Skip to content

Krishcyber2005/AWS-Secure-Cloud-VPC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
Architecture/Screenshots
Architecture/Screenshots
 
 
Report
Report
 
 
Security
Security
 
 
README.md
README.md
 
 

Repository files navigation

🔐 AWS Secure Cloud VPC – Security Architecture Project

📌 Project Overview

This project demonstrates the design and implementation of a secure AWS cloud environment using industry best practices for network segmentation, access control, compute security, and monitoring.

The objective was to simulate a real-world enterprise cloud security architecture while maintaining visibility, least privilege access, and strong isolation between public and private resources.

🏗️ Architecture Summary

The environment is built on a custom AWS VPC and includes:

  • Custom Virtual Private Cloud (VPC)
  • Public and private subnet segmentation
  • Internet Gateway with controlled routing
  • EC2 instance deployed in a public subnet
  • Security Groups enforcing least-privilege network access
  • IAM roles to eliminate hardcoded credentials
  • Amazon CloudWatch for monitoring
  • VPC Flow Logs for network traffic visibility

🔐 Security Controls Implemented

🔹 Network Security

  • Public and private subnet isolation
  • Internet-facing access restricted to HTTP/HTTPS
  • Private backend accessible only from trusted security groups
  • Reduced attack surface through layered network design

🔹 Compute Security (EC2)

  • EC2 instance deployed using AWS Free Tier resources
  • Key-based SSH authentication (no password login)
  • IAM role attached to EC2 instead of static credentials
  • Controlled inbound and outbound security group rules

🔹 Identity & Access Management (IAM)

  • Root account avoided for daily operations
  • IAM user used for administrative access
  • EC2 instance assigned a dedicated IAM role
  • Least privilege permissions enforced

🔹 Monitoring & Logging

  • Amazon CloudWatch enabled for log collection
  • VPC Flow Logs capturing network traffic metadata
  • Centralized visibility for security validation and auditing

🧪 Security Validation

The environment was validated by reviewing:

  • Active CloudWatch log groups and streams
  • VPC Flow Log records
  • Security group configurations
  • IAM role permissions

These controls confirm secure access management, controlled traffic flow, and continuous monitoring.

🛠️ Tools & Technologies Used

  • AWS VPC
  • EC2 (Amazon Linux)
  • IAM
  • Security Groups
  • CloudWatch
  • VPC Flow Logs
  • SSH (Key-based authentication)

🎯 Skills Demonstrated

  • Cloud security architecture design
  • Network segmentation & isolation
  • IAM least-privilege implementation
  • Secure compute deployment
  • Cloud monitoring & logging
  • Security documentation & reporting

📄 Documentation

A detailed security architecture report is available in the /Report directory:

  • AWS_Secure_Cloud_VPC_Security_Report.pdf

👤 Author

Krish Patel
Cybersecurity & Cloud Security Enthusiast

About

Secure AWS VPC architecture featuring public/private subnet segmentation, IAM least-privilege access, hardened EC2 deployment, and monitoring with CloudWatch and VPC Flow Logs

Topics

aws cloud ec2 cloudwatch iam aws-vpc security-group cloudsecurity network-segmentation aws-vpc-subnet aws-vpc-endpoint

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors