yeghia/notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
222e31c8b9
notes/old_notes/30 - Resources/Tech/aws-projects.md
yeghia-s 60d5bed2f8 sync: 2026-04-05 13:52
2026-04-05 13:52:13 -04:00

6.5 KiB
Raw Blame History

AWS Projects List

A comprehensive list of AWS projects organized by domain, roughly ordered by complexity within each category.

Where to Start

Billing alarm → S3 backup bucket with IAM role → VPC from scratch in Terraform. Those three in sequence will teach you the three most foundational AWS concepts (cost awareness, IAM, networking) in a hands-on way before you touch anything else.

Networking & VPC

  • Build a VPC from scratch with Terraform — subnets, route tables, internet gateway, security groups, no console clicking
  • Multi-tier VPC: public subnet (bastion/NAT), private subnet (app), isolated subnet (DB)
  • VPC Peering between two VPCs in the same account
  • Transit Gateway connecting multiple VPCs
  • Site-to-site VPN between your Proxmox homelab and AWS
  • AWS Client VPN for remote access (replace or complement Tailscale)
  • VPC Flow Logs into CloudWatch or S3 for network analysis
  • PrivateLink to expose a service privately across VPCs
  • IPv6 dual-stack VPC setup

IAM & Security

  • Billing alarm via CloudWatch on day one — do this first, always
  • Multi-account setup with AWS Organizations and SCPs (Service Control Policies)
  • IAM Identity Center (SSO) across your accounts
  • Least-privilege IAM roles for every service — no root, no wildcard policies
  • AWS Config rules to detect drift from your security baseline
  • CloudTrail across all accounts logging to a central S3 bucket
  • GuardDuty for threat detection
  • AWS Secrets Manager for rotating credentials (replace any hardcoded secrets)
  • KMS customer-managed keys for encrypting S3, EBS, RDS
  • Security Hub aggregating findings across services

Storage & Backup

  • S3 bucket for rclone backups from your Proxmox homelab with proper IAM roles
  • S3 lifecycle policies — transition to Glacier Instant Retrieval after 30 days, Glacier Deep Archive after 90
  • S3 versioning and Object Lock for immutable backups
  • S3 replication across regions for disaster recovery
  • AWS Backup for centralized backup policy across EC2, RDS, EFS
  • EFS (Elastic File System) shared across multiple EC2 instances
  • DataSync to migrate data from your TrueNAS to S3
  • S3 Intelligent-Tiering for your Immich photo archive offload

Compute

  • EC2 instance Terraform-managed, no manual console setup
  • Auto Scaling Group with launch templates and scaling policies
  • Spot Instances for interruptible workloads to cut costs
  • EC2 Image Builder to create custom AMIs (like your NixOS or Fedora configs)
  • Systems Manager Session Manager instead of SSH (no open port 22)
  • Run your Ghost blog on EC2 behind an ALB
  • Run your open.mp GTA:SA server on EC2
  • Graviton (ARM) instances — cheaper, good for your Linux workloads

Containers & Orchestration

  • Dockerize one of your existing services (Ghost, Navidrome, anything)
  • ECR (Elastic Container Registry) to host your Docker images
  • ECS Fargate — run containers without managing servers
  • ECS with EC2 launch type — more control, cheaper at scale
  • EKS (Kubernetes) cluster — the full platform engineering path
  • Helm chart deployment onto EKS
  • Migrate your Nginx reverse proxy pattern to an ALB + ECS setup
  • Service mesh with AWS App Mesh on EKS

Serverless

  • Lambda function in Python or Node.js — start with something trivial
  • API Gateway + Lambda REST API
  • Serverless contact/order form for Nairi Café — API Gateway + Lambda + SES
  • Stripe webhook handler in Lambda for Nairi Café payments
  • Lambda@Edge for CloudFront request manipulation
  • EventBridge scheduled rules to trigger Lambda (replace cron jobs)
  • Step Functions for multi-step workflow orchestration
  • SQS queue between services for decoupling
  • SNS topic for fan-out notifications
  • DynamoDB + Lambda for a simple serverless backend

Databases

  • RDS PostgreSQL in a private subnet, accessed via bastion
  • RDS Multi-AZ for high availability
  • RDS Read Replica for read scaling
  • Aurora Serverless v2 — scales to zero, good for Nairi Café
  • DynamoDB table with on-demand billing
  • DynamoDB Streams + Lambda for event-driven data processing
  • ElastiCache Redis in front of RDS for caching
  • Database Migration Service (DMS) to migrate an existing DB to RDS

CDN & DNS

  • Route 53 hosted zone for one of your domains
  • Route 53 health checks and failover routing
  • CloudFront distribution in front of Nairi Café
  • CloudFront + S3 for a static site (could be a Ghost export)
  • CloudFront + ALB with custom cache behaviors
  • ACM (Certificate Manager) SSL cert for your CloudFront distribution
  • Route 53 latency-based routing between regions
  • WAF (Web Application Firewall) attached to CloudFront

CI/CD & DevOps

  • GitHub Actions pipeline deploying to EC2 or ECS
  • CodePipeline + CodeBuild for a fully AWS-native CI/CD pipeline
  • CodeDeploy for blue/green deployments
  • Terraform Cloud or S3 remote state for your AWS Terraform (mirrors your Proxmox MinIO setup)
  • Terragrunt for DRY multi-account Terraform
  • AWS CDK in TypeScript as an alternative to Terraform
  • Atlantis on EC2 for GitOps-driven Terraform PRs

Monitoring & Observability

  • CloudWatch dashboards mirroring your Grafana homelab setup
  • CloudWatch Logs for centralized log aggregation
  • CloudWatch Alarms + SNS email notifications (mirrors your Prometheus alerting)
  • AWS Managed Grafana pulling from CloudWatch
  • X-Ray distributed tracing on a Lambda or ECS workload
  • Container Insights for ECS/EKS metrics
  • AWS Distro for OpenTelemetry (ADOT) — bridge to your existing Prometheus stack

AI & ML Infrastructure

  • SageMaker endpoint serving a pre-trained model
  • Bedrock API call from Lambda — easiest AI integration on AWS
  • S3 + Textract to extract text from scanned documents
  • Rekognition for image analysis (interesting given your photography)
  • Translate API — Armenian language translation pipeline, relevant to your wiki
  • Comprehend for NLP on your blog content
  • OpenSearch (managed Elasticsearch) for full-text search on your Ghost blog

Real Projects Tied to Things You Already Run

  • Full AWS mirror of your homelab architecture — VPC, EC2s, ALB, Route 53 — Terraform-managed
  • Disaster recovery target for yeghiasargis.com on AWS
  • Nairi Café fully migrated to AWS — Aurora Serverless + ECS Fargate + CloudFront
  • Immich photo offload to S3 with lifecycle policies to Glacier
  • Armenian tech wiki search layer using OpenSearch
  • Multi-region Ghost deployment with RDS Aurora Global and CloudFront
  • Self-hosted Nextcloud backup to S3 (complement your existing VM 108)
  • AWS landing zone for a simulated startup — full multi-account, Organizations, SSO, CloudTrail, GuardDuty