AWS Assignment– 6

VPC, IAM & Secrets for DevOps Learners

Basic Questions

  1. Write a Terraform script to create a VPC with CIDR 10.10.0.0/16.
  2. Use CloudFormation to create a VPC with two subnets (public + private).
  3. Automate Internet Gateway creation with Terraform.
  4. Write a Terraform module for NAT Gateway deployment.
  5. Create a Jenkins pipeline that provisions a VPC using Terraform.
  6. Configure IAM Role for Jenkins to allow Terraform execution.
  7. Write a custom IAM policy in JSON to allow ec2:Describe* only.
  8. Create an IAM user via Terraform with least privilege access.
  9. Configure IAM groups for dev, stage, prod environments with separate policies.
  10. Use Terraform to create IAM roles with cross-account trust policies.
  11. Store an application API key in Secrets Manager using Terraform.
  12. Create an SSM Parameter Store parameter using Terraform.
  13. Deploy an EC2 instance via Terraform that automatically retrieves secrets from SSM.
  14. Configure CI/CD pipeline (GitLab CI/CD or GitHub Actions) to read secrets from Parameter Store.
  15. Enforce password rotation policy for IAM users using Terraform.
  16. Write CloudFormation template to enable MFA enforcement for IAM users.
  17. Enable resource tagging policies for IAM and enforce via SCP (Service Control Policies).
  18. Use Terraform to configure IAM Access Analyzer.
  19. Use CI/CD to automatically validate Terraform IAM policies with terraform validate.
  20. Document differences in how DevOps teams should use VPC, IAM, and Secrets vs Linux sysadmins.

Intermediate Questions

  1. Deploy a multi-VPC architecture (dev, staging, prod) with Terraform.
  2. Configure VPC peering automatically via IaC.
  3. Write a Terraform script to attach custom route tables to subnets.
  4. Automate creation of security groups with rules defined via variables.
  5. Enforce IAM policies for CodePipeline to access only specific S3 buckets.
  6. Configure IAM Role for ECS tasks to pull secrets from Secrets Manager.
  7. Store Jenkins credentials securely in Secrets Manager and inject them into pipelines.
  8. Write a GitHub Actions workflow to fetch secrets from SSM Parameter Store.
  9. Automate rotation of secrets in Secrets Manager using Lambda + Terraform.
  10. Configure Terraform to replicate secrets across multiple AWS regions.
  11. Write Terraform code to attach IAM Roles to EKS worker nodes.
  12. Enforce IAM policies that allow only encrypted EBS volumes using SCPs.
  13. Create VPC Flow Logs with Terraform and send them to CloudWatch.
  14. Integrate CloudWatch alarms with Slack via SNS for VPC security monitoring.
  15. Configure CloudTrail to log all IAM activities and store in S3 via Terraform.
  16. Write Terraform code to enforce IAM least-privilege policies for CI/CD pipelines.
  17. Automate deployment of bastion host + private subnets via Terraform.
  18. Write a script that validates IAM policies using terraform-compliance.
  19. Use SSM Parameter Store to inject environment variables into CodeBuild jobs.
  20. Document best practices for handling secrets in CI/CD pipelines.

Advanced Questions

  1. Build a complete Terraform configuration for a 3-tier VPC architecture with public, app, and DB subnets.
  2. Automate CI/CD deployment with CodePipeline that provisions infrastructure (VPC + IAM roles) using Terraform.
  3. Configure cross-account IAM roles for centralized DevOps management.
  4. Use Terraform + Vault to replicate AWS Secrets Manager functionality for hybrid setups.
  5. Implement blue-green infrastructure deployment where IAM policies differ between environments.
  6. Write Terraform code to enforce that all secrets must use KMS encryption.
  7. Automate IAM Access Key rotation and distribution via GitLab pipeline.
  8. Set up VPC Service Endpoints (S3, DynamoDB) via Terraform for private access.
  9. Implement automated security compliance checks (CIS Benchmark) for IAM + VPC using Terraform.
  10. Final Hands-on Project:
    • Use Terraform to build secure VPC with public + private subnets
    • IAM roles + groups for CI/CD pipelines with least privilege
    • Store secrets in Secrets Manager & inject into Jenkins pipelines
    • Configure automated secret rotation & replication across regions
    • Monitor IAM + VPC with CloudTrail + CloudWatch alarms
    • Document security/compliance best practices for DevOps teams