups. Groups are a way to manage permissions for multiple users at once. For example, you might create a Developers group and assign permissions for S3, EC2, and Lambda. Users in that group inherit these permissions.

  5. Tags:
    You can use tags (key-value pairs) to help identify and organize users. This is useful for tracking usage or billing.

  6. Console or Programmatic Access:

    • Console access: Users can sign in to the AWS Management Console with a username and password.

    • Programmatic access: Users can use access keys to interact with AWS services using the AWS CLI, SDKs, or APIs.

How to Create and Manage IAM Users:

  1. Create an IAM User:

    • Open the AWS Management Console.

    • Navigate to the IAM service.

    • Choose "Users" and click on "Add User."

    • Specify the username, select access type (Console or Programmatic), and assign permissions (either directly or via group).

  2. Assign Permissions:

    • You can assign permissions in multiple ways:

      • Attach policies directly to the user.

      • Add the user to groups (with predefined or custom policies).

      • Create custom policies for more specific access needs.

  3. Set Up MFA:

    • You can enable Multi-Factor Authentication (MFA) for the IAM user to add an additional layer of security. MFA requires the user to provide a code from an MFA device (e.g., an app like Google Authenticator) in addition to the password.

Best Practices for IAM Users:

  1. Principle of Least Privilege:
    Only grant the minimum permissions necessary for a user to perform their job. This reduces the potential damage from accidental or malicious actions.

  2. Use Groups for Permissions:
    Rather than managing permissions for individual IAM users, create groups and assign users to those groups. This simplifies management and ensures consistent permissions.

  3. Enable MFA for All Users:
    Use MFA for added security, especially for users with sensitive access (e.g., Admins).

  4. Rotate Access Keys Regularly:
    Periodically rotate access keys to minimize the risk of key compromise. Avoid embedding them in code or sharing them insecurely.

  5. Delete Inactive or Unused Users:
    Regularly audit IAM users and delete any accounts that are no longer in use to reduce the attack surface.

In summary, IAM users allow you to manage access to AWS resources securely by defining specific permissions, credentials, and security settings for each user. By leveraging IAM users effectively, you can ensure that only authorized individuals or services have access to your AWS resources while maintaining a high level of security.

AWS Billing Alert

A Billing Alert in AWS is a feature that allows you to monitor your AWS account’s usage and costs. It helps you stay on top of any unexpected spikes in charges by notifying you when your costs or usage exceed a specific threshold.

Key Features of Billing Alerts:

  1. Cost Monitoring:
    Billing alerts are useful for tracking the cost associated with your AWS resources. They alert you when your spending approaches or exceeds a set limit, helping you avoid unexpected high bills.

  2. Threshold-based Alerts:
    You can configure the alert to trigger when your AWS usage or costs surpass a certain threshold. For example, you might want to be notified if your monthly AWS usage exceeds $100.

  3. Notification Options:
    When the threshold is breached, you can configure the alert to send notifications via Amazon SNS (Simple Notification Service) to email addresses, phone numbers, or other notification services.

  4. Customizable:
    You can define your threshold based on a variety of metrics, such as:

    • Total monthly costs.

    • Specific service costs (e.g., EC2, S3, etc.).

    • Usage thresholds.

  5. Automatic Alerts:
    The alerts are automated, which means you don’t need to manually check the AWS billing page. Once set up, the system will notify you whenever usage exceeds the defined limit.

How to Set Up a Billing Alert in AWS:

  1. Enable Billing Alerts:

    • Log in to your AWS Management Console.

    • Navigate to Billing and Cost Management.

    • Under Billing Preferences, ensure that "Receive Billing Alerts" is enabled. This option sends alerts based on the threshold you define.

  2. Create an SNS Topic (if not already done):

    • Go to the SNS Dashboard in the AWS Console.

    • Click on Create topic, name the topic (e.g., "BillingAlertTopic"), and create it.

    • After creating the topic, you'll need to subscribe to it (e.g., using an email address where the alerts will be sent).

  3. Set Up the Billing Alert:

    • Go to Budgets under Billing and Cost Management.

    • Select Create budget and choose Cost Budget or Usage Budget, depending on your preference.

    • Set the threshold for when you want to be alerted (e.g., $50, $100, etc.).

    • Choose the SNS topic you created earlier for notification.

    • Optionally, you can set up alerts for specific AWS services, such as EC2, S3, etc.

  4. Review and Save:

    • Review your configuration.

    • Once you’re satisfied, click Create to save the billing alert.

Summary

Embarking on a DevOps journey involves setting up essential tools and accounts. Start by installing package managers like Chocolatey for Windows and Homebrew for macOS. Use Chocolatey to install key tools such as VirtualBox, Vagrant, Git, and AWS CLI on Windows. Homebrew commands can equip MacOS users with similar resources. For cloud development, set up GitHub, Docker Hub, SonarCloud, and AWS accounts with safeguards like IAM and MFA for security. Manage costs with AWS billing alerts and acquire domains and SSL certificates as needed for real-world applications. IAM controls access, while MFA enhances security across AWS services.

DevopsAWSaws console#AWSConfiguration