@icarusmx/creta 1.5.12 → 1.5.13

package/lib/exercises/{railway-deployment.md → 10-railway-deployment.md}

@@ -68,6 +68,7 @@ scoop install railway
 
 **LazyVim Tip:** Open a floating terminal to run commands while reading:
 - `<leader>ft` - Open floating terminal
+#TODO change the comand below to press twice esc really fast and then c-w w
 - `<C-\><C-n>` - Exit terminal insert mode (go to Normal mode)
 - `<C-w>w` - Cycle between terminal and guide
 - `i` - Back to terminal insert mode (type commands)

package/lib/exercises/{aws-billing-detective.md → 11-aws-billing-detective.md}

@@ -1,6 +1,16 @@
 # AWS Billing Detective Guide 🕵️
 
-## The Mystery: "I turned everything off but AWS still charges me"
+<!-- vim: set foldmethod=marker foldlevel=0: -->
+
+## 📖 LazyVim Reading Guide {{{
+
+**Start with:** `zM` (close all folds) → Navigate with `za` (toggle fold under cursor)
+
+This document uses fold markers `{{{` and `}}}` for organized reading.
+
+}}}
+
+## The Mystery: "I turned everything off but AWS still charges me" {{{
 
 Common culprits (in order of likelihood):
 1. **EBS Volumes** (orphaned disks after stopping EC2)
@@ -13,16 +23,31 @@ Common culprits (in order of likelihood):
 8. **CloudWatch logs** (accumulating logs)
 9. **Data transfer** (cross-region/out-to-internet)
 
----
+}}}
+
+## What You'll Learn {{{
+
+This guide teaches you to:
+1. **Set up AWS CLI** - Get programmatic access to AWS
+2. **Hunt down hidden costs** - Find resources charging you across all regions
+3. **Clean up efficiently** - Delete or stop resources via command line
+4. **Prevent future surprises** - Set up billing alerts and best practices
+5. **Use powerful bash scripts** - Audit all regions automatically
+
+**Time needed:** 30-60 minutes (depending on how many resources you have)
+
+**Prerequisites:** Basic terminal skills, an AWS account
 
-## Part 1: Get Your AWS Access Keys
+}}}
+
+## Part 1: Get Your AWS Access Keys {{{
 
 ### Step 1: Navigate to IAM Console
 1. Log into AWS Console: https://console.aws.amazon.com
 2. Search for "IAM" in top search bar
 3. Click **IAM** (Identity and Access Management)
 
-### Step 2: Create Access Keys
+### Step 2A: Create Access Keys (If Using IAM User - Recommended)
 1. In left sidebar → Click **Users**
 2. Click your username
 3. Click **Security credentials** tab
@@ -36,15 +61,96 @@ Common culprits (in order of likelihood):
    - Secret access key (like `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`)
    - **You can't see the secret again!**
 
-### Step 3: (Alternative) Use Existing Keys
+### Step 2B: Create Access Keys (If Using Root Account - ⚠️ Not Recommended)
+
+**🚨 Security Warning:** Using root account access keys is dangerous. Root has unlimited permissions.
+
+**Why this is risky:**
+- Root account can delete EVERYTHING in your AWS account
+- If keys leak, attackers have complete control
+- No way to limit permissions
+
+**Better approach:** Create an IAM user with `AdministratorAccess` or `PowerUserAccess` policy instead (use Step 2A).
+
+**If you must use root (not recommended):**
+
+1. Click your **account name** in top-right corner
+2. Select **Security credentials** from dropdown menu
+3. Scroll down to **Access keys** section
+4. Click **Create access key**
+5. Select use case: **"Command Line Interface (CLI)"**
+6. Check acknowledgment box
+7. Click **Next** → **Create access key**
+8. **IMPORTANT:** Download `.csv` or copy both:
+   - Access key ID (like `AKIAIOSFODNN7EXAMPLE`)
+   - Secret access key (like `wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY`)
+   - **You can't see the secret again!**
+
+**⚠️ DELETE these root keys after creating an IAM user!**
+
+### Step 3: Storing Your Credentials Securely
+
+#### Option A: Manual Credentials File (For now - before AWS CLI install)
+Since we haven't installed AWS CLI yet, you can create the credentials file manually:
+
+```bash
+# Create AWS config directory
+mkdir -p ~/.aws
+
+# Create credentials file manually
+cat > ~/.aws/credentials << 'EOF'
+[default]
+aws_access_key_id = AKIAIOSFODNN7EXAMPLE
+aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+EOF
+
+# Create config file manually
+cat > ~/.aws/config << 'EOF'
+[default]
+region = eu-west-1
+output = json
+EOF
+```
+
+Replace the example keys with your actual keys from Step 2.
+
+#### Option B: Project Environment Files (For app development)
+If you're building an application that needs AWS access, store credentials in `.env.local`:
+
+```bash
+# Create .env.local file in your project root
+echo "AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE" >> .env.local
+echo "AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" >> .env.local
+echo "AWS_REGION=eu-west-1" >> .env.local
+```
+
+**⚠️ CRITICAL: Add to .gitignore immediately!**
+```bash
+# Prevent committing secrets to git
+echo ".env.local" >> .gitignore
+```
+
+Your `.env.local` should look like:
+```
+AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
+AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+AWS_REGION=eu-west-1
+```
+
+**When to use each:**
+- `.env.local`: Building Node.js apps, scripts, or projects that need AWS SDK
+- `~/.aws/credentials`: Using AWS CLI commands directly in terminal (we'll set this up properly in Part 2)
+
+#### Option C: Use Existing Keys
 If you already created keys before:
 - Check your `~/.aws/credentials` file
+- Check your project's `.env.local` file
 - Or retrieve from password manager
 - **Never share these or commit to git**
 
----
+}}}
 
-## Part 2: Install & Configure AWS CLI
+## Part 2: Install & Configure AWS CLI {{{
 
 ### Install AWS CLI
 
@@ -65,6 +171,8 @@ Download installer from: https://aws.amazon.com/cli/
 
 ### Configure AWS CLI
 
+**If you already created credentials manually in Step 3, `aws configure` will update those files.**
+
 ```bash
 aws configure
 ```
@@ -73,25 +181,52 @@ You'll be prompted:
 ```
 AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE
 AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
-Default region name [None]: us-east-1
+Default region name [None]: eu-west-1
 Default output format [None]: json
 ```
 
+**Recommended regions (especially for crypto/Binance API compatibility):**
+- `eu-west-1` (Ireland) - Europe, reliable, crypto-friendly
+- `eu-central-1` (Frankfurt) - Europe, low latency
+- `eu-north-1` (Stockholm) - Europe, newer, often cheaper
+- `us-east-1` (N. Virginia) - Most common, but some APIs geo-restrict US
+- `ap-southeast-1` (Singapore) - Asia-Pacific, good for global access
+
+**⚠️ Avoid for crypto development:**
+- Regions in countries with strict crypto regulations (some US regions may be restricted by exchanges)
+- European regions are generally safer for Binance and other exchange APIs
+
 **Configuration is saved to:**
 - `~/.aws/credentials` (keys)
 - `~/.aws/config` (region/settings)
 
 ### Verify Setup
 
+Test that AWS CLI is properly configured:
+
 ```bash
 aws sts get-caller-identity
 ```
 
-Should return your account ID and user ARN.
+**Expected output:**
+```json
+{
+    "UserId": "AIDAI...",
+    "Account": "123456789012",
+    "Arn": "arn:aws:iam::123456789012:user/your-username"
+}
+```
+
+**If you see an error:**
+- `Unable to locate credentials` → Re-run `aws configure`
+- `Invalid security token` → Check your access keys are correct
+- `Access Denied` → IAM user might need permissions
 
----
+✅ **Success!** You're now ready to hunt for AWS charges.
 
-## Part 3: The AWS Billing Audit
+}}}
+
+## Part 3: The AWS Billing Audit {{{
 
 ### 🔍 Step 1: Check Which Regions You're Using
 
@@ -115,7 +250,7 @@ done
 
 ### 🔍 Step 2: Hunt for EC2 Charges
 
-#### List ALL EC2 Instances (all states)
+#### List ALL EC2 Instances (all states, all regions)
 
 ```bash
 # Check default region
@@ -128,6 +263,14 @@ aws ec2 describe-instances --region us-east-1 --output table
 aws ec2 describe-instances \
   --query 'Reservations[].Instances[].[InstanceId,State.Name,InstanceType]' \
   --output table
+
+# Check ALL regions (recommended - instances hide in forgotten regions!)
+for region in $(aws ec2 describe-regions --query 'Regions[].RegionName' --output text); do
+  echo "Checking region: $region"
+  aws ec2 describe-instances --region $region \
+    --query 'Reservations[].Instances[].[InstanceId,State.Name,InstanceType]' \
+    --output table 2>/dev/null | grep -v "^$"
+done
 ```
 
 #### Stop Running Instances
@@ -383,9 +526,9 @@ aws logs describe-log-groups \
 aws logs delete-log-group --log-group-name /aws/lambda/my-function
 ```
 
----
+}}}
 
-## Part 4: The Nuclear Option - Check Everything
+## Part 4: The Nuclear Option - Check Everything {{{
 
 ### All-Regions Audit Script
 
@@ -447,9 +590,9 @@ chmod +x aws-audit-all-regions.sh
 ./aws-audit-all-regions.sh
 ```
 
----
+}}}
 
-## Part 5: Use AWS Cost Explorer (Web UI)
+## Part 5: Use AWS Cost Explorer (Web UI) {{{
 
 1. Go to: https://console.aws.amazon.com/cost-management/home
 2. Click **Cost Explorer** → **Enable Cost Explorer** (if first time)
@@ -466,9 +609,9 @@ chmod +x aws-audit-all-regions.sh
 - S3
 - Data Transfer
 
----
+}}}
 
-## Part 6: Set Up Billing Alerts
+## Part 6: Set Up Billing Alerts {{{
 
 **Prevent this from happening again:**
 
@@ -492,9 +635,9 @@ aws cloudwatch put-metric-alarm \
 3. Set threshold (e.g., $10/month)
 4. Add email alert
 
----
+}}}
 
-## Quick Reference: Most Common Commands
+## Quick Reference: Most Common Commands {{{
 
 ```bash
 # Check identity
@@ -525,9 +668,9 @@ for region in $(aws ec2 describe-regions --query 'Regions[].RegionName' --output
 done
 ```
 
----
+}}}
 
-## Troubleshooting
+## Troubleshooting {{{
 
 ### "Unable to locate credentials"
 ```bash
@@ -556,26 +699,63 @@ aws configure set region us-east-1
 5. **Check CloudFront** - distributions can accumulate charges
 6. **Contact AWS Support** - they can help identify charges
 
----
+}}}
 
-## Prevention Checklist
+## Prevention Checklist {{{
 
-Before leaving AWS for the day:
+### Before Leaving AWS For The Day:
+
+Quick commands to prevent charges:
+
+```bash
+# 1. List all running EC2 instances
+aws ec2 describe-instances \
+  --query 'Reservations[].Instances[?State.Name==`running`].[InstanceId,InstanceType]' \
+  --output table
+
+# 2. Check for orphaned EBS volumes
+aws ec2 describe-volumes \
+  --filters "Name=status,Values=available" \
+  --query 'Volumes[].[VolumeId,Size]' \
+  --output table
+
+# 3. Check for unused Elastic IPs
+aws ec2 describe-addresses \
+  --query 'Addresses[?AssociationId==null].[PublicIp]' \
+  --output table
+
+# 4. Check for NAT Gateways
+aws ec2 describe-nat-gateways \
+  --filter "Name=state,Values=available" \
+  --output table
+```
+
+### Checklist:
 
 - [ ] Stop or terminate ALL EC2 instances
-- [ ] Delete ALL unattached EBS volumes
+- [ ] Delete ALL unattached EBS volumes (the #1 hidden cost!)
 - [ ] Release ALL unused Elastic IPs
-- [ ] Delete NAT Gateways if not needed
-- [ ] Delete or stop RDS instances
-- [ ] Check ALL regions (not just default)
-- [ ] Set up billing alerts
-- [ ] Use AWS Free Tier Dashboard to monitor usage
+- [ ] Delete NAT Gateways if not needed ($32/month each!)
+- [ ] Stop or delete RDS instances
+- [ ] Check ALL regions (not just your default)
+- [ ] Set up billing alerts (do this ONCE)
+- [ ] Review AWS Free Tier Dashboard monthly
+
+### Golden Rule:
+
+**If you're not actively using AWS, your monthly bill should be $0-2.**
+
+Anything above that means:
+- You have running resources you forgot about
+- EBS volumes are accumulating
+- Elastic IPs aren't released
+- NAT Gateway is still running
 
-**Rule of thumb:** If you're not actively using AWS, your monthly bill should be $0-2 (maybe Route 53 or minimal S3).
+**Run the audit script from Part 4 weekly to stay safe!**
 
----
+}}}
 
-## Useful Links
+## Useful Links {{{
 
 - AWS Cost Explorer: https://console.aws.amazon.com/cost-management/home
 - AWS Free Tier: https://console.aws.amazon.com/billing/home#/freetier
@@ -583,6 +763,6 @@ Before leaving AWS for the day:
 - IAM Console: https://console.aws.amazon.com/iam
 - Support Center: https://console.aws.amazon.com/support/home
 
----
+}}}
 
 **Good luck, detective! 🕵️**