DEV Community: Aneesah

Next Stop: AWS Cloud "Cloud Security with IAM: Implementing Role-Based Access "

Aneesah — Fri, 16 May 2025 01:51:59 +0000

As someone who is gaining experience working within AWS, I wanted to take a hands-on approach to designing access controls using IAM (Identity and Access Management). The goal was simple: implement user roles that align with security best practices.

To do that, I started by asking three key questions:

Who needs access?
What can they do (or not do)?
What security protocols are in place to control that access?

With those questions guiding me, I created a basic structure and visual diagram to outline two IAM groups:

A Production Team, and
An Intern Team.

The Production Team was granted full access to manage EC2 instances, while the Intern Team received read-only access — enough to observe and learn, but not change anything.

Breaking Down the Diagram

Production Team

Access level: Full access to EC2
Permissions: Start/stop EC2 instances, view logs
Security: Multi-Factor Authentication (MFA) enforced
IAM Policy: Grants full EC2 access
Used by team members managing active cloud infrastructure

Intern Team

Access level: Read-only
Permissions: Can view EC2 services, but cannot start/stop/modify
Security: MFA required
IAM Policy: AmazonEC2ReadOnlyAccess
Ideal for observing and learning cloud operations without risk

Layered Security

Good IAM design doesn’t stop at access policies. Here’s how I added extra layers of protection:

MFA Enforcement

Required for every user to add a second factor of authentication.
1. Security Monitoring
AWS GuardDuty: Detects suspicious activity
AWS Detective: Helps investigate account behavior
Security Hub: Centralizes compliance findings

Why This Setup Works

Simple — Two clearly defined groups make it easy to manage.
Secure — MFA + least privilege = strong foundational security.
Scalable — Easy to expand and onboard new users or teams.

Final Thoughts

This small project helped me build confidence in using IAM securely and practically. By setting up clear roles, applying the principle of least privilege, and using layered security, I learned how AWS IAM can support both productivity and protection.

If you’re just starting out, this is a great way to practice real-world cloud security. Start small, keep it clear, and always think about who needs what access — and how to protect it.

A video demo is coming soon.

Next Stop: AWS Cloud - "Automating Receipt Emails with AI"

Aneesah — Wed, 23 Apr 2025 22:28:04 +0000

When I decided to start learning AWS, I knew I didn’t want to just read documentation—I wanted to build something. I found a great starter project from Tech with Lucy on YouTube:
Build With Me: Automating My Life with AWS & AI

This tutorial walked me through building a simple workflow that automatically processes receipt files, extracts the important data, stores it, and sends me an email summary. It was surprisingly beginner-friendly and helped me get comfortable with multiple AWS services.

What This Project Does

Here’s the general idea: I upload a receipt to the cloud, and AWS takes care of the rest.

The file goes into S3 (AWS’s cloud storage).
Textract reads the file and pulls out data like the total amount.
DynamoDB stores that data in a structured format.
SES (Simple Email Service) sends me an email with a receipt summary.
Lambda glues everything together and automates the flow.
CloudWatch helps monitor logs in case anything goes wrong.

This small project covers a lot of what AWS can do—and it only took me about an hour to set up.

AWS Services I Learned About

Service	Purpose
S3	Stores receipt files
Textract	Extracts text/data from files
DynamoDB	Saves extracted data
SES	Sends email with data summary
Lambda	Runs automation code (serverless)
CloudWatch	Tracks logs for troubleshooting
IAM Roles	Controls access and permissions

The Error That Made Me Sweat

Everything was working great until I hit an error when testing the Lambda function:

Log group does not exist

Classic first-time AWS moment.

To troubleshoot, I followed this AWS support article:How do I resolve the "Log group does not exist" error for Lambda function logs in the CloudWatch console?

Here’s what happened:

I checked the IAM role attached to the Lambda function.
The policy AWSLambdaBasicExecutionRole was attached, but it was missing proper permissions.
Specifically, it didn’t allow CreateLogGroup and CreateLogStream.
On top of that, the resource name for the log group didn’t match my Lambda function.

Once I corrected the policy and specified the right resource name, everything fell into place. Logs were being generated, the function executed, and emails started landing in my inbox

What I Learned

This project taught me that AWS isn’t just about spinning up servers—it’s about building tools that can automate parts of your life or work.

Here’s what stood out:

AWS Textract is powerful: It can read and pull data from receipts with no manual effort.
IAM Roles matter: Even if a policy is attached, it must be properly configured.
CloudWatch is a great assist when debugging.

Why You Should Try This

If you're new to cloud computing and AWS, this project gives you:

A real-world use case
Exposure to 5+ core AWS services
The chance to solve an actual error (and learn from it)

It's short, hands-on, and very rewarding.

Give it a go, and let me know how it works out for you!

30 Day SOC Challenge -Day 7

Aneesah — Thu, 17 Apr 2025 06:01:39 +0000

Goal:
Install Elastic Agent on Windows Server ,Enroll the Windows Server into a fleet

Troubleshooting Fleet Server as it's not connecting to Elastic
Path of a file doesn't exist

Beginning of the end, I struggled a lot on Day 7 so much my own OS was taking a beating.

30Day- SOC challenge Day 4 & 5

Aneesah — Thu, 17 Apr 2025 05:57:51 +0000

DAY 4 : Setting up Kibana.
Added tokens to access elastic from IP Address.
Had to troubleshoot a page not loading on port 5601

config elastic .yml

Lastly, tighten up firewall, 1-6355 for TCP

Got verified tokens and the site load with less fiction this time.

Went back to Kibana to configure encryption keys.

Ran 3 Xpack keys

Day 4 was fun exposed to just setting up & configuration and reviewing docs

Spent a lot of time in the terminal and picked up a few things along the way.

DAY 5: setting up windows server

Deployed a new server Windows and not adding this to the VPC and will expose this server to everyone

The Windows server was easy to setup.

Cash App Social Engineering Scam: A Beginner’s Guide

Aneesah — Fri, 20 Sep 2024 06:20:50 +0000

Introduction

Cash App is a convenient way to send, spend, and save money. However, with this ease comes risks, especially from scams that exploit personal information. One such scam involves identity theft and the misuse of Cash App debit cards. In this blog, we’ll walk through how this scam works and how to protect yourself, even if you’re new to cybersecurity.

What is the Scam

The scam begins with a Cash App debit card being opened in your name—without your knowledge—thanks to identity theft and social engineering techniques. Once the card is activated, the scammer gains access to the linked banking details and can control the account. The money loaded onto the card is either transferred to another account or you are locked out of the account entirely.

Key Points of the Scam:

A debit card is issued in your name.
Scammers are alerted to active cards; gaining access to the fake Cash App account.
Money from the account is transferred or your access is restricted.

How Social Engineering Powers This Scam

What is Social Engineering?

At its core, social engineering is not a cyber attack, but a psychological one. Scammers exploit your trust and willingness to act without suspicion. By manipulating your response to a surprise—like receiving an unexpected debit card—they persuade you into compromising actions. It’s like a modern con game, where the aim is to make you let your guard down.

In this case, the scam preys on the doubt you might feel about whether or not you requested the debit card. Scammers rely on confusion and hesitation to increase their success rate.

How the Scam Works, Step-by-Step

Receiving the Debit Card: You receive a Cash App debit card in the mail, which you didn’t request.
Activating the Card: Scammers are alerted to an active card, you unknowingly sync your banking details to fake Cash App Account.
Locking You Out: Once the card is linked, scammers may either transfer the money from your account or lock you out of the Cash App account entirely.

How to Protect Yourself

Report the Scam Immediately
If you’re an existing Cash App user and you receive an unfamiliar debit card, contact Cash App support. Report any suspicious accounts created in your name to prevent further fraud.
Enable Two-Factor Authentication (2FA)
Go to your Cash App profile settings and enable two-factor authentication to add an extra layer of security. This may help prevent unauthorized access to your account.
Verify Your Identity
Verify your account identity in Cash App settings to add more protection. This may help stop scammers from creating new accounts using your identity.
Freeze Your Credit
To further protect yourself, consider freezing your credit with major credit bureaus (Experian, Equifax, TransUnion). This prevents scammers from opening new accounts in your name. Also, file a report with the Federal Trade Commission (FTC) at identitytheft.gov.

Useful Resources:

FTC Identity Theft Reporting

Conclusion

If you receive a random Cash App debit card in the mail, don’t ignore it. Scammers rely on your confusion and hesitation to pull off this social engineering attack. By reporting the card, securing your accounts, and freezing your credit, you can stop these fraudsters in their tracks.

Always remember that social engineering scams like this rely on psychological manipulation. Stay vigilant, and don’t let uncertainty lead you to take unsafe actions.

30 Day SOC Challenge- Day 2 & 3 : ELK Stack / Elastic Search

Aneesah — Mon, 09 Sep 2024 01:20:27 +0000

DAY 2

For day 2 I was introduced to the ELK Stack.
I'll be using this stack for the duration of the challenge, but before I dive in lets get a better understanding of the ELK Stack

What is ELK Stack

E - Elastic search: database to store logs, uses and ES|QL, uses RESTFUL API & JSON to query data
L - Logstash: pipeline to collect telemetry from various sources to transforms it and sends it to your stash
K - Kibana: Web console to query our logs stored within our elastic search instance. Data visualization & Data Explorations & GEO Mapping

Benefits to ELK

Centralized Logging meets compliance requirements & search data
Flexibility Customized Ingestion
Visualizations Observe information at a glance
Scalability Easy to configure to handle larger environments
Ecosystem Many integrations and rich community

Search Data, Create Visualization, Create Reports, Create Alerts are the focus of the ELK Stack.

After getting a rundown of what the ELK stack is I noticed I'm already familiar with 2 out the 3; those being Elastic search and Kibana.

Both of these tools I had access to working in my previous Incident management role, often querying logs for event instance and to paras through the data.
This will be the first time setting up Elastic search & Kibana on my own.

Day 3

Following we got into the terminal and downloaded Elastic Search and configured the firewall

Creating a Virtual Private Cloud

First I created a VPC 2.0 using Vultr, after I spun up a sever opted for an Ubuntu image to be hosted within the network group.

Setting up the server was very easy, similar to spinning up servers in AWS or Azure.

Refer back to DAY 1: Logical Diagram to see my intended setup

Installing Elastic Search

From Elastic.co I went to download section, copy the link for zip file.
The fun comes in when I ssh into the VM from the terminal to plug in the url of the download.

Root@ plubic IP Address

Once in the VM I ran cmd

wget - url link from Elastic search download
dpkg -i 'Elasticsearch package file name & version'

After installing Elastic search I noted the security configuration info.

This contained my super user password and steps on how to generate Kibana token, Elastic nodes, and update user password.

I copied all of this to a note pad for future reference.

Configure Elastic Search

Before I can get started using Elastic search I wanted to configure a few settings.
So I accessed the Elastic.yml file.

nano elasticsearch.yml

I updated the Network host and removed the comment on http port

The network host will point to the private IP I created in the VPC, this will allow my SOC computer to access my elastic search instance.

Firewall group

Lastly I configured my firewall to make sure it's tightened up.
I went back to Vultr, under network selected firewall.
I created a group for my server and by default the ssh source was set to Anywhere

I updated this to be from MyIP.

Now my VM has a Firewall group that is only accessible via myIP address.

Run Elastic search

Now let's run the Elastic search !
I head back to my terminal and ran the following cmds

sudo systemctl daemon-reload 
sudo systemctl enable elasticsearch.service
sudo systemctl start elasticsearch.service

I wanted to checked that I successfully got it up and running.

sudo systemctl status elasticsearch.service

Take Aways

Day 2 & 3 were very informative on the ELK Stack and I enjoy playing around in the terminal. I often forget a few cmd so I keep a cheatsheet on hand.

Early in my tech career I would be frighten/ unsure about the terminal and even scared to run cmds; but now I enjoy being in there and getting messy.

30 Day SOC Challenge - Day 1 : Logical Diagram

Aneesah — Thu, 05 Sep 2024 06:24:15 +0000

I'm on a journey to refine a few of my Incident Response / Cyber Security skills.
So for the month of September I'll be working on some SOC Analyst projects courtesy of MyDIF SOC Analyst Challenge on Youtube.

The 30 day challenge will range day to day but most importantly help me build consistency/accountability.

DAY 1. Starting off with building a Logical Diagram.

I haven't worked with Draw.io in what feels like ages. I'm familiar with using this diagram builder when working as Project Manager for support on a Restaurant application.

So getting started I built a Logical Diagram of the setup I'll be focusing on during these 30days.

The cloud infrastructure I'll be working with is Vultr, from there I'll create 6 servers with functions.

This diagram will be updated and changed throughout, however here is a rough outline of the project.