This project demonstrates building a comprehensive security monitoring system on AWS through a progressive, hands-on approach.
Part I establishes the foundational monitoring stack using AWS CloudTrail, CloudWatch, and SNS via the AWS Management Console and CLI. This manual setup is guided by NextWork's walkthrough. It's designed to provide an introduction into how these services integrate to detect and alert on unauthorized secret access.
Part II extends this foundation with additional security capabilities: GuardDuty for threat detection, automated remediation with Lambda and EventBridge, multi-account monitoring, secret rotation, and more! Critically, Part II reimplements the entire architecture using Infrastructure-as-Code (Terraform and CloudFormation), transforming manual operations into reusable, version-controlled modules deployable across environments and AWS accounts.
Part III wil deal with more extensions, best practice, security testing, more Terraform, and compliance. I'll walk through each of the AWS CIS benchmarks, hardening our system and getting it prepared production. I'll also clean up the diagram, as Part II was more of a sandbox/education experience, and Part III will serve as the final touches - the cherry on top.
I hope you enjoy this project as much as I did creating it! Feel free to use these resources for your own learning. Happy building!
Note: Part I can be found under the repo called aws-labs. This repo is dedicated to parts II and III.