Topic 10: Cloud Security Fundamentals Capstone
Demonstrate your cloud security knowledge by implementing a comprehensive security monitoring and incident response system. You'll add enterprise-grade security to the infrastructure you've built throughout this course, securing the Journal API application that has evolved from Phase 2 through Phase 4.
Capstone Steps
Note: If you haven't completed previous phases, you can deploy any simple web application (e.g., a basic Flask/Express app, WordPress, or even a static website) as your target infrastructure to secure.
1. Secure the Infrastructure
Take your existing cloud infrastructure (from Phase 3's deployment or Phase 4's containerized/Kubernetes setup) and add the following security controls:
- Configure IAM roles following least privilege principle
- Implement network segmentation with proper security groups/NACLs
- Enable encryption for all data at rest (databases, object storage)
- Set up secure secrets management (AWS Secrets Manager, Azure Key Vault, or GCP Secret Manager)
- Configure secure logging (CloudTrail/Azure Activity Log/GCP Cloud Logging)
2. Implement Security Monitoring
Set up comprehensive security monitoring:
- Deploy a SIEM solution (AWS Security Hub, Azure Sentinel, or GCP Security Command Center)
- Configure security alerts for:
- Failed authentication attempts
- Unauthorized API calls
- Security group modifications
- Public resource exposure
- Anomalous user behavior
- Create a security dashboard showing:
- Current security posture score
- Active threats/alerts
- Compliance status
- Resource inventory
3. Build Automated Incident Response
Create automated responses to common security events:
- Exposed S3 Bucket/Storage: Automatically make private and notify team
- Suspicious IAM Activity: Disable user/key and create incident ticket
- DDoS Detection: Enable rate limiting and scale resources
- Compromised Instance: Isolate instance, snapshot for forensics, terminate
Example automation structure:
Event Detection → Lambda/Function/Cloud Function → Response Action → Notification
4. Demonstrate and Document
Create a demonstration showing:
- Trigger each security event intentionally
- Show automated response in action
- Display alerts and notifications
- Generate incident report
- Document lessons learned and improvements
Include in your documentation:
- Architecture diagram with security controls
- Runbook for each incident type
- Cost analysis of security implementation
- Recommendations for future improvements
Example Project Structure
/secure-journal-app
/security # Security policies and configurations
/iam # IAM roles and policies
/siem # SIEM configurations and dashboards
/incident-response # Lambda functions for automated responses
/monitoring # Security monitoring configs
/alerts # Alert definitions
/dashboards # Grafana/CloudWatch dashboards
/docs # Documentation
/runbooks # Incident response runbooks
/architecture # Security architecture diagrams
/terraform # IaC for security resources
README.md
Testing & Validation
- Intentionally expose an S3 bucket publicly—verify it's automatically secured within minutes
- Attempt unauthorized API calls—confirm alerts are generated and logged
- Modify a security group to allow all traffic—verify automated remediation
- Generate failed login attempts—check SIEM dashboard shows the activity
- Run a security scan against your infrastructure—verify all controls are in place
- Review CloudTrail/audit logs to ensure all actions are being logged
Success Criteria
- All infrastructure follows security best practices
- Monitoring detects and alerts on security events within 5 minutes
- Automated responses execute without manual intervention
- Clear documentation allows others to replicate your setup
- Total monthly cost stays under $50 (use free tiers where possible)
Skills Checklist
- IAM configuration with least privilege
- Network security (security groups, NACLs, segmentation)
- Encryption at rest and in transit
- Secrets management implementation
- Security logging and audit trails
- SIEM deployment and configuration
- Security alerting and monitoring
- Automated incident response workflows
- Security documentation and runbooks
- Compliance and security posture assessment
Next Steps
After completing this capstone, you'll have demonstrated comprehensive cloud security skills by implementing enterprise-grade security controls, monitoring, and incident response. This project showcases your ability to secure cloud infrastructure and automate security operations—essential skills for any cloud role and particularly valuable for security-focused positions!