[version_1.0]

Local IDE Prerequisites

If you choose to do this exercise using a local integrated development environment (IDE), you need to have already installed Docker, Node.js, and the AWS Serverless Application Model (AWS SAM).

Note: If you are using Microsoft Windows, you must also do the following: * You need to have already installed the Windows Subsystem for Linux (WSL2). * From the AWS documentation, you must follow the Linux installation instructions for AWS SAM and the AWS Command Line Interface (AWS CLI). * You should run the commands inside WSL because they will match the commands that are run inside AWS Cloud9.

Task A: Creating an IAM policy

In this task, you will create a customer managed policy in AWS Identity and Access Management (IAM). Customer managed policies provide more precise control over your policies than policies that AWS manages. This policy will have permissions that are specific to the AWS resources you need for this course.

1. In the AWS Management Console, choose and open IAM.

2. In the navigation pane, choose Policies.

3. Choose Create Policy.

4. Choose the JSON tab and in the editor box, replace the sample policy with the following code:

   {
     "Version": "2012-10-17",
     "Statement": [
       {
         "Effect": "Allow",
         "Action": [
           "apigateway:*",
           "lambda:*",
           "s3:*",
           "ssm:*",
           "logs:*",
           "iam:*",
           "cloudwatch:*",
           "cognito-identity:*",
           "cognito-idp:*",
           "states:*",
           "kms:ListAliases",
           "xray:*"
         ],
         "Resource": "*"
       }
     ]
   }

   You will see a Security warning about using wildcards (*), which can be overly permissive. In normal use cases, it’s a best practice to specify a resource’s Amazon Resource Name (ARN) or to be more restrictive with your actions. In this case, for the sake of the exercise, you can safely ignore these warnings.

5. Choose Next: Tags. You can optionally create tags to help identify, organize, or search for your policy. The exercise doesn’t require you to create any tags.

6. Choose Next: Review.

7. For Name, enter BuildingModernAppsPolicy.

8. Choose Create policy.

You successfully created an IAM policy.

Task B: Creating an IAM user and attaching a policy to the user

In this task, you will create an IAM user and attach a policy to the user. If you are familiar with IAM users, you might want to complete this section before you read the step-by-step instructions.

Important: IAM creates a comma-separated values (CSV) file to store the user name, password, access key ID, secret access key, and console login link for the user. Retrieve this CSV file by choosing Download.csv. Store the CSV file in a safe location.

1. Return to the IAM dashboard.

2. In the navigation pane, choose Users.

3. Choose Add user.

4. In the Set user details page, configure the following settings:
   • User name: BuildingModernAppsUser
   • Select AWS credential type:
     • Access key - Programmatic access
     • Password - AWS Management Console access
   • Console password: You can choose Autogenerated password or Custom password (If you choose Autogenerated password, you will be prompted to change your console password when you log in to the AWS Management Console as BuildingModernAppsUser)

5. Note the password for the BuildingModernAppsUser and choose Next: Permissions.

6. In the Set permissions section, choose Attach existing policies directly.

7. In the Filter policies search box, enter BuildingModernAppsPolicy and from the filtered list, select BuildingModernAppsPolicy.

8. Choose Next: Tags.

9. In this exercise, you don’t need to create tags for the user. Choose Next: Review.

10. Review the information, and choose Create user. You should see a success message.

11. Choose Download .csv. Store the CSV file in a safe location. The CSV file contains this information:

    • User name
    • Password
    • Access key ID
    • Secret access key
    • Console login link

12. Sign out of the console.

13. Use the console login link to sign in as the BuildingModernAppsUser IAM user.

14. You will be prompted to change password for BuildingModernAppsUser. Change the password and store your new password somewhere safe (for example, update the CSV file that you downloaded in this exercise).

Task C: Installing and configuring the AWS CLI

In this task, you will download the AWS CLI and follow the instructions for your specific operating system. After you download and install the tools, you will configure them with the access key for BuildingModernAppsUser.

1. On your computer, follow the instructions for your specific operating system in the AWS Command Line Interface User Guide for Version 2: Installing, updating, and uninstalling the AWS CLI version 2.

2. After you install the AWS CLI, you need to configure it by following the instructions in the AWS CLI User Guide for V2: Configuration basics.

3. When you are prompted, configure the following settings:
   • AWS Access Key ID: Access key ID value from the CSV file that you downloaded
   • AWS Secret Access Key: Secret access key value from the CSV file
   • Default region name: us-east-1

   • Default output format: Use the default setting by keeping this field empty

     user@hostname:~& aws configure
     AWS Access Key ID [********************]:
     AWS Secret Access Key [********************]:
     Default region name [none]:us-east-1
     Default output format [None]:

   The exercises in this course create infrastructure in the us-east-1 AWS Region in Northern Virginia, US. You can experiment with creating all the infrastructure in another Region. If you are new to the concepts in this course, we recommend following the instructions to create all resources in us-east-1.

4. Observe the location where the AWS CLI stores credentials: .aws/credentials and the config .aws/config. This location is referred to as the shared credentials file.