DEV Community: Andy Yaro

WIP student project: multi-account AWS “Secure Data Hub” (would love feedback!)

Andy Yaro — Thu, 27 Nov 2025 05:42:13 +0000

Hi everyone,

I’m a sophomore cybersecurity engineering student, and I started noticing how small teams and solo professionals (like small law, health, or consulting practices) often keep sensitive client information spread across emails, spreadsheets, and random files.

I wanted to challenge myself to design something safer, while also learning how real-world cloud security works.
So I started building what I call the Secure Data Hub, a simple web-based space that keeps client records in one secure place on AWS.

I designed the architecture myself and I’m about 60% done, so I’m still improving it as I learn.

I’m always open to ideas and feedback!
See below portions the architecture!

Check the GitHub Repo for more!

Here is the architecture documented

[Boost]

Andy Yaro — Fri, 27 Jun 2025 05:12:03 +0000

That moment when CloudFront returns 'Access Denied' for like the 10th time and you question everything you know about AWS...

Andy Yaro ・ Jun 26

#devops #cloudresumechallenge #aws #awschallenge

That moment when CloudFront returns 'Access Denied' for like the 10th time and you question everything you know about AWS...

Andy Yaro — Thu, 26 Jun 2025 06:26:49 +0000

Hi! I Just completed the Cloud Resume Challenge, the hard way I would say.

My Project Architecture Diagram

In this post, I share every failed attempt, every 'aha' moment, and the exact solutions that finally worked.

The journey:

Built a multi-account AWS Organization (to familiarize with enterprise-level architecture and cross-account permissions)

Failed with cross-account IAM roles ❌
Failed with S3 bucket policies ❌
Failed with ACLs ❌
Failed with S3 Access Grants ❌
Finally succeeded with S3 Access Points ✅

But wait... Still got Access Denied.

The plot twist? An old ACL setting from attempt #3 was silently overriding everything. One forgotten checkbox. Hours of debugging. Disabled ACLs → instantly worked.

What I built in 2 weeks:

CloudFront + S3 static site with cross-account architecture
Serverless API (Lambda + API Gateway + DynamoDB)
Full Backend Terraform IaC + GitHub Actions CI/CD
DNSSEC-enabled domain + Playwright testing
Real-time visitor counter

Biggest lesson: "No error, no gain." Each failure taught me something documentation alone never could.

🌐 See the final product: https://portfolio.andyyaro.com

I documented the entire saga, including screenshots of every error message that haunted me:

📖 See Executive Summary (5 min read) on portfolio site : https://portfolio.andyyaro.com/the-cloud-resume-challenge

📖 Read Full technical deep-dive (21 min read) on my Blog page: blog.andyyaro.com/blog/a-two-week-journey-of-learning-and-building

What's your most memorable "Access Denied" story? Feel free to share !