When most CS students are building simple CRUD apps for their thesis,
I decided to go a different route. I built SecurePath — an automated
AWS cloud security project that monitors and remediates misconfigurations
in real time.
Here's what it does, how I built it, and what I learned.
What Is SecurePath?
SecurePath is a Cloud Security Posture Management (CSPM) system built
entirely on AWS. It runs five independent Lambda-based security layers,
each monitoring a different area of the cloud environment.
The 5 Security Layers
- IAM Policy Enforcer — detects overly permissive IAM roles
- S3 Bucket Monitor — flags publicly accessible buckets
- Security Group Auditor — identifies dangerously open inbound rules
- CloudTrail Verifier — ensures audit logging is active
- Encryption Checker — verifies resources are encrypted at rest
The Tech Stack
- AWS Lambda — each security layer runs as an independent function
- DynamoDB — stores all security findings
- CloudWatch — custom metrics and alerting
- Grafana — real-time security dashboard
- Terraform — entire infrastructure defined as code
Results From Testing
After running five demo scenarios against a deliberately misconfigured
AWS environment:
- ✅ 15 security findings detected
- ✅ 26.7% auto-remediation rate
- ✅ Cloud Security Posture Score (CSPS): 54/100
Not a perfect score — but the system correctly identified every
misconfiguration in the test environment.
What I Learned
Building this AWS cloud security project taught me more about cloud
architecture than any university course. A few key lessons:
Auto-remediation is powerful but dangerous. One wrong Lambda
execution can break a production environment. Scope it carefully.
Terraform is non-negotiable. Being able to run terraform destroy
and terraform apply to rebuild the entire environment from scratch
saved hours of debugging.
Security findings need context. A raw list of misconfigurations
isn't useful — the dashboard and scoring system turned raw data into
actionable insight.
Want to Read More?
I wrote a detailed breakdown of the full architecture, the testing
methodology, and lessons learned on my blog:
👉 How I Built an AWS Cloud Security Project as a Student
I'm a software engineering student from Romania building real-world
cloud systems, mobile apps, and ML projects. If you're working on
something similar, feel free to connect.
