Cloud Security with AWS IAM

Welcome to the Team! 🎉

You’ve just joined our dynamic team as a DevOps Engineer, and we’re thrilled to have you on board! 🚀 As we gear up for the holiday season, your mission is to:

Boost our computing power to handle increased traffic to our website.
Onboard an intern with secure, limited access.

Let’s get started with Task 1: Launching EC2 Instances! 🌐

What You’ll Learn 💡

Launch EC2 instances for production and development environments.
Understand EC2 basics, AMIs, and instance types.
Create and apply tags for better resource management.
Set up IAM policies to secure AWS resources.

🚀 Step 1: Launch EC2 Instances

1. Log in to the AWS Management Console

Open your AWS console.
Navigate to the EC2 Dashboard.

💡 What is EC2?
Amazon EC2 (Elastic Compute Cloud) lets you rent virtual computers in the cloud. Think of them as remote servers that you can configure and use on-demand.

2. Switch Your Region 🌍

Make sure to select the region closest to your location for optimal performance.

3. Launch Your First EC2 Instance

Name: nextwork-production-yourname (replace yourname with your name).
Add Tags:
- Key: Env
- Value: production

💡 Why Use Tags?
Tags help organize resources, filter results, track costs, and apply policies.

AMI: Choose a Free Tier-eligible option.
Instance Type: Select a Free Tier-eligible type.
Key Pair: Proceed without a key pair for simplicity (not recommended for long-term projects).
Network and Storage: Leave defaults for now.

4. Launch a Development Instance

Repeat the steps above, but use these details:

Name: nextwork-development-yourname
Add Tags:
- Key: Env
- Value: development

💡 Production vs. Development Environments:

Production: The live environment for end-users.
Development: The testing ground for new features.

🎉 Congrats! You’ve launched two EC2 instances.

🛡️ Step 2: Create an IAM Policy

1. Navigate to the IAM Console

💡 What is IAM?
AWS Identity and Access Management (IAM) controls who can access your AWS resources and what actions they can perform.

2. Create a New Policy

Choose JSON Editor and paste the following:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:*",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "ec2:ResourceTag/Env": "development"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": "ec2:Describe*",
      "Resource": "*"
    },
    {
      "Effect": "Deny",
      "Action": [
        "ec2:DeleteTags",
        "ec2:CreateTags"
      ],
      "Resource": "*"
    }
  ]
}

💡 Understanding the Policy:

Effect: Allows or denies actions.
Action: Specifies the allowed/denied actions (e.g., ec2:StartInstances).
Resource: Targets specific AWS resources.
Condition: Limits actions based on tags.
Name: NextWorkDevEnvironmentPolicy
Description: IAM policy for managing the development environment.

🎉 Policy created successfully!

✨ Bonus Step: Create an Account Alias

Go to the IAM Dashboard.
Click Create Account Alias.
Enter: nextwork-alias-yourname.

💡 Why Create an Alias?
An alias makes your AWS login URL more user-friendly. For example:

Default: https://123456789.signin.aws.amazon.com/console/
With Alias: https://nextwork-alias-yourname.signin.aws.amazon.com/console/

👩‍💻 Step 3: Create IAM Users and Groups

1. Create a New IAM User

Navigate to the Users tab in the IAM Console.
Add a user with these details:

Username: nextwork-intern
Access Type: AWS Management Console access.

2. Add the User to a Group

Create a new group:

Group Name: NextWorkDevAccess
Policy: Attach NextWorkDevEnvironmentPolicy.

Add the intern to the group.

🎉 The intern now has access to the development environment only.

🎯 Recap and Next Steps

✅ Launched production and development EC2 instances.
✅ Created IAM policies to secure resources.
✅ Onboarded an intern with limited access.

💡 Pro Tip: Regularly review your IAM policies to ensure they follow the principle of least privilege.

🚀 Ready for More?

Explore the following next steps:

Set up SSH access for EC2 instances.
Automate resource tagging using AWS Lambda.
Monitor EC2 instances with CloudWatch.

🌟 You’re off to an amazing start, NextWork Engineer! Keep learning and innovating.

📧 Contact

For questions or feedback, reach out: 📨 Email: [email protected] 🌐 Portfolio: Brian Kimemia GitHub: BrianKN019

Thank you for exploring this project! Let’s innovate and build secure AWS solutions together. 🚀

​Welcome to the Team! 🎉

​Let’s get started with Task 1: Launching EC2 Instances! 🌐

​What You’ll Learn 💡

​🚀 Step 1: Launch EC2 Instances

​1. Log in to the AWS Management Console

​2. Switch Your Region 🌍

​3. Launch Your First EC2 Instance

​4. Launch a Development Instance

​🛡️ Step 2: Create an IAM Policy

​1. Navigate to the IAM Console

​2. Create a New Policy

​✨ Bonus Step: Create an Account Alias

​👩‍💻 Step 3: Create IAM Users and Groups

​1. Create a New IAM User

​2. Add the User to a Group

​🎯 Recap and Next Steps

​🚀 Ready for More?

​📧 Contact