Friday 27 July 2018

Example How to work with User and Instance profile in AWS IAM using CLI

How to create an IAM user and attach the user policy and group: 
aws iam --create-user --user-name james 
attach the user policy-AdministratorAccess: 
aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --user-name james
Add user to group: aws iam add-user-to-group --group-name admin --user-name james

How to Delete user and its policy :
aws iam detach-user-policy --user-name james --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
Note: Before you delete the user, you should remove the user from the group if the user is added into the group 

  • Remove user from the group: aws iam remove-user-from-group --group-name admin --user-name james
  • Delete the user: aws iam delete-user --user-name james 

Create and Delete an instance profile Example: 
aws iam create-instance-profile --instance-profile-name WebserverProfile
aws iam add-role-to-instance-profile --instance-profile-name WebserverProfile --role-name role_ec2S3Fullaccess
Note: Before you delete the instance profile you need to detach the role from the instance profile 

  • aws iam remove-role-from-instance-profile --instance-profile-name WebserverProfile --role-name role_ec2S3Fullaccess 
  • aws iam delete-instance-profile --instance-profile-name WebserverProfile
Posted by at No comments:

Monday 2 July 2018

How to Validate the AWS CloudFormation Template and execute the Dry-Run

Commands for validate the Cloudformation file and Run the CloudFormation template as a Dry-Run. The file can be in a json or yaml format To Run the below AWS commands on your terminal you should first install awscli and configure the user credentials and also a cloudformation template running in your region to which we are going to change some resources in the template and update the cfn template and run as dry-run and check the changes are valid or not and then execute the changes.

$ aws cloudformation validate-template --template-body file:///home/local/test/example.json

Working with ChangeSet:


create a changeset: aws cloudformation create-change-set --stack-name stackID|stackName --change-set-name changesetname --use-previous-template --parameters ParameterKey="InstanceType",UsePreviousValue=true ParameterKey="KeyPairName",UsePreviousValue=true ParameterKey="Purpose",ParameterValue="production"
View the changeset:
To get the ID of the change set, run the aws cloudformation list-change-sets command: aws cloudformation list-change-sets --stack-name stackID|stackName
Run the aws cloudformation describe-change-set command specifying the ID of the change set that you want to view: aws cloudformation describe-change-set --change-set-name changesetID
Execute the changeset: aws cloudformation execute-change-set --change-set-name changesetID
Delete the changeset: aws cloudformation delete-change-set --change-set-name changesetID

Posted by at No comments:
Subscribe to: Posts (Atom)