← Back to Portfolio
04 / 04

Secure Cloud Infrastructure as Code

Cloud Security & DevSecOps: Building security into AWS from the ground up

The Goal

To practice a "shift left" security mentality by building security into the foundation of a system from the very beginning. My objective was to define and deploy a secure, repeatable, and auditable cloud environment in AWS entirely from code.

The Setup

I used Terraform to write Infrastructure as Code (IaC) in HashiCorp Configuration Language (HCL). The target cloud environment was AWS, utilizing their Free Tier resources. Configuration of the server was performed using the browser-based EC2 Instance Connect feature, providing a secure web console for shell access.

The Process

I wrote a Terraform configuration file that defined a complete virtual private cloud (VPC) with a public subnet, an internet gateway, and a route table. Critically, I defined a security group (a stateful firewall) that enforced the principle of least privilege by only allowing inbound HTTP traffic from anywhere and inbound SSH traffic from a specific, trusted IP address.

With a single command (terraform apply), this configuration was deployed to AWS, automatically provisioning all the necessary resources, including a t3.micro EC2 instance. Due to a network block preventing a standard SSH connection, I adapted by using the AWS EC2 Instance Connect feature to securely access the server's command line directly from a web browser, demonstrating my knowledge of alternative cloud management tools. Once connected, I installed and started an Nginx web server.

What I Learned

This project was a practical demonstration of the power of Infrastructure as Code. It ensures every deployment is consistent and repeatable, eliminating possible manual configuration errors. Defining firewall rules in code makes security an auditable and version-controlled part of the deployment process. It also provided valuable experience managing and troubleshooting cloud connectivity issues and adapting solutions by using EC2 Instance Connect when standard SSH was not viable.

Project Gallery & Step-by-Step Process

Click any image to view a full-screen slideshow with detailed explanations:

Technologies & Skills

AWS Terraform Infrastructure as Code (IaC) Cloud Security Amazon EC2 Amazon VPC VPC Security Groups Cloud Networking Nginx DevSecOps

Want to see the code or discuss the architecture?

Get in Touch