​
Welcome to the Team! πŸŽ‰

You’ve just joined our dynamic team as a DevOps Engineer, and we’re thrilled to have you on board! πŸš€

As we gear up for the holiday season, your mission is to:

  1. Boost our computing power to handle increased traffic to our website.
  2. Onboard an intern with secure, limited access.

​
Let’s get started with Task 1: Launching EC2 Instances! 🌐

​
What You’ll Learn πŸ’‘

  • Launch EC2 instances for production and development environments.
  • Understand EC2 basics, AMIs, and instance types.
  • Create and apply tags for better resource management.
  • Set up IAM policies to secure AWS resources.

​
πŸš€ Step 1: Launch EC2 Instances

​
1. Log in to the AWS Management Console

  1. Open your AWS console.
  2. Navigate to the EC2 Dashboard.

πŸ’‘ What is EC2?
Amazon EC2 (Elastic Compute Cloud) lets you rent virtual computers in the cloud. Think of them as remote servers that you can configure and use on-demand.

​
2. Switch Your Region 🌍

Make sure to select the region closest to your location for optimal performance.

​
3. Launch Your First EC2 Instance

  • Name: nextwork-production-yourname (replace yourname with your name).
  • Add Tags:
    • Key: Env
    • Value: production

πŸ’‘ Why Use Tags?
Tags help organize resources, filter results, track costs, and apply policies.

  • AMI: Choose a Free Tier-eligible option.
  • Instance Type: Select a Free Tier-eligible type.
  • Key Pair: Proceed without a key pair for simplicity (not recommended for long-term projects).
  • Network and Storage: Leave defaults for now.

​
4. Launch a Development Instance

Repeat the steps above, but use these details:

  • Name: nextwork-development-yourname
  • Add Tags:
    • Key: Env
    • Value: development

πŸ’‘ Production vs. Development Environments:

  • Production: The live environment for end-users.
  • Development: The testing ground for new features.

πŸŽ‰ Congrats! You’ve launched two EC2 instances.

​
πŸ›‘οΈ Step 2: Create an IAM Policy

​
1. Navigate to the IAM Console

πŸ’‘ What is IAM?
AWS Identity and Access Management (IAM) controls who can access your AWS resources and what actions they can perform.

​
2. Create a New Policy

  • Choose JSON Editor and paste the following:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:*",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "ec2:ResourceTag/Env": "development"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": "ec2:Describe*",
      "Resource": "*"
    },
    {
      "Effect": "Deny",
      "Action": [
        "ec2:DeleteTags",
        "ec2:CreateTags"
      ],
      "Resource": "*"
    }
  ]
}

πŸ’‘ Understanding the Policy:

  • Effect: Allows or denies actions.

  • Action: Specifies the allowed/denied actions (e.g., ec2:StartInstances).

  • Resource: Targets specific AWS resources.

  • Condition: Limits actions based on tags.

  • Name: NextWorkDevEnvironmentPolicy

  • Description: IAM policy for managing the development environment.

πŸŽ‰ Policy created successfully!

​
✨ Bonus Step: Create an Account Alias

  1. Go to the IAM Dashboard.
  2. Click Create Account Alias.
  3. Enter: nextwork-alias-yourname.

πŸ’‘ Why Create an Alias?
An alias makes your AWS login URL more user-friendly. For example:

  • Default: https://123456789.signin.aws.amazon.com/console/
  • With Alias: https://nextwork-alias-yourname.signin.aws.amazon.com/console/

​
πŸ‘©β€πŸ’» Step 3: Create IAM Users and Groups

​
1. Create a New IAM User

  1. Navigate to the Users tab in the IAM Console.
  2. Add a user with these details:
  • Username: nextwork-intern
  • Access Type: AWS Management Console access.

​
2. Add the User to a Group

  1. Create a new group:
  • Group Name: NextWorkDevAccess
  • Policy: Attach NextWorkDevEnvironmentPolicy.
  1. Add the intern to the group.

πŸŽ‰ The intern now has access to the development environment only.

​
🎯 Recap and Next Steps

  • βœ… Launched production and development EC2 instances.
  • βœ… Created IAM policies to secure resources.
  • βœ… Onboarded an intern with limited access.

πŸ’‘ Pro Tip: Regularly review your IAM policies to ensure they follow the principle of least privilege.

​
πŸš€ Ready for More?

Explore the following next steps:

  • Set up SSH access for EC2 instances.
  • Automate resource tagging using AWS Lambda.
  • Monitor EC2 instances with CloudWatch.

🌟 You’re off to an amazing start, NextWork Engineer! Keep learning and innovating.

​
πŸ“§ Contact

For questions or feedback, reach out:

πŸ“¨ Email: projects@briankimemia.is-a.dev 🌐 Portfolio: Brian Kimemia GitHub: BrianKN019

Thank you for exploring this project! Let’s innovate and build secure AWS solutions together. πŸš€