Skip to content
/ aws-security-networking Public

Enterprise-grade AWS security & networking portfolio: Terraform-built hub-and-spoke VPC architecture with centralized ingress/egress, organization-wide IAM zero-trust guardrails (SCPs/permission boundaries), and centralized detection/response using multi-account logging and automated alerting.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

JamieChristian22/aws-security-networking

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
Images
Images
 
 
docs
docs
 
 
projects
projects
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

AWS Security + Networking Portfolio

This repo contains 4 real-world AWS security & networking projects designed to mirror what cloud/security engineers do in production: segmented networks, centralized security logging, serverless hardening, and identity governance.

Each project is fully written (no TODOs) and includes:

  • A clear business scenario + security requirements
  • Architecture diagram (Mermaid)
  • Terraform IaC (modules + environments)
  • Validation steps + threat model + runbook
  • Cost notes + guardrails

Date built: 2025-12-13

Projects

  1. 01 – Secure Multi-Account Network Core (Hub/Spoke + Inspection VPC + AWS Network Firewall)
  2. 02 – IAM Zero-Trust Guardrails (SCPs, Permission Boundaries, Break-Glass, Least-Privilege Roles)
  3. 03 – Centralized Security Logging & Detection (CloudTrail + GuardDuty + Security Hub + OpenSearch Dashboards)
  4. 04 – Secure Serverless API (Private access, WAF, Cognito, KMS, VPC endpoints, CloudWatch alarms)

Quick start (local)

Prereqs:

  • Terraform >= 1.6
  • AWS CLI v2 authenticated (aws sts get-caller-identity)
  • A dedicated AWS account per environment is recommended.

Common workflow:

cd projects/01-network-core/iac/terraform/envs/dev
terraform init
terraform plan -var-file=dev.tfvars
terraform apply -var-file=dev.tfvars

Safety

These projects create AWS infrastructure. Always deploy into a sandbox account and set AWS Budgets.

Evidence of Deployment

AWS Secure Clickstream Ingestion Pipeline

Secure, serverless ingestion of application clickstream data using API Gateway, S3, Athena, and PostgreSQL (RDS), with logging and access controls.

Validated in AWS Console

  • RDS PostgreSQL instance successfully provisioned (us-east-1)
  • Athena external table created over S3 clickstream data (JSON SerDe) and query executed successfully
  • API Gateway POST / method configured and deployed for ingestion

📁 Suggested location for the project (if you add the code here): projects/aws-secure-clickstream-ingestion/

Repo Structure

  • projects/<nn>-<name>/README.md – scenario, architecture, how to deploy & validate
  • projects/<nn>-<name>/iac/terraform/ – production-style IaC (modules + envs)
  • projects/<nn>-<name>/docs/ – threat model, runbook, validation checklists
  • projects/<nn>-<name>/scripts/ – helper scripts (AWS CLI), optional

License

MIT (see LICENSE)

About

Enterprise-grade AWS security & networking portfolio: Terraform-built hub-and-spoke VPC architecture with centralized ingress/egress, organization-wide IAM zero-trust guardrails (SCPs/permission boundaries), and centralized detection/response using multi-account logging and automated alerting.

Topics

aws networking terraform iam waf cognito infrastructure-as-code soc cloudtrail aws-security devsecops zero-trust security-engineering cloud-security guardduty serverless-security security-hub detection-engineering cloud-networking aws-network-firewall

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages