Corpo Blog

How I Built a Cloud Security System on AWS as a Student

admin

/

/

In

When most students are building simple CRUD apps for their academic projects, I decided to go a step further — I built SecurePath, an automated multi-layer Cloud Security Posture Management (CSPM) system on AWS. Here’s what I learned from the experience. What Is a CSPM System? A Cloud Security Posture Management system continuously monitors your…

When most students are building simple CRUD apps for their academic projects, I decided to go a step further — I built SecurePath, an automated multi-layer Cloud Security Posture Management (CSPM) system on AWS.

Here’s what I learned from the experience.

What Is a CSPM System?

A Cloud Security Posture Management system continuously monitors your cloud infrastructure for misconfigurations, policy violations, and security risks — then automatically remediates them where possible.

Think of it as a security guard that never sleeps, watching over your AWS resources 24/7.

How SecurePath Works

SecurePath runs five independent Lambda-based security layers, each responsible for a different area:

  1. IAM Policy Enforcer — detects overly permissive IAM roles and policies
  2. S3 Bucket Monitor — flags publicly accessible buckets
  3. Security Group Auditor — identifies dangerously open inbound rules
  4. CloudTrail Verifier — ensures audit logging is active across all regions
  5. Encryption Checker — verifies that sensitive resources are encrypted at rest

All findings are stored in a DynamoDB table, visualized through custom CloudWatch metrics, and displayed on a Grafana dashboard in real time.

The Numbers

After running five demo scenarios against a deliberately misconfigured AWS environment, the system produced:

  • 15 security findings detected
  • 26.7% auto-remediation rate
  • A Cloud Security Posture Score (CSPS) of 54/100

Not a perfect score — but that was the point. The system correctly identified every issue in the test environment.

What I Would Do Differently

Looking back, I would invest more time in the remediation logic for complex findings. Auto-remediation is powerful but dangerous if not carefully scoped — one wrong Lambda execution can break a production environment.

I also documented a known logging bug in the Policy Enforcer Lambda where remediation succeeds but the response incorrectly logs remediated: false. Small bugs like this matter in security systems.

Final Thoughts

Building SecurePath taught me more about AWS, security architecture, and Infrastructure as Code (Terraform) than any course ever could. If you’re a student looking to level up, build something real — even if it’s imperfect.

The code is open source on GitHub if you want to explore it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest Posts

More Posts