DEV Community

Andrei Corpo
Andrei Corpo

Posted on

How I Built an AWS Cloud Security Project as a University Student

#cloud #security #aws #terraform

When most CS students are building simple CRUD apps for their thesis,
I decided to go a different route. I built SecurePath — an automated
AWS cloud security project that monitors and remediates misconfigurations
in real time.

Here's what it does, how I built it, and what I learned.

What Is SecurePath?

SecurePath is a Cloud Security Posture Management (CSPM) system built
entirely on AWS. It runs five independent Lambda-based security layers,
each monitoring a different area of the cloud environment.

The 5 Security Layers

  1. IAM Policy Enforcer — detects overly permissive IAM roles
  2. S3 Bucket Monitor — flags publicly accessible buckets
  3. Security Group Auditor — identifies dangerously open inbound rules
  4. CloudTrail Verifier — ensures audit logging is active
  5. Encryption Checker — verifies resources are encrypted at rest

The Tech Stack

  • AWS Lambda — each security layer runs as an independent function
  • DynamoDB — stores all security findings
  • CloudWatch — custom metrics and alerting
  • Grafana — real-time security dashboard
  • Terraform — entire infrastructure defined as code

Results From Testing

After running five demo scenarios against a deliberately misconfigured
AWS environment:

  • ✅ 15 security findings detected
  • ✅ 26.7% auto-remediation rate
  • ✅ Cloud Security Posture Score (CSPS): 54/100

Not a perfect score — but the system correctly identified every
misconfiguration in the test environment.

What I Learned

Building this AWS cloud security project taught me more about cloud
architecture than any university course. A few key lessons:

Auto-remediation is powerful but dangerous. One wrong Lambda
execution can break a production environment. Scope it carefully.

Terraform is non-negotiable. Being able to run terraform destroy
and terraform apply to rebuild the entire environment from scratch
saved hours of debugging.

Security findings need context. A raw list of misconfigurations
isn't useful — the dashboard and scoring system turned raw data into
actionable insight.

Want to Read More?

I wrote a detailed breakdown of the full architecture, the testing
methodology, and lessons learned on my blog:

👉 How I Built an AWS Cloud Security Project as a Student

I'm a software engineering student from Romania building real-world
cloud systems, mobile apps, and ML projects. If you're working on
something similar, feel free to connect.

Top comments (0)