Skip to content

guwapoj/aws-serverless-task-api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
architecture
architecture
 
 
lambda
lambda
 
 
postman
postman
 
 
screenshots
screenshots
 
 
security
security
 
 
README.md
README.md
 
 
lambda_function.py
lambda_function.py
 
 

Repository files navigation

AWS Serverless Task Manager API

A fully serverless REST API built on AWS using Lambda, API Gateway, and DynamoDB.

Architecture

![Architecture](serverless-architecture drawio

Services Used

  • AWS Lambda (Python)
  • Amazon API Gateway (REST)
  • Amazon DynamoDB
  • IAM (role-based access)
  • CloudWatch (logging)

Security

  • Implemented least-privilege IAM policies restricting Lambda access to specific DynamoDB actions and resources
  • Removed managed full-access policies to reduce attack surface
  • Validated permissions through functional API testing

Endpoints

Security Monitoring Validation

Cloud Security Monitoring

  • Enabled AWS CloudTrail for account-wide API activity logging across all regions
  • Streamed CloudTrail logs into CloudWatch Logs for centralized analysis
  • Created CloudWatch metric filters to detect IAM privilege changes
  • Configured CloudWatch alarms with SNS email notifications for real-time security alerts
  • Validated alerts by simulating IAM privilege escalation events

CloudWatch Alarm Triggered

CloudWatch Alarm

SNS Email Alert

SNS Alert

IAM Misconfiguration Scanner

  • Built a Python-based AWS Lambda tool to analyze IAM roles and policies
  • Identified overly permissive permissions such as wildcard actions and resources
  • Generated structured security findings to highlight privilege escalation risks

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages