lenape/aws-production
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
aws-production/README.md
lenape 588527d042 automated terminal push
2025-06-27 16:09:23 +00:00

162 lines
4.6 KiB
Markdown
Raw Permalink Blame History

# AWS CDK Production Demo
This CDK application creates a production-like AWS environment using Native American tribes and deities naming convention. All resources are designed to stay within AWS Free Tier limits.
## 🏛️ Naming Convention
This project uses Native American tribes and deities for resource naming:
### Network Resources (Cherokee Nation Theme)
- **Cherokee VPC** - Main virtual private cloud
- **Sequoyah Public Subnet** - Named after Cherokee scholar who created Cherokee syllabary
### Security (Apache Nation Theme)
- **Apache Security Group** - Named after the Apache people, known for their warrior culture
### Compute (Sioux Nation Theme)
- **Sitting Bull Instance** - Named after famous Lakota leader and holy man
- **Crazy Horse Instance** - Named after famous Oglala Lakota war leader
### Storage (Cherokee Theme)
- **Cherokee Storage Bucket** - S3 bucket for logging and demos
### IAM (Native American Deities Theme)
- **Kokopelli Group** - ReadOnly access group (Hopi fertility deity)
- **Quetzalcoatl User** - IAM user (Aztec feathered serpent deity)
- **Wendigo User** - IAM user (Algonquian cannibalistic spirit)
- **Thunderbird User** - IAM user (Powerful supernatural bird)
- **Coyote User** - IAM user (Trickster deity in Western tribes)
- **Raven User** - IAM user (Creator deity in Pacific Northwest)
## 🏗️ Architecture
```
Cherokee VPC (10.0.0.0/16)
├── Sequoyah Public Subnet
├── Sitting Bull EC2 (NGINX Web Server)
├── Crazy Horse EC2 (NGINX Web Server)
└── Apache Security Group (SSH:22, HTTP:80)
├── Cherokee Storage S3 Bucket
└── Kokopelli IAM Group (5 deity users with ReadOnly access)
```
## 📋 Resources Created
### Networking
- **1 VPC** with DNS resolution enabled
- **1 Public Subnet** with auto-assign public IP
- **1 Internet Gateway** (automatically created)
- **Route Tables** (automatically configured)
### Compute
- **2 EC2 t2.micro instances** (Free Tier eligible)
- **NGINX** automatically installed and configured
- **Custom welcome pages** with server identification
### Security
- **1 Security Group** allowing SSH (22) and HTTP (80) from anywhere
- **EC2 Key Pair** for SSH access (you must create this)
### Storage
- **1 S3 Bucket** with versioning and encryption enabled
- **Block all public access** for security
### IAM
- **1 IAM Group** with AWS ReadOnlyAccess policy
- **5 IAM Users** with console access and auto-generated passwords
- **Least privilege** access with password change permissions
## 🚀 Deployment Instructions
### Prerequisites
Ensure you have:
- AWS CLI configured with credentials
- CDK bootstrapped in your region
- EC2 Key Pair created (`my-cdk-keypair`)
### Deploy Steps
1. **Install dependencies:**
```bash
pip install -r requirements.txt
```
2. **Synthesize the stack:**
```bash
cdk synth
```
3. **Deploy the stack:**
```bash
cdk deploy ManitouProductionStack
```
4. **View outputs:**
The deployment will show:
- Public IP addresses of both web servers
- IAM usernames
- S3 bucket name
- Web URLs for easy access
### Access Your Resources
**Web Servers:**
- Visit the output URLs to see NGINX welcome pages
- Each server has a custom page identifying itself
**SSH Access:**
```bash
ssh -i my-cdk-keypair.pem ec2-user@<PUBLIC_IP>
```
**AWS Console:**
- Use the created IAM user credentials to log into AWS Console
- Users have ReadOnly access across AWS services
## 🏷️ Resource Tags
All resources are tagged with:
- **Environment**: Production
- **Project**: CDK-Demo
- **Owner**: DevOps-Team
- **CostCenter**: Engineering
## 💰 Cost Optimization
This setup is designed for AWS Free Tier:
- **EC2**: t2.micro instances (750 hours/month free)
- **S3**: 5GB storage free
- **VPC**: No additional charges for basic networking
- **IAM**: No charges for users and groups
## 🧹 Cleanup
To avoid any potential charges:
```bash
cdk destroy ManitouProductionStack
```
This will remove all resources except:
- EC2 Key Pair (you created this manually)
- Any data you uploaded to S3 (if removal policy changed)
## 🔒 Security Notes
- **IAM Users**: Have ReadOnly access only
- **EC2 Access**: SSH key required for instance access
- **S3 Bucket**: Blocks all public access
- **Security Groups**: Allow SSH and HTTP from anywhere (adjust for production use)
## 📝 Customization
To modify the setup:
1. Edit `production_stack.py`
2. Run `cdk diff` to see changes
3. Run `cdk deploy` to apply changes
## 🙏 Cultural Respect
This naming convention honors Native American tribes and spiritual traditions. The names are used with respect for their cultural significance and historical importance.
Reference in New Issue View Git Blame Copy Permalink