# AWS CDK Production Demo This CDK application creates a production-like AWS environment using Native American tribes and deities naming convention. All resources are designed to stay within AWS Free Tier limits. ## ๐Ÿ›๏ธ Naming Convention This project uses Native American tribes and deities for resource naming: ### Network Resources (Cherokee Nation Theme) - **Cherokee VPC** - Main virtual private cloud - **Sequoyah Public Subnet** - Named after Cherokee scholar who created Cherokee syllabary ### Security (Apache Nation Theme) - **Apache Security Group** - Named after the Apache people, known for their warrior culture ### Compute (Sioux Nation Theme) - **Sitting Bull Instance** - Named after famous Lakota leader and holy man - **Crazy Horse Instance** - Named after famous Oglala Lakota war leader ### Storage (Cherokee Theme) - **Cherokee Storage Bucket** - S3 bucket for logging and demos ### IAM (Native American Deities Theme) - **Kokopelli Group** - ReadOnly access group (Hopi fertility deity) - **Quetzalcoatl User** - IAM user (Aztec feathered serpent deity) - **Wendigo User** - IAM user (Algonquian cannibalistic spirit) - **Thunderbird User** - IAM user (Powerful supernatural bird) - **Coyote User** - IAM user (Trickster deity in Western tribes) - **Raven User** - IAM user (Creator deity in Pacific Northwest) ## ๐Ÿ—๏ธ Architecture ``` Cherokee VPC (10.0.0.0/16) โ”œโ”€โ”€ Sequoyah Public Subnet โ”œโ”€โ”€ Sitting Bull EC2 (NGINX Web Server) โ”œโ”€โ”€ Crazy Horse EC2 (NGINX Web Server) โ””โ”€โ”€ Apache Security Group (SSH:22, HTTP:80) โ”œโ”€โ”€ Cherokee Storage S3 Bucket โ””โ”€โ”€ Kokopelli IAM Group (5 deity users with ReadOnly access) ``` ## ๐Ÿ“‹ Resources Created ### Networking - **1 VPC** with DNS resolution enabled - **1 Public Subnet** with auto-assign public IP - **1 Internet Gateway** (automatically created) - **Route Tables** (automatically configured) ### Compute - **2 EC2 t2.micro instances** (Free Tier eligible) - **NGINX** automatically installed and configured - **Custom welcome pages** with server identification ### Security - **1 Security Group** allowing SSH (22) and HTTP (80) from anywhere - **EC2 Key Pair** for SSH access (you must create this) ### Storage - **1 S3 Bucket** with versioning and encryption enabled - **Block all public access** for security ### IAM - **1 IAM Group** with AWS ReadOnlyAccess policy - **5 IAM Users** with console access and auto-generated passwords - **Least privilege** access with password change permissions ## ๐Ÿš€ Deployment Instructions ### Prerequisites Ensure you have: - AWS CLI configured with credentials - CDK bootstrapped in your region - EC2 Key Pair created (`my-cdk-keypair`) ### Deploy Steps 1. **Install dependencies:** ```bash pip install -r requirements.txt ``` 2. **Synthesize the stack:** ```bash cdk synth ``` 3. **Deploy the stack:** ```bash cdk deploy ManitouProductionStack ``` 4. **View outputs:** The deployment will show: - Public IP addresses of both web servers - IAM usernames - S3 bucket name - Web URLs for easy access ### Access Your Resources **Web Servers:** - Visit the output URLs to see NGINX welcome pages - Each server has a custom page identifying itself **SSH Access:** ```bash ssh -i my-cdk-keypair.pem ec2-user@ ``` **AWS Console:** - Use the created IAM user credentials to log into AWS Console - Users have ReadOnly access across AWS services ## ๐Ÿท๏ธ Resource Tags All resources are tagged with: - **Environment**: Production - **Project**: CDK-Demo - **Owner**: DevOps-Team - **CostCenter**: Engineering ## ๐Ÿ’ฐ Cost Optimization This setup is designed for AWS Free Tier: - **EC2**: t2.micro instances (750 hours/month free) - **S3**: 5GB storage free - **VPC**: No additional charges for basic networking - **IAM**: No charges for users and groups ## ๐Ÿงน Cleanup To avoid any potential charges: ```bash cdk destroy ManitouProductionStack ``` This will remove all resources except: - EC2 Key Pair (you created this manually) - Any data you uploaded to S3 (if removal policy changed) ## ๐Ÿ”’ Security Notes - **IAM Users**: Have ReadOnly access only - **EC2 Access**: SSH key required for instance access - **S3 Bucket**: Blocks all public access - **Security Groups**: Allow SSH and HTTP from anywhere (adjust for production use) ## ๐Ÿ“ Customization To modify the setup: 1. Edit `production_stack.py` 2. Run `cdk diff` to see changes 3. Run `cdk deploy` to apply changes ## ๐Ÿ™ Cultural Respect This naming convention honors Native American tribes and spiritual traditions. The names are used with respect for their cultural significance and historical importance.