We need an AWS account to work on this chapter. If you don't have one, you can try AWS for 1 year, using the Free Tier program: https://aws.amazon.com/free/.
After signing up for the Free Tier, we can get access to our AWS account by setting a password. AWS accounts have a custom URL, where account administrators and other users can log in to the account dashboard: https://console.aws.amazon.com/billing/home?#/account.
All the main services are free, but with a few limits. So, always monitor the free-tier usage of AWS services while testing. AWS offers a unique model of roles called Identity and Access Management (IAM). This enables new users to be created and gives permissions to various services.
After we set up our AWS account, we should create IAM users and roles. But for the sake of simplicity, we will proceed with the account we created previously, where the creator is automatically an admin. We should allow programmatic access to our AWS account in order to deploy applications.
There are three ways we can interact with AWS to provision managed services:
- AWS console
- AWS Command-Line Interface (CLI) tool
- Third-party Software Development Kit (SDK)
In the first option, a user logs in to an AWS account and manually configures the AWS resources. In the second one, a user can install the client on their machine and manage resources using a command-line API. The third option is very low-level, where third-party libraries wrap the AWS API and provide a clean interface.
For the second and third options, a security credential has to be generated. A security credential consists of two keys:
- Access Key ID
- Secret access key
This security credential is used to authenticate any third-party applications with AWS. It can be obtained by navigating to IAM| Users| User| Name| Security Credentials on the AWS account and performing a Create Access Key operation.
Creating an access_key_id also generates a secret_access_key. These should be stored in a safe place. If you lose your secret key, you have to delete it from the IAM security credentials and create a new one.
Once a user obtains an access key ID and a secret access key successfully, they should create two files in the .aws directory in the home path.
On Linux and Mac OS X, create two files with the names credentials and config:
- ~/.aws/credentials:
[default]
aws_access_key_id=YOUR_ACCESS_KEY_ID
aws_secret_access_key=YOUR_SECRET_KEY
- ~/.aws/config:
[default]
region=eu-central-1
output=json
The credential file holds information about the access key and the secret access key in order to authenticate with AWS. The configuration file configures settings such as the AWS region in operation and the AWS CLI output format, such as JSON, XML, and so on.
On Windows, files should be created in C:\> dir "%UserProfile%\.aws".
The region in the configuration file is the geographical location where the application is hosted. In the preceding configuration, we picked Frankfurt(eu-central-1) as the preferred region. You should select the region that's closed to the client.
Our goal is to run an application behind the API Gateway on AWS. Instead of doing that manually from the AWS console, we are going to use a tool called Terraform. Terraform provides IaC, where we can have Terraform scripts record the resource creation on AWS. AWS provides an in-house IaC solution called CloudFormation. Terraform is much simpler—as well as less verbose—than AWS CloudFormation. In the next section, we'll explore Terraform and its internals.