infrastructure limits and security implications

[magenx]

security:
please do not use any:

1. ssh connections
2. ssh keys
3. sudo ALL
4. single system and php user
5. undefined acl
6. writeable folders
7. executable awscli
8. IMDSv1

infrastructure:
please do not limit to nor use:

1. only single region
2. only 2 AZ in region
3. bastion hosts
4. parameters/ip sync

add more randomness to parameters and variables.
many devs will use it for production and deployment own shops, adopting and replicating these issues.

also you create dual ALB with IGW to internal private network and with CloudFront, doesn't looks like quick start reference infrastructure.

[Shero-Inc]

Hi @magenx

Many thanks for the feedback, We updated these items in develop that has since been merged.

Please let us know how you find the setup.

[magenx]

you only removed some sudo config,
but other elements not fixed.

and it looks like you have magento setup running from user_data.