End of the AWS Task
Requirements:
- Make new user
- attach policy according to task
- granular level permission
Task
user will create s3 bucket, instance, db,
instance will have:
tomcat link to rds
its logs goes to s3 bucket
tomcat will be accessible via domain and not via instance ip
routing policy simple
user cant have admin access
user cant access iam
Task done
Step1 - Create Iam user
Created custom Policy policy4tom and added permission for ec2 full access
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"rds:*",
"s3:*",
"ec2:*"
],
"Resource": "*"
}
]
}and set permission boundary for Administrator access
Created EC2 Instance with security group rule for port 8080 enabled and added this user data
curl -O https://dlcdn.apache.org/tomcat/tomcat-9/v9.0.97/bin/apache-tomcat-9.0.97.zip
unzip apache-tomcat-9.0.97.zip
yum install java-17 -y
cd apache-tomcat-9.0.97/bin/
bash ./catalina.sh start after running instance check if tomcat page shows in port 8080
Create s3 bucket
To be continued …