Friday, 27 July 2018

Example How to work with User and Instance profile in AWS IAM using CLI

How to create an IAM user and attach the user policy and group: 
aws iam --create-user --user-name james 
attach the user policy-AdministratorAccess: 
aws iam attach-user-policy --policy-arn arn:aws:iam::aws:policy/AdministratorAccess --user-name james
Add user to group: aws iam add-user-to-group --group-name admin --user-name james

How to Delete user and its policy :
aws iam detach-user-policy --user-name james --policy-arn arn:aws:iam::aws:policy/AdministratorAccess
Note: Before you delete the user, you should remove the user from the group if the user is added into the group 

  • Remove user from the group: aws iam remove-user-from-group --group-name admin --user-name james
  • Delete the user: aws iam delete-user --user-name james 

Create and Delete an instance profile Example: 
aws iam create-instance-profile --instance-profile-name WebserverProfile
aws iam add-role-to-instance-profile --instance-profile-name WebserverProfile --role-name role_ec2S3Fullaccess
Note: Before you delete the instance profile you need to detach the role from the instance profile 

  • aws iam remove-role-from-instance-profile --instance-profile-name WebserverProfile --role-name role_ec2S3Fullaccess 
  • aws iam delete-instance-profile --instance-profile-name WebserverProfile
Posted by at No comments:

Monday, 2 July 2018

How to Validate the AWS CloudFormation Template and execute the Dry-Run

Commands for validate the Cloudformation file and Run the CloudFormation template as a Dry-Run. The file can be in a json or yaml format To Run the below AWS commands on your terminal you should first install awscli and configure the user credentials and also a cloudformation template running in your region to which we are going to change some resources in the template and update the cfn template and run as dry-run and check the changes are valid or not and then execute the changes.

$ aws cloudformation validate-template --template-body file:///home/local/test/example.json

Working with ChangeSet:


create a changeset: aws cloudformation create-change-set --stack-name stackID|stackName --change-set-name changesetname --use-previous-template --parameters ParameterKey="InstanceType",UsePreviousValue=true ParameterKey="KeyPairName",UsePreviousValue=true ParameterKey="Purpose",ParameterValue="production"
View the changeset:
To get the ID of the change set, run the aws cloudformation list-change-sets command: aws cloudformation list-change-sets --stack-name stackID|stackName
Run the aws cloudformation describe-change-set command specifying the ID of the change set that you want to view: aws cloudformation describe-change-set --change-set-name changesetID
Execute the changeset: aws cloudformation execute-change-set --change-set-name changesetID
Delete the changeset: aws cloudformation delete-change-set --change-set-name changesetID

Posted by at No comments:
Subscribe to: Posts (Atom)