> ## Documentation Index
> Fetch the complete documentation index at: https://docs.briankimemia.is-a.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Cloud Security with AWS IAM

> A creative and colorful guide to launching EC2 instances and managing AWS IAM policies.

## Welcome to the Team! 🎉

You've just joined our dynamic team as a **DevOps Engineer**, and we're thrilled to have you on board! 🚀

As we gear up for the holiday season, your mission is to:

1. **Boost our computing power** to handle increased traffic to our website.
2. **Onboard an intern** with secure, limited access.

### Let's get started with Task 1: Launching EC2 Instances! 🌐

***

## What You'll Learn 💡

* Launch EC2 instances for production and development environments.
* Understand EC2 basics, AMIs, and instance types.
* Create and apply tags for better resource management.
* Set up IAM policies to secure AWS resources.

***

## 🚀 Step 1: Launch EC2 Instances

### **1. Log in to the AWS Management Console**

1. Open your AWS console.
2. Navigate to the **EC2 Dashboard**.

💡 **What is EC2?**\
Amazon EC2 (Elastic Compute Cloud) lets you rent virtual computers in the cloud. Think of them as remote servers that you can configure and use on-demand.

***

### **2. Switch Your Region** 🌍

Make sure to select the region closest to your location for optimal performance.

***

### **3. Launch Your First EC2 Instance**

* **Name:** `nextwork-production-yourname` (replace `yourname` with your name).
* **Add Tags:**
  * Key: `Env`
  * Value: `production`

💡 **Why Use Tags?**\
Tags help organize resources, filter results, track costs, and apply policies.

* **AMI:** Choose a Free Tier-eligible option.
* **Instance Type:** Select a Free Tier-eligible type.
* **Key Pair:** Proceed without a key pair for simplicity (not recommended for long-term projects).
* **Network and Storage:** Leave defaults for now.

***

### **4. Launch a Development Instance**

Repeat the steps above, but use these details:

* **Name:** `nextwork-development-yourname`
* **Add Tags:**
  * Key: `Env`
  * Value: `development`

💡 **Production vs. Development Environments:**

* **Production:** The live environment for end-users.
* **Development:** The testing ground for new features.

🎉 **Congrats!** You've launched two EC2 instances.

***

## 🛡️ Step 2: Create an IAM Policy

### **1. Navigate to the IAM Console**

💡 **What is IAM?**\
AWS Identity and Access Management (IAM) controls who can access your AWS resources and what actions they can perform.

***

### **2. Create a New Policy**

* Choose **JSON Editor** and paste the following:

```json theme={null}
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "ec2:*",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "ec2:ResourceTag/Env": "development"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": "ec2:Describe*",
      "Resource": "*"
    },
    {
      "Effect": "Deny",
      "Action": [
        "ec2:DeleteTags",
        "ec2:CreateTags"
      ],
      "Resource": "*"
    }
  ]
}
```

💡 **Understanding the Policy:**

* **Effect:** Allows or denies actions.

* **Action:** Specifies the allowed/denied actions (e.g., `ec2:StartInstances`).

* **Resource:** Targets specific AWS resources.

* **Condition:** Limits actions based on tags.

* **Name:** `NextWorkDevEnvironmentPolicy`

* **Description:** IAM policy for managing the development environment.

🎉 Policy created successfully!

***

## ✨ Bonus Step: Create an Account Alias

1. Go to the IAM Dashboard.
2. Click **Create Account Alias**.
3. Enter: `nextwork-alias-yourname`.

💡 **Why Create an Alias?**\
An alias makes your AWS login URL more user-friendly. For example:

* Default: `https://123456789.signin.aws.amazon.com/console/`
* With Alias: `https://nextwork-alias-yourname.signin.aws.amazon.com/console/`

***

## 👩‍💻 Step 3: Create IAM Users and Groups

### **1. Create a New IAM User**

1. Navigate to the **Users** tab in the IAM Console.
2. Add a user with these details:

* **Username:** `nextwork-intern`
* **Access Type:** AWS Management Console access.

### **2. Add the User to a Group**

1. Create a new group:

* **Group Name:** `NextWorkDevAccess`
* **Policy:** Attach `NextWorkDevEnvironmentPolicy`.

2. Add the intern to the group.

🎉 The intern now has access to the development environment only.

***

## 🎯 Recap and Next Steps

* ✅ Launched production and development EC2 instances.
* ✅ Created IAM policies to secure resources.
* ✅ Onboarded an intern with limited access.

💡 **Pro Tip:** Regularly review your IAM policies to ensure they follow the principle of least privilege.

***

## 🚀 Ready for More?

Explore the following next steps:

* Set up SSH access for EC2 instances.
* Automate resource tagging using AWS Lambda.
* Monitor EC2 instances with CloudWatch.

🌟 You're off to an amazing start, NextWork Engineer! Keep learning and innovating.

## 📧 Contact

For questions or feedback, reach out:

📨 Email: [projects@briankimemia.is-a.dev](mailto:projects@briankimemia.is-a.dev)
🌐 Portfolio: [Brian Kimemia](https://briankimemia.is-a.dev/)
**GitHub:** [BrianKN019](https://github.com/BrianKN019)

***

**Thank you for exploring this project! Let’s innovate and build secure AWS solutions together. 🚀**
