Objective

Deploy a secure Linux virtual machine (VM) in Amazon Web Services (AWS), configure access controls, and document the architecture. This exercise demonstrates cloud deployment, Linux administration, and security best practices.

Implementation

1. Create IAM User with Least Privilege and MFA
   • Use AWS IAM to create a dedicated user for this project.
   • Assign only the required permissions (e.g. EC2 access).
   • Enable Multi-Factor Authentication (MFA) for secure login.
2. Launch EC2 Instance
   • Choose Ubuntu 22.04 LTS as the Amazon Machine Image (AMI).
   • Select t2.micro instance type (free-tier eligible, suitable for practice).
   • Configure key pair for SSH access.
3. Configure Security Group
   • Allow only essential ports:
     • 22 (SSH) → Secure remote administration.
     • 80 (HTTP) → Web traffic.
     • 443 (HTTPS) → Encrypted web traffic.
   • Deny all other ports to minimize attack surface.
   • Replace <public-ip> with the instance’s public IP address.
   • Verify secure connection using the generated key pair.

Connect via SSH

ssh -i private-key.pem ubuntu@<public-ip>

Deliverable

• Running VM: Accessible via SSH and ready for web service deployment.
• Architecture Diagram: Visual representation of IAM, EC2, Security Group, and SSH connection.

Checkpoint

You must be able to understand:

Why only ports 22, 80, and 443 are allowed:

• Port 22 → Secure remote administration.
• Port 80 → Standard web traffic.
• Port 443 → Secure, encrypted web traffic.
• All other ports are restricted to reduce exposure to attacks.

Hackers Notebook

Launching a secure Linux VM in AWS demonstrates cloud security fundamentals:

• IAM enforces least privilege access and MFA strengthens authentication.
• Security Groups act as virtual firewalls, restricting traffic to essential services.
• SSH key pairs ensure encrypted, passwordless authentication.
• Limiting ports to 22/80/443 follows best practices for minimizing attack vectors while enabling administration and web hosting.

This project integrates Linux administration, cloud deployment, and security hardening - core skills for modern Cloud and DevOps engineers.