Creating two types of IAM users in AWS using the CLI

To create a user in AWS IAM using the CLI (after you have configured it), use the following:

Create a user with programmatic access (access key ID and secret access key):

$ aws iam create-user \
  --user-name User_Prog_Access

Response: 
{
    "User": {
        "Path": "/",
        "UserName": "User_Prog_Access",
        "UserId": "AIDExampleUserId",
        "Arn": "arn:aws:iam::123333333:user/User_Prog_Access",
        "CreateDate": "2021-01-29T12:20:43+00:00"
    }
}

$ aws iam create-access-key \
  --user-name User_Prog_Access

Response:
{
    "AccessKey": {
        "UserName": "User_Prog_Access",
        "AccessKeyId": "AKIExampleAccessKeyID",
        "Status": "Active",
        "SecretAccessKey": "ttExampleSecretAccessKey",
        "CreateDate": "2021-01-29T12:21:22+00:00"
    }
}

And for a user with console access:

$ aws iam create-user \
  --user-name User_Console_Access

Response:
{
    "User": {
        "Path": "/",
        "UserName": "User_Console_Access",
        "UserId": "AIExampleUserId",
        "Arn": "arn:aws:iam::933323111111:user/User_Console_Access",
        "CreateDate": "2021-01-29T12:31:46+00:00"
    }
}

$ aws iam create-login-profile \
  --user-name User_Console_Access \
  --password Temp_Password4 \
  --password-reset-required

Response:
{
    "LoginProfile": {
        "UserName": "User_Console_Access",
        "CreateDate": "2021-01-29T12:35:28+00:00",
        "PasswordResetRequired": true
    }
}

AWS allowing access to Billing to IAM user

Problem

When you create a new AWS account the access to Billing for IAM users is not enabled by default.

Solution

In order to allow access you have to follow the steps below:

  • Login to your AWS account with your root user (email and password)
  • Go to the top right drop down ‘My Account’
  • Find the section that is called ‘IAM User and Role Access to Billing information’, use ‘Edit’, tick the box ‘Enable access’ and then ‘Update’.

More information can be found in the Amazon’s help page https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/control-access-billing.html#ControllingAccessWebsite-Activate

Getting rails console on an amazon aws server when using rvm

Problem

You would like to get access to your rails application console on an Amazon ec2 instance, and you are also using rvm.

Solution

  • Login with ssh to your server as normal:
    ssh name@myserver.com -i amazon_key
  • Go to your application’s current folder:
    cd /my/project/directory/current/
  • Run the following replacing the environment with your specific environment (ie production,beta,staging etc):
    bundle exec rails c environment

Enabling MySQL server to be remotely accessible in Amazon EC2

Problem

You want to make your instance’s mysql server in Amazon available remotely, and you have set the firewall setting in your security group to allow access to port 3306, but you get the following error:

ERROR 2003 (HY000): Can't connect to MySQL server

Solution

You would need to edit your /etc/mysql/my.cnf file to allow access to the mysql server by changing the line:

bind_address 127.0.0.1

to

bind_address AMAZON_PRIVATE_IP

Make sure that the IP used is the private ip and not the Elastic IP.
You should be able to find that in your instance control panel.