lenape/aws-production
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
aws-production/README.md
lenape 588527d042 automated terminal push
2025-06-27 16:09:23 +00:00

4.6 KiB
Raw Permalink Blame History

AWS CDK Production Demo

This CDK application creates a production-like AWS environment using Native American tribes and deities naming convention. All resources are designed to stay within AWS Free Tier limits.

🏛️ Naming Convention

This project uses Native American tribes and deities for resource naming:

Network Resources (Cherokee Nation Theme)

  • Cherokee VPC - Main virtual private cloud
  • Sequoyah Public Subnet - Named after Cherokee scholar who created Cherokee syllabary

Security (Apache Nation Theme)

  • Apache Security Group - Named after the Apache people, known for their warrior culture

Compute (Sioux Nation Theme)

  • Sitting Bull Instance - Named after famous Lakota leader and holy man
  • Crazy Horse Instance - Named after famous Oglala Lakota war leader

Storage (Cherokee Theme)

  • Cherokee Storage Bucket - S3 bucket for logging and demos

IAM (Native American Deities Theme)

  • Kokopelli Group - ReadOnly access group (Hopi fertility deity)
  • Quetzalcoatl User - IAM user (Aztec feathered serpent deity)
  • Wendigo User - IAM user (Algonquian cannibalistic spirit)
  • Thunderbird User - IAM user (Powerful supernatural bird)
  • Coyote User - IAM user (Trickster deity in Western tribes)
  • Raven User - IAM user (Creator deity in Pacific Northwest)

🏗️ Architecture

Cherokee VPC (10.0.0.0/16)
├── Sequoyah Public Subnet
    ├── Sitting Bull EC2 (NGINX Web Server)
    ├── Crazy Horse EC2 (NGINX Web Server)
    └── Apache Security Group (SSH:22, HTTP:80)
├── Cherokee Storage S3 Bucket
└── Kokopelli IAM Group (5 deity users with ReadOnly access)

📋 Resources Created

Networking

  • 1 VPC with DNS resolution enabled
  • 1 Public Subnet with auto-assign public IP
  • 1 Internet Gateway (automatically created)
  • Route Tables (automatically configured)

Compute

  • 2 EC2 t2.micro instances (Free Tier eligible)
  • NGINX automatically installed and configured
  • Custom welcome pages with server identification

Security

  • 1 Security Group allowing SSH (22) and HTTP (80) from anywhere
  • EC2 Key Pair for SSH access (you must create this)

Storage

  • 1 S3 Bucket with versioning and encryption enabled
  • Block all public access for security

IAM

  • 1 IAM Group with AWS ReadOnlyAccess policy
  • 5 IAM Users with console access and auto-generated passwords
  • Least privilege access with password change permissions

🚀 Deployment Instructions

Prerequisites

Ensure you have:

  • AWS CLI configured with credentials
  • CDK bootstrapped in your region
  • EC2 Key Pair created (my-cdk-keypair)

Deploy Steps

  1. Install dependencies:
pip install -r requirements.txt
  1. Synthesize the stack:
cdk synth
  1. Deploy the stack:
cdk deploy ManitouProductionStack
  1. View outputs: The deployment will show:
  • Public IP addresses of both web servers
  • IAM usernames
  • S3 bucket name
  • Web URLs for easy access

Access Your Resources

Web Servers:

  • Visit the output URLs to see NGINX welcome pages
  • Each server has a custom page identifying itself

SSH Access:

ssh -i my-cdk-keypair.pem ec2-user@<PUBLIC_IP>

AWS Console:

  • Use the created IAM user credentials to log into AWS Console
  • Users have ReadOnly access across AWS services

🏷️ Resource Tags

All resources are tagged with:

  • Environment: Production
  • Project: CDK-Demo
  • Owner: DevOps-Team
  • CostCenter: Engineering

💰 Cost Optimization

This setup is designed for AWS Free Tier:

  • EC2: t2.micro instances (750 hours/month free)
  • S3: 5GB storage free
  • VPC: No additional charges for basic networking
  • IAM: No charges for users and groups

🧹 Cleanup

To avoid any potential charges:

cdk destroy ManitouProductionStack

This will remove all resources except:

  • EC2 Key Pair (you created this manually)
  • Any data you uploaded to S3 (if removal policy changed)

🔒 Security Notes

  • IAM Users: Have ReadOnly access only
  • EC2 Access: SSH key required for instance access
  • S3 Bucket: Blocks all public access
  • Security Groups: Allow SSH and HTTP from anywhere (adjust for production use)

📝 Customization

To modify the setup:

  1. Edit production_stack.py
  2. Run cdk diff to see changes
  3. Run cdk deploy to apply changes

🙏 Cultural Respect

This naming convention honors Native American tribes and spiritual traditions. The names are used with respect for their cultural significance and historical importance.