CS

Průvodce vývojem AWS

This guide covers Amazon Web Services (AWS) tools and services essential for modern cloud development. It provides practical commands and configurations for managing AWS resources effectively, following AWS best practices.

Identity and Access Management (IAM)

IAM is AWS’s service for controlling access to AWS resources. It allows you to manage users, groups, roles, and permissions.

IAM Concepts

  • Users: Individual identities with credentials.
  • Groups: Collections of users with shared permissions.
  • Roles: Assignable permissions for services or users.
  • Policies: JSON documents defining allowed/denied actions.

Common IAM Commands

List Roles:

aws iam list-roles --profile bf-gsgteaser-sandbox

Create Instance Profile:

aws iam create-instance-profile --instance-profile-name test_ec2_ssm_profile --profile bf-gsgteaser-sandbox

Add Role to Instance Profile:

aws iam add-role-to-instance-profile --instance-profile-name test_ec2_ssm_profile --role-name test_ec2_ssm --profile bf-gsgteaser-sandbox

List Instance Profiles:

aws iam list-instance-profiles --profile bf-gsgteaser-sandbox

Create User and Group:

aws iam create-user --user-name john-doe
aws iam create-group --group-name developers
aws iam add-user-to-group --user-name john-doe --group-name developers

Attach Managed Policy:

aws iam attach-user-policy \
  --user-name john-doe \
  --policy-arn arn:aws:iam::aws:policy/ReadOnlyAccess

Create and Attach Custom Policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*"
    }
  ]
}

aws iam create-policy \
  --policy-name MyCustomPolicy \
  --policy-document file://policy.json

aws iam attach-user-policy \
  --user-name john-doe \
  --policy-arn arn:aws:iam::123456789012:policy/MyCustomPolicy

Create Role for EC2:

aws iam create-role \
  --role-name EC2-ReadOnly \
  --assume-role-policy-document file://trust-policy.json

Trust Policy for EC2 Role (trust-policy.json):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Attach Role to EC2 Instance (via instance profile):

aws ec2 associate-iam-instance-profile \
  --instance-id i-1234567890abcdef0 \
  --iam-instance-profile Name=EC2-ReadOnly-Profile

IAM Best Practices

  1. Principle of Least Privilege: Grant only necessary permissions.
  2. Use Groups and Roles: Assign permissions to groups/roles instead of individual users.
  3. Enable MFA: Require multi-factor authentication for privileged users.
  4. Rotate Credentials: Change access keys and passwords regularly.
  5. Monitor Activity: Use CloudTrail and IAM Access Analyzer.
  6. Regular Audits: Review and remove unused users, roles, and policies.
  7. Policy Conditions: Use policy conditions for additional security.
  8. Service Control Policies: Apply SCPs in AWS Organizations for account-level control.

AWS CLI Configuration

Profiles

aws configure --profile myprofile
aws s3 ls --profile myprofile

Environment Variables

export AWS_ACCESS_KEY_ID=your_access_key
export AWS_SECRET_ACCESS_KEY=your_secret_key
export AWS_DEFAULT_REGION=us-east-1

Developer Tools

AWS CodeBuild

List Projects and Builds:

aws codebuild list-projects --profile testuser-sandbox
aws codebuild list-builds --profile testuser-sandbox

Features:

  • Managed build environment (no servers to maintain)
  • Multi-language support
  • CI/CD integration with CodePipeline
  • Custom Docker images
  • Parallel builds

Logging and Monitoring

  • CloudWatch: Metrics, logs, alarms
  • CloudTrail: Auditing and governance
  • X-Ray: Distributed application tracing
  • AWS Config: Compliance monitoring
  • Trusted Advisor: Security, cost, performance checks

JavaScript Development on AWS

NPX Commands:

npx create-react-app my-app
npx eslint .
npx package-name@version

Cost Optimization

  1. Right-size resources
  2. Use Reserved or Savings Plans for predictable workloads
  3. Implement Auto Scaling
  4. Monitor usage with Cost Explorer
  5. Clean up unused resources

Amazon EC2

Instance Types (updated)

  • General Purpose: T3, M5, M6g
  • Compute Optimized: C5, C6g
  • Memory Optimized: R5, R6g, X1, X1e
  • Storage Optimized: I3, D2, D3
  • Accelerated Computing: P3, P4, G4dn, G5

EC2 Commands

aws ec2 run-instances --image-id ami-0abcdef1234567890 \
  --count 1 --instance-type t2.micro \
  --key-name my-key-pair \
  --security-group-ids sg-12345678 \
  --subnet-id subnet-12345678

Start/Stop/Terminate:

aws ec2 start-instances --instance-ids i-1234567890abcdef0
aws ec2 stop-instances --instance-ids i-1234567890abcdef0
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0

Security Group Example:

aws ec2 create-security-group --group-name my-sg --description "My security group"
aws ec2 authorize-security-group-ingress \
  --group-id sg-12345678 --protocol tcp --port 22 --cidr 0.0.0.0/0

EC2 Auto Scaling

aws autoscaling create-launch-configuration \
  --launch-configuration-name my-lc \
  --image-id ami-0abcdef1234567890 \
  --instance-type t2.micro

aws autoscaling create-auto-scaling-group \
  --auto-scaling-group-name my-asg \
  --launch-configuration-name my-lc \
  --min-size 1 --max-size 10 --desired-capacity 2 \
  --availability-zones us-east-1a

Amazon ECS

Task Definition Example (Fargate):

{
  "family": "my-app",
  "taskRoleArn": "arn:aws:iam::123456789012:role/ecsTaskRole",
  "executionRoleArn": "arn:aws:iam::123456789012:role/ecsTaskExecutionRole",
  "networkMode": "awsvpc",
  "requiresCompatibilities": ["FARGATE"],
  "cpu": "256",
  "memory": "512",
  "containerDefinitions": [
    {
      "name": "my-container",
      "image": "nginx:latest",
      "essential": true,
      "portMappings": [{"containerPort": 80,"protocol": "tcp"}]
    }
  ]
}

Register Task Definition:

aws ecs register-task-definition --cli-input-json file://task-definition.json

Create Listener (correct JSON format):

aws elbv2 create-listener \
  --load-balancer-arn arn:aws:elasticloadbalancing:... \
  --protocol HTTP --port 80 \
  --default-actions '[{"Type":"forward","TargetGroupArn":"arn:aws:elasticloadbalancing:..."}]'

Amazon S3

  • Buckets: Containers for objects
  • Objects: Files with metadata
  • Keys: Unique object identifiers
  • Regions: Geographical storage locations

Change Storage Class Safely:

aws s3 cp s3://my-bucket/myfile.txt s3://my-bucket/myfile.txt \
  --storage-class STANDARD_IA --metadata-directive COPY

Bucket Policy Example:

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Principal": "*",
    "Action": "s3:GetObject",
    "Resource": "arn:aws:s3:::my-bucket/*"
  }]
}

Amazon RDS

Create DB Instance:

aws rds create-db-instance \
  --db-instance-identifier mydb \
  --db-instance-class db.t2.micro \
  --engine mysql \
  --master-username admin \
  --master-user-password mypassword \
  --allocated-storage 20

Backups, Snapshots, and Security follow standard practices (as in original guide).

AWS Lambda

Create Function:

aws lambda create-function \
  --function-name my-function \
  --runtime python3.9 \
  --role arn:aws:iam::123456789012:role/lambda-role \
  --handler lambda_function.lambda_handler \
  --code S3Bucket=my-bucket,S3Key=function.zip

Add Triggers: API Gateway, S3, DynamoDB (as in original guide).

Set Environment Variables, Memory, Timeout, Layers: Commands are correct.

Getting Started

  1. Create AWS account, configure billing alerts.
  2. Set up AWS CLI and profiles.
  3. Learn IAM basics and create users/roles.
  4. Explore AWS services via console.
  5. Start with free-tier services.
  6. Implement monitoring, logging, and security from the start.
← Back to Homepage