Appendix B
AWS Resources Needed to Use This Book

This appendix contains a list of AWS resources that you will need to set up under your own account in order to make the most of the content of this book.

Creating an IAM User for Development

In this section you will create an IAM user for development tasks. This user will have policies that allow access to a broad range of tasks on your resources. For instance, in a production scenario you will not use policies that provide access to all your Amazon S3 resources or allow all actions on every Amazon DynamoDB table. However, when you are developing a solution you can use a special development user, and then create production users with restrictive policies when you are closer to testing and releasing.

To get started, log in to the IAM management console using either an IAM user with administrative privileges or your root account credentials. Click the Users link in the IAM dashboard to load the user management page. Click the Add User button to start the process of creating a user under your root account (see Figure B.1).

Screenshot of creating an IAM user by clicking the Add User button.

FIGURE B.1 Creating an IAM user

Specify a username and ensure you have enabled both Programmatic Access and AWS Management Console Access (see Figure B.2).

Screenshot of details of an user in the screen, with user name, access type, console password, and require password reset.

FIGURE B.2 User details screen

Provide a custom password that will be used by the IAM user while logging in to the management console and ensure the Require Password Reset check box is enabled.

Once you have specified a username and access type, you will be asked to configure permissions for the user. Ensure the option labeled Add User To Group is selected and click the Create Group button (see Figure B.3).

Screenshot of creating a new group for the IAM user, by selecting option Add User To Group and clicking the Create Group button.

FIGURE B.3 Creating a new group for the IAM user

Name the new group MLDevelopers and add the following policies to the group:

  • AmazonMachineLearningFullAccess
  • AmazonSageMakerFullAccess
  • ComprehendFullAccess
  • AmazonS3FullAccess
  • AmazonDynamoDBFullAccess
  • AWSLambdaFullAccess
  • AmazonLexFullAccess
  • AmazonRekognitionFullAccess

Click the Create Group button to finish creating the group. On clicking the Create Group button, you will be taken back to the previous screen and will see your new group listed alongside existing groups (Figure B.4). Ensure the new user is added to the MLDevelopers group.

Screenshot of adding the new IAM user to the MLDevelopers group.

FIGURE B.4 Adding the new IAM user to the MLDevelopers group

Click the Next button to display the review screen and click the Create User button in the review screen to finish creating the user. You will be presented with a confirmation screen like the one in Figure B.5 that contains the name of the user just created as well as access credentials.

Screenshot of user confirmation screen, with user name, access key ID, secret access key, password, and email login instruction.

FIGURE B.5 User confirmation screen

Use the Download .csv button to download the full set of credentials for the user, and click the Close button to go back to the IAM home screen.

Creating S3 Buckets

In this section, you will use the AWS management console to create a set of S3 buckets that will be used in other chapters of the book. Log in to the IAM console using your dedicated IAM user-specific sign-in link and navigate to the S3 service home page (Figure B.6).

Screenshot of accessing the S3 management console, by logging in to the IAM console using your dedicated IAM user-specific sign-in link and navigating to the S3 service home page.

FIGURE B.6 Accessing the S3 management console

Recall from Chapter 9 that the S3 service is available in all regions, so you do not need to select a region in the management console. A bucket, on the other hand, is region-specific, and you will need to select the region in which you want to create the bucket.

Create the following buckets in a region of your choice. All the examples in this book use the EU (Ireland) region. If you decide to choose another region, keep in mind that some AWS services may not be available in your chosen region.

  • awsml-comprehend-entitydetection-result
  • awsml-comprehend-entitydetection-source
  • awsml-rekognition-awscli-source
  • awsml-rekognition-awslambda-source

The name you choose for your bucket must be globally unique, and prefixing a reverse-domain name is a common practice to ensure unique naming. Use a suitable prefix while creating the buckets.

You do not need to configure bucket versioning, logging, or cost allocation tags for any of these buckets at this stage (Figure B.7). When prompted, leave the settings at their default values.

Screenshot of configuring versioning, logging, and cost allocation tags in the create bucket window.

FIGURE B.7 Configuring versioning, logging, and cost allocation tags

When you reach the screen that allows you to configure access permissions for the bucket, ensure you apply the following settings:

  • Block new public ACLs and uploading public objects: Unchecked
  • Remove public access granted through public ACLs: Unchecked
  • Block new public bucket policies: Unchecked
  • Block public and cross-account access: Unchecked

Your screen should resemble Figure B.8.

Screenshot of configuring bucket permissions in create bucket window, with options such as name and region, configure options, set permissions, and review.

FIGURE B.8 Configuring bucket permissions

Click the Next button and proceed to create each bucket using the same settings as described in this section.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.224.51.55