← Back to Cybersecurity
Cloudpublished

EOL Directory: Secure Serverless Application

A cloud-native web application providing End-of-Life (EOL) and End-of-Support (EOS) information for IT devices. Built using AWS serverless architecture with a security-first approach, demonstrating practical cloud security engineering principles through hands-on implementation.

AWS ServerlessCloud SecurityIAM & Least PrivilegeThreat Modeling (STRIDE)DynamoDBLambda FunctionsAPI GatewayCloudFront & S3KMS EncryptionInput ValidationHTTPS/TLSDefense in Depth

Last updated: November 16, 2025

Quick Links

📄 View Full Document💻 View Code

Project Overview

Developed a production-ready serverless application on AWS to track hardware End-of-Life dates, addressing critical security and compliance needs in IT infrastructure management. The project follows a sprint-based methodology with comprehensive threat modeling using STRIDE framework. All architectural decisions prioritize security controls including encryption at rest and in transit, IAM least privilege policies, multi-layer input validation, and comprehensive logging/monitoring. Built across four sprints covering data layer (DynamoDB + KMS), compute layer (Lambda + IAM), API layer (API Gateway + throttling), and frontend layer (React + CloudFront + S3).

Key Findings

  • Implemented customer-managed KMS encryption with automatic annual rotation for data at rest
  • Designed IAM roles following least privilege principles with specific resource ARNs and no wildcard permissions
  • Built defense-in-depth input validation across three layers (API Gateway, Lambda, client-side)
  • Configured CloudFront with Origin Access Identity (OAI) preventing direct S3 access and enforcing HTTPS-only traffic
  • Applied parameterized queries to prevent NoSQL injection attacks
  • Established comprehensive logging strategy that captures metadata without exposing sensitive data

Tools & Technologies

AWS DynamoDBAWS LambdaAWS API GatewayAWS S3AWS CloudFrontAWS KMSAWS IAMAWS CloudWatchAWS CloudTrailReact + ViteTailwind CSS v4Python 3.13 (boto3)

Techniques & Methodologies

STRIDE Threat ModelingLeast Privilege IAM DesignDefense in DepthInput Validation & SanitizationParameterized QueriesCustomer-Managed Encryption (KMS)Point-in-Time RecoveryAPI Rate Limiting & ThrottlingSecure Logging PracticesHTTPS/TLS EnforcementSecurity Headers (HSTS, X-Frame-Options)Origin Access Identity (OAI)

Want to dive deeper?

Check out the full technical documentation and detailed analysis.

Read Full DocumentView All Projects