AWS Day 1 Terraform Kit
The opinionated, reproducible Day 1 AWS setup a senior engineer would leave for the next person. Locked-down root, admin IAM, budgets, billing alarms and email alerts — all as Terraform, ready to apply.
Secure checkout via Stripe · Instant download after payment confirmation
Written for engineers learning AWS, small business owners setting it up safely, and developers preparing for cloud / DevOps roles.
The cheapest hour of infrastructure work you will ever do.
Every AWS horror story starts the same way — an account someone set up 'quickly' and never went back to harden. Leaked root credentials. No budget. No alarm. No way to reproduce it. It stays fine right up until it isn't, and by then a fix costs 100× what it would have on Day 1.
The first account you set up is muscle memory. Get it wrong and you'll rebuild that mental model twice.
A $4,000 bill or a leaked customer database is a bad week. Both are Day 1 problems, not Day 90 problems.
Interviewers ask 'how would you set up a new account?' — this kit is the answer, in code you can walk them through.
Six things that quietly ruin AWS accounts. The kit fixes all of them.
- A leaked root key mining crypto on your card
Root gets locked and MFA'd on Day 1. Day-to-day work happens as a scoped IAM admin — the same pattern AWS uses in its own security whitepaper.
- A silent $4,000 bill you find at month-end
Budget + CloudWatch alarm + SNS email means you know at $50, not $5,000. The alert lands in an email address you actually check.
- ClickOps drift no one can explain later
Every change is Terraform. When someone asks 'who added that security group?' the answer is in git history, not a Slack scroll.
- An account no future hire (or future you) can hand off
Reproducible from `terraform apply`. Delete the whole thing, rebuild it in ten minutes, hand it to a teammate — it just works.
- The blank stare from a senior reviewer
The layout follows patterns real teams use in production — not a 2019 Medium post. You can defend every choice in an interview or a code review.
- Re-inventing this setup the next four times
Buy the kit once, reuse it across every account you spin up. Sandbox, side project, client work — same reliable foundation every time.
Every file you need. Nothing you don't.
No 200-page PDF. No unrelated bonus modules. Just the Terraform, the docs, and the checklist — organized the way a real team would use them.
- ✓Terraform files (root + modules)Modular, commented, and structured the way a senior engineer would hand it to a junior. Ready to `terraform apply`.
- ✓IAM admin user + MFA guidanceProvisions an admin identity so the root user gets rotated, MFA'd and locked in a drawer — the way AWS itself recommends.
- ✓AWS Budgets with sane thresholdsMonthly budget wired to actionable thresholds. Change one variable to match your risk tolerance.
- ✓CloudWatch billing alarmCatches runaway spend at 50%, 80% and 100% of your ceiling — before it catches you.
- ✓SNS billing email topicAlerts land in the inbox you actually check. No more silent $4,000 surprises.
- ✓Human READMEReads like a senior colleague walking you through the setup — not a wiki dump.
- ✓Printable setup checklistA five-minute pre-flight so you don't skip step 3 and regret it later.
- ✓Free future updatesAWS best practices shift. When the kit ships a revision, you get it free — forever.
Secure checkout via Stripe · Instant download after payment confirmation
One payment. Delivered by email. Future updates free.
Built for the person who cannot afford to eyeball their way through AWS.
- Junior & mid engineers learning AWS
You know how to code. You want a senior-shaped opinion on how a real account gets set up — not another 90-minute YouTube video that skips the security parts.
- Small business owners setting up AWS safely
You're standing up AWS for your business. A leaked key or a runaway bill would be a very bad month. This is the boring, non-negotiable checklist — made concrete.
- Developers preparing for cloud / DevOps roles
You need real Terraform and AWS on your CV, not another tutorial project. Fork this into your GitHub, apply it in a sandbox account, and speak to every choice in interviews.
Honest disqualifiers, so you don't waste €47.
- Enterprises already on Landing Zone or Control Tower
This is Day 1, not Day 90 org-wide governance. If you already have a multi-account org, you're past the problem this kit solves.
- Teams needing multi-account, multi-region on Day 1
The kit ships one AWS account, one region, and gives you clean primitives to grow from. If you need a full org with SCP boundaries out of the box, this isn't it.
- People who want a video course
It's Terraform files, a README and a checklist. If you like reading docs and running commands, you'll love it. If you need someone talking at you for four hours, buy a Udemy course instead.
- Compliance-critical shops (SOC 2, HIPAA, PCI)
Those need an audit-tailored setup, not a generic kit. You'll get more value from a review session — see the consulting section below.
Three steps, no hoops.
- 1Stripe confirms your paymentSecure hosted checkout. You land on a confirmation page with next steps.
- 2You get an email from meUsually within a few hours — sometimes minutes. Private download link + the setup checklist, from hello@charitydarko.com.
- 3You apply the kitFollow the README, run `terraform apply`, and your Day 1 foundation is live. Total time: under an hour.
Answers to the questions people actually ask.
Do I need to know Terraform to use this?
Basic terminal comfort is enough. The README walks you through installing Terraform, configuring AWS credentials, and applying the kit step by step. If you can copy a command and read an error message, you can ship this.
Do I need to know AWS to use this?
The kit is written for people learning AWS — it explains what each resource does and why. If you've clicked around the console once or twice, you're the target reader.
Which AWS regions does it support?
Region-agnostic. Set your preferred region as a Terraform variable and everything follows. Billing and SNS pieces use the correct global endpoints automatically.
Will this cost me money on AWS?
The resources this kit provisions — IAM, Budgets, a CloudWatch alarm, and an SNS topic — sit inside the AWS Free Tier for typical usage. Expect $0 to a few cents per month.
Can I use it on client work or add it to my portfolio?
Yes. The license permits internal use, use on client projects, and forking into a personal GitHub as a portfolio project. You may not repackage and resell the kit itself.
How is it delivered?
For v1, delivery is manual: I email you the private download link within a few hours of purchase (usually much sooner). If you need it faster, reply to the confirmation email and I'll speed it up.
What if I get stuck applying it?
Reply to the delivery email. If it's something the docs missed, I'll fix the docs. If it's an account-specific issue, we can hop on a short call once the consulting slots open.
Do I get future updates?
Yes. Every future revision of the kit is yours at no extra cost. When AWS changes a default (or I learn something worth adding), you get the new version.
Refund policy?
Digital product, so no automatic refunds — but if the kit does not work as described, email me within 14 days and I'll refund you personally.
Rather have it done with you, live?
The kit is the DIY path. If you'd prefer a 90-minute working session where I walk your AWS account through the setup — or a review of an existing account before you launch — a small consulting window is opening shortly. Same senior engineer, more of my time.
Buy the kit today, and if you decide you want it done live together later, the kit purchase gets credited against the consulting fee. No forms yet — this is a heads-up, not a sales page.
Every day of delay is a day you're one leaked token from a bad week.
€47, one time, delivered by email. Future updates free. Refund on request within 14 days.
Secure checkout via Stripe · Instant download after payment confirmation