Amazon Web Services (AWS)

Updated Dec 03, 2024 ·

AWS Account

To sign-up for an AWS Free tier account, click here.

AWS CLI

If you've installed AWS CLI before then there is a chance that you're using the version 1. You can do either of the following:

• Replace version 1 with version 2
• Install both version side-by-side

To install AWS CLI, check out the official AWS Installation Guide for AWS CLI v2

• Install AWS CLI.

  curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
  unzip awscliv2.zip
  sudo ./aws/install 

• Verify AWS CLI installation.

  $ aws --version
  
  aws-cli/2.19.1 Python/3.12.6 Linux/5.15.153.1-microsoft-standard-WSL2 exe/x86_64.ubuntu.22  

AWS SAM CLI

Reference: Getting started with AWS Serverless

• Download the AWS SAM CLI file.

• To copy files from your local computer to the Linux machine, user SCP. Make sure to specify the keypair for the Linux machine.

  scp -i /path/to/key.pem file.txt username@<host-ip>:/tmp/ 

• Login to your Linx machine and unzip the AWS SAM file and install.

  unzip aws-sam-cli-linux-x86_64.zip -d sam-installation  
  sudo ./sam-installation/install

• Verify installation.

  $ sam --version

  Output:

  SAM CLI, version 1.127.0  

Create the IAM Policy

Create the EKSFullAccess policy that allows us access to EKS and ECR.

1. Go to IAM console.

2. In the left panel, click Policies.

3. Click Create Policy.

4. Choose the JSON tab and paste the EKSFullAccess policy.

5. Click Review Policy.

6. Give the policy the name and description.

   Name: EKSFullAccess Description: Allows full admin access for EKS and ECR resources.

7. Finally, click Create Policy.

Create the Service-linked Role

To create a service-linked role:

1. Log-in to your AWS Management Console and go to IAM dashboard.
2. in the left menu, click Roles > Create Role
3. In the Select trusted entity page, choose AWS Service.
4. In the Use cases for other AWS services, type EKS.
5. Select the EKS (Allow EKS to manage clusters in your behalf) then click Next > Next
6. In the Name, review, and create step, git it a name: EKSServiceRole click Create role.

Back at the Roles page, click the role you just created to show the details. Copy the ARN. We'll be using it in the IAM Policy next.

arn:aws:iam::1234567890:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS 

Keypairs

Refer to the links below.

• Create a keypair

• Create a IAM user

• Create an access key

For the keypair, store it inside ~/.ssh directory.

For the IAM User and Group, make sure to add the user to the group. Sample values:

• IAM User: k8s-admin
• IAM Group: k8s-lab

For EKS Labs

While you can attach the EKSFullAccess policy to your user, you can also give it the AdministratorAccess. Once you've created the k8s-admin, log-in to the AWS Management Console using this IAM user.

IAM Users

Create a user in IAM and provide it with the necessary permissions. For testing purposes, you can provide it administrator access for now but note that limited permissions should always be provided to IAM users.

IAM user >  Create user > Enter user name > Next > Next > Create User 

IAM Group

Create the k8s-lab group.

1. Go to IAM console.

2. In the left panel, click User Groups.

3. Click Create group

4. Give it a user group name: k8s-lab

5. Scroll below to the Attach User section. Choose "k8s-admin" and the current user you're signed in to.

6. Scroll below to the Attach permission policies.

7. Filter and add the following policy.

   • AmazonEC2FullAccess
   • AmazonEKSClusterPolicy
   • AmazonEKSWorkerNodePolicy
   • AmazonS3FullAccess
   • AmazonSNSReadOnlyAccess (for CloudFormation)
   • AmazonEKSServicePolicy
   • AWSCloudFormationFullAccess

8. Finally, click Create group.

9. You may add the new user to this group.

Note: You may encounter some issue when using this user with limited IAM permissions. As a workaround, you can attach the AdministratorAccess to the user.

Access Keys

Select your user and go to Security credentials and then under Access keys, click Create access key. Select CLI for use case and chekc the confirmation statement at the bottom. Click Next and then Create Access key.

In the Retrieve access keys, click Show to see the secret access key. This is the only time the secreat access key will be shown. Make sure to note it down. Click Done.

To configure your CLI, run:

aws configure  

Then enter the access key and secret access key. You can change the region to other AWS regions.

AWS Access Key ID [None]: AKIA4LE56APQMRZJEIEV
AWS Secret Access Key [None]: ****************************************
Default region name [None]: ap-southeast-1
Default output format [None]: 

Credentials File

In your terminal, configure the .aws/credentials file that's automatically created in your home directory. Supply the access key ID and secret access key which you downloaded in the previous step.

vim ~/.aws/credentials 

# /home/user/.aws/credentials

[k8s-admin]
aws_access_key_id = AKIAxxxxxxxxxxxxxxxxxxx
aws_secret_access_key = ABCDXXXXXXXXXXXXXXXXXXXXXXX
region = ap-southeast-1
output = json

You can use a different profile name. To use the profile, export it as a variable.

export AWS_PROFILE=k8s-admin

To verify, we can run the commands below:

aws configure list 

aws sts get-caller-identity 

Although the region is already set in the profile, we'll also be using the region in many of the commands. We can save it as a variable.

export AWSREGION=ap-southeast-1