In this blog post series we’ll take a closer look at Amazon web services (AWS) and all their services in detail. We’ll start with an overview what Amazon web services (AWS) is and what you’ll get if you use them. Amazon Web Services (AWS) is a collection of cloud based web services you can use for a monthly fee. It was invented when Amazon faced scaling issues with their retail website in the early 2000s and opened up to the public crowd in 2006.
Today AWS is one of the largest cloud providers and powers a huge amount of the internet (e.g. Netflix, Airbnb, Pinterest or Slack). Here are some case studies if you’re interested how AWS helps companies scale their business. The available services range from servers (EC2), to storage (S3) up to devices you can use to test your applications (Device Farm).
If you want an overview what’s available you should check out their product page which lists and structures every available service. Don’t get too confused about the overwhelming number of services you can rent. Understand AWS as a service provider where you have access to different services you need while developing a modern application.
Sounds interesting but you don’t want to spent a bunch of money monthly to play around and get used to their services?
Amazon has you covered. There’s a very attractive starter plan available which allows you to play around with their services for free. I’d recommend that you’ll sign up for the free account so you can use the full potential of the framework and see the power of modern, applications.
What is IAM?
In this blog post series we’ll take a closer look at Amazon web services (AWS) and all their related services in detail. Today we will be looking at IAM (Identity and Access Management). What is it? How does it work? And how does the framework use it?
IAM stands for “Identitiy and Access Management” and makes it possible to control access to your AWS services and resources. IAM has different methods to control the access to AWS services.
Users
Create users if you want to grant other users access to your AWS account without sharing your login credentials.
Groups
Groups make it easy to manage access for multiple users.You could e.g. create a “servers” group with permissions to spin up EC2 instances and add multiple users to this group. This way the users in this group can create EC2 instances. Changes to permissions in this group affects all users who belong to that group.
Policies
With policies you can define permissions for users, groups and roles. Policies are the building blocks to define what action can be performed for what resource.
Let’s take a look at a simple policy:
{
“Version”: “2012-10-17”,
“Statement”: {
“Effect”: “Allow”,
“Action”: “s3:ListBucket”,
“Resource”: “arn:aws:s3:::example_bucket”
}
}
One can see that policies are defined with the help of the JSON syntax.
With Action you tell what kind of actions are allowed (in this case List S3 bucket). Resources defines what resource this action affects (Here it’s the S3 bucket with the name example_bucket) Effect can either be “Allow” or “Deny”.
You can read the policy above as follows: “Allow to list the stuff in the S3 bucket with the name example_bucket“. If you attach this policy to a user, this user will be allowed to perform this action. If you attach it to a group all users in that group can perform this action.
Roles
Roles are similar to users as they hold an AWS identity with permissions. Roles are often used if you e.g. want to grant access to AWS resources that the user normally doesn’t have. Another scenario would be that you want to grant an application access to your AWS resources without exposing your AWS credentials.
Identity providers
Identity providers enables you to let users gain access to your AWS resources with the help of an external identity provider (IdP). You may have used an external identity providers in the past if you’ve used your GitHub or Facebook account to sign in to another website.
What is Lambda?
What is it and how does the framework use it?
AWS describes Lambda as a “data processing service which runs code when it’s externally invoked (e.g. through events or other triggers)”. This sounds abstract and hard to understand but believe me. It’s not that hard. It simply means that you can zip and upload your code to AWS and Amazon sets up everything for you so that the code can be run. Lambda was celebrated as a game changer in cloud computing when it was introduced at re:invent in 2014. And you’ll see why in the next parts.