aws-production/README.md

# AWS CDK Production Demo

This CDK application creates a production-like AWS environment using Native American tribes and deities naming convention. All resources are designed to stay within AWS Free Tier limits.

## 🏛️ Naming Convention

This project uses Native American tribes and deities for resource naming:

### Network Resources (Cherokee Nation Theme)
- **Cherokee VPC** - Main virtual private cloud
- **Sequoyah Public Subnet** - Named after Cherokee scholar who created Cherokee syllabary

### Security (Apache Nation Theme)
- **Apache Security Group** - Named after the Apache people, known for their warrior culture

### Compute (Sioux Nation Theme)
- **Sitting Bull Instance** - Named after famous Lakota leader and holy man
- **Crazy Horse Instance** - Named after famous Oglala Lakota war leader

### Storage (Cherokee Theme)
- **Cherokee Storage Bucket** - S3 bucket for logging and demos

### IAM (Native American Deities Theme)
- **Kokopelli Group** - ReadOnly access group (Hopi fertility deity)
- **Quetzalcoatl User** - IAM user (Aztec feathered serpent deity)
- **Wendigo User** - IAM user (Algonquian cannibalistic spirit)
- **Thunderbird User** - IAM user (Powerful supernatural bird)
- **Coyote User** - IAM user (Trickster deity in Western tribes)
- **Raven User** - IAM user (Creator deity in Pacific Northwest)

## 🏗️ Architecture

```
Cherokee VPC (10.0.0.0/16)
├── Sequoyah Public Subnet
    ├── Sitting Bull EC2 (NGINX Web Server)
    ├── Crazy Horse EC2 (NGINX Web Server)
    └── Apache Security Group (SSH:22, HTTP:80)
├── Cherokee Storage S3 Bucket
└── Kokopelli IAM Group (5 deity users with ReadOnly access)
```

## 📋 Resources Created

### Networking
- **1 VPC** with DNS resolution enabled
- **1 Public Subnet** with auto-assign public IP
- **1 Internet Gateway** (automatically created)
- **Route Tables** (automatically configured)

### Compute
- **2 EC2 t2.micro instances** (Free Tier eligible)
- **NGINX** automatically installed and configured
- **Custom welcome pages** with server identification

### Security
- **1 Security Group** allowing SSH (22) and HTTP (80) from anywhere
- **EC2 Key Pair** for SSH access (you must create this)

### Storage
- **1 S3 Bucket** with versioning and encryption enabled
- **Block all public access** for security

### IAM
- **1 IAM Group** with AWS ReadOnlyAccess policy
- **5 IAM Users** with console access and auto-generated passwords
- **Least privilege** access with password change permissions

## 🚀 Deployment Instructions

### Prerequisites
Ensure you have:
- AWS CLI configured with credentials
- CDK bootstrapped in your region
- EC2 Key Pair created (`my-cdk-keypair`)

### Deploy Steps

1. **Install dependencies:**
```bash
pip install -r requirements.txt
```

2. **Synthesize the stack:**
```bash
cdk synth
```

3. **Deploy the stack:**
```bash
cdk deploy ManitouProductionStack
```

4. **View outputs:**
The deployment will show:
- Public IP addresses of both web servers
- IAM usernames
- S3 bucket name
- Web URLs for easy access

### Access Your Resources

**Web Servers:**
- Visit the output URLs to see NGINX welcome pages
- Each server has a custom page identifying itself

**SSH Access:**
```bash
ssh -i my-cdk-keypair.pem ec2-user@<PUBLIC_IP>
```

**AWS Console:**
- Use the created IAM user credentials to log into AWS Console
- Users have ReadOnly access across AWS services

## 🏷️ Resource Tags

All resources are tagged with:
- **Environment**: Production
- **Project**: CDK-Demo
- **Owner**: DevOps-Team
- **CostCenter**: Engineering

## 💰 Cost Optimization

This setup is designed for AWS Free Tier:
- **EC2**: t2.micro instances (750 hours/month free)
- **S3**: 5GB storage free
- **VPC**: No additional charges for basic networking
- **IAM**: No charges for users and groups

## 🧹 Cleanup

To avoid any potential charges:

```bash
cdk destroy ManitouProductionStack
```

This will remove all resources except:
- EC2 Key Pair (you created this manually)
- Any data you uploaded to S3 (if removal policy changed)

## 🔒 Security Notes

- **IAM Users**: Have ReadOnly access only
- **EC2 Access**: SSH key required for instance access
- **S3 Bucket**: Blocks all public access
- **Security Groups**: Allow SSH and HTTP from anywhere (adjust for production use)

## 📝 Customization

To modify the setup:
1. Edit `production_stack.py`
2. Run `cdk diff` to see changes
3. Run `cdk deploy` to apply changes

## 🙏 Cultural Respect

This naming convention honors Native American tribes and spiritual traditions. The names are used with respect for their cultural significance and historical importance.
automated terminal push 2025-06-27 16:09:23 +00:00			`# AWS CDK Production Demo`
automated terminal push 2025-06-27 16:06:02 +00:00
			`This CDK application creates a production-like AWS environment using Native American tribes and deities naming convention. All resources are designed to stay within AWS Free Tier limits.`

			`## 🏛️ Naming Convention`

			`This project uses Native American tribes and deities for resource naming:`

			`### Network Resources (Cherokee Nation Theme)`
			`- Cherokee VPC - Main virtual private cloud`
			`- Sequoyah Public Subnet - Named after Cherokee scholar who created Cherokee syllabary`

			`### Security (Apache Nation Theme)`
			`- Apache Security Group - Named after the Apache people, known for their warrior culture`

			`### Compute (Sioux Nation Theme)`
			`- Sitting Bull Instance - Named after famous Lakota leader and holy man`
			`- Crazy Horse Instance - Named after famous Oglala Lakota war leader`

			`### Storage (Cherokee Theme)`
			`- Cherokee Storage Bucket - S3 bucket for logging and demos`

			`### IAM (Native American Deities Theme)`
			`- Kokopelli Group - ReadOnly access group (Hopi fertility deity)`
			`- Quetzalcoatl User - IAM user (Aztec feathered serpent deity)`
			`- Wendigo User - IAM user (Algonquian cannibalistic spirit)`
			`- Thunderbird User - IAM user (Powerful supernatural bird)`
			`- Coyote User - IAM user (Trickster deity in Western tribes)`
			`- Raven User - IAM user (Creator deity in Pacific Northwest)`

			`## 🏗️ Architecture`

			```
			`Cherokee VPC (10.0.0.0/16)`
			`├── Sequoyah Public Subnet`
			`├── Sitting Bull EC2 (NGINX Web Server)`
			`├── Crazy Horse EC2 (NGINX Web Server)`
			`└── Apache Security Group (SSH:22, HTTP:80)`
			`├── Cherokee Storage S3 Bucket`
			`└── Kokopelli IAM Group (5 deity users with ReadOnly access)`
			```

			`## 📋 Resources Created`

			`### Networking`
			`- 1 VPC with DNS resolution enabled`
			`- 1 Public Subnet with auto-assign public IP`
			`- 1 Internet Gateway (automatically created)`
			`- Route Tables (automatically configured)`

			`### Compute`
			`- 2 EC2 t2.micro instances (Free Tier eligible)`
			`- NGINX automatically installed and configured`
			`- Custom welcome pages with server identification`

			`### Security`
			`- 1 Security Group allowing SSH (22) and HTTP (80) from anywhere`
			`- EC2 Key Pair for SSH access (you must create this)`

			`### Storage`
			`- 1 S3 Bucket with versioning and encryption enabled`
			`- Block all public access for security`

			`### IAM`
			`- 1 IAM Group with AWS ReadOnlyAccess policy`
			`- 5 IAM Users with console access and auto-generated passwords`
			`- Least privilege access with password change permissions`

			`## 🚀 Deployment Instructions`

			`### Prerequisites`
			`Ensure you have:`
			`- AWS CLI configured with credentials`
			`- CDK bootstrapped in your region`
			- EC2 Key Pair created (`my-cdk-keypair`)

			`### Deploy Steps`

			`1. Install dependencies:`
			```bash
			`pip install -r requirements.txt`
			```

			`2. Synthesize the stack:`
			```bash
			`cdk synth`
			```

			`3. Deploy the stack:`
			```bash
			`cdk deploy ManitouProductionStack`
			```

			`4. View outputs:`
			`The deployment will show:`
			`- Public IP addresses of both web servers`
			`- IAM usernames`
			`- S3 bucket name`
			`- Web URLs for easy access`

			`### Access Your Resources`

			`Web Servers:`
			`- Visit the output URLs to see NGINX welcome pages`
			`- Each server has a custom page identifying itself`

			`SSH Access:`
			```bash
			`ssh -i my-cdk-keypair.pem ec2-user@<PUBLIC_IP>`
			```

			`AWS Console:`
			`- Use the created IAM user credentials to log into AWS Console`
			`- Users have ReadOnly access across AWS services`

			`## 🏷️ Resource Tags`

			`All resources are tagged with:`
			`- Environment: Production`
			`- Project: CDK-Demo`
			`- Owner: DevOps-Team`
			`- CostCenter: Engineering`

			`## 💰 Cost Optimization`

			`This setup is designed for AWS Free Tier:`
			`- EC2: t2.micro instances (750 hours/month free)`
			`- S3: 5GB storage free`
			`- VPC: No additional charges for basic networking`
			`- IAM: No charges for users and groups`

			`## 🧹 Cleanup`

			`To avoid any potential charges:`

			```bash
			`cdk destroy ManitouProductionStack`
			```

			`This will remove all resources except:`
			`- EC2 Key Pair (you created this manually)`
			`- Any data you uploaded to S3 (if removal policy changed)`

			`## 🔒 Security Notes`

			`- IAM Users: Have ReadOnly access only`
			`- EC2 Access: SSH key required for instance access`
			`- S3 Bucket: Blocks all public access`
			`- Security Groups: Allow SSH and HTTP from anywhere (adjust for production use)`

			`## 📝 Customization`

			`To modify the setup:`
			1. Edit `production_stack.py`
			2. Run `cdk diff` to see changes
			3. Run `cdk deploy` to apply changes

			`## 🙏 Cultural Respect`

			`This naming convention honors Native American tribes and spiritual traditions. The names are used with respect for their cultural significance and historical importance.`
Initial commit 2025-06-27 14:23:36 +00:00