The latest articles on DEV Community by Andrei Corpo (@andrei_corpo_125b117435c3). https://dev.to/andrei_corpo_125b117435c3 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3957983%2F841ae60f-cb7a-402f-9be4-e666add0b600.png https://dev.to/andrei_corpo_125b117435c3 en Andrei Corpo Fri, 29 May 2026 07:37:38 +0000 https://dev.to/andrei_corpo_125b117435c3/how-i-built-an-aws-cloud-security-project-as-a-university-student-3apl https://dev.to/andrei_corpo_125b117435c3/how-i-built-an-aws-cloud-security-project-as-a-university-student-3apl <p>When most CS students are building simple CRUD apps for their thesis, <br> I decided to go a different route. I built <strong>SecurePath</strong> — an automated <br> AWS cloud security project that monitors and remediates misconfigurations <br> in real time.</p> <p>Here's what it does, how I built it, and what I learned.</p> <h2> What Is SecurePath? </h2> <p>SecurePath is a Cloud Security Posture Management (CSPM) system built <br> entirely on AWS. It runs five independent Lambda-based security layers, <br> each monitoring a different area of the cloud environment.</p> <h2> The 5 Security Layers </h2> <ol> <li> <strong>IAM Policy Enforcer</strong> — detects overly permissive IAM roles</li> <li> <strong>S3 Bucket Monitor</strong> — flags publicly accessible buckets</li> <li> <strong>Security Group Auditor</strong> — identifies dangerously open inbound rules</li> <li> <strong>CloudTrail Verifier</strong> — ensures audit logging is active</li> <li> <strong>Encryption Checker</strong> — verifies resources are encrypted at rest</li> </ol> <h2> The Tech Stack </h2> <ul> <li> <strong>AWS Lambda</strong> — each security layer runs as an independent function</li> <li> <strong>DynamoDB</strong> — stores all security findings</li> <li> <strong>CloudWatch</strong> — custom metrics and alerting</li> <li> <strong>Grafana</strong> — real-time security dashboard</li> <li> <strong>Terraform</strong> — entire infrastructure defined as code</li> </ul> <h2> Results From Testing </h2> <p>After running five demo scenarios against a deliberately misconfigured <br> AWS environment:</p> <ul> <li>✅ 15 security findings detected</li> <li>✅ 26.7% auto-remediation rate</li> <li>✅ Cloud Security Posture Score (CSPS): 54/100</li> </ul> <p>Not a perfect score — but the system correctly identified every <br> misconfiguration in the test environment.</p> <h2> What I Learned </h2> <p>Building this AWS cloud security project taught me more about cloud <br> architecture than any university course. A few key lessons:</p> <p><strong>Auto-remediation is powerful but dangerous.</strong> One wrong Lambda <br> execution can break a production environment. Scope it carefully.</p> <p><strong>Terraform is non-negotiable.</strong> Being able to run <code>terraform destroy</code> <br> and <code>terraform apply</code> to rebuild the entire environment from scratch <br> saved hours of debugging.</p> <p><strong>Security findings need context.</strong> A raw list of misconfigurations <br> isn't useful — the dashboard and scoring system turned raw data into <br> actionable insight.</p> <h2> Want to Read More? </h2> <p>I wrote a detailed breakdown of the full architecture, the testing <br> methodology, and lessons learned on my blog:</p> <p>👉 <a href="https://corpo.lat/aws-cloud-security-student-project/" rel="noopener noreferrer">How I Built an AWS Cloud Security Project as a Student</a></p> <p>I'm a software engineering student from Romania building real-world <br> cloud systems, mobile apps, and ML projects. If you're working on <br> something similar, feel free to connect.</p> aws cloud security terraform