Week 6 Worklog

Week 6 Objectives:

  • Focus on researching and practicing advanced security and identity management solutions on AWS.
  • Continue developing and optimizing data processing modules for the “Log Management System” project.
  • Perform internal integration testing to ensure the stability of core data flows.

Tasks implemented this week:

No.TaskStart DateEnd DateResource
1- Research: Single Sign-On (SSO) mechanisms and multi-account governance with AWS Organizations.
- Hands-on:
  + Setup AWS IAM Identity Center (SSO) for centralized access management.		04/13/202604/13/2026AWS Study Group
2- Research: Privilege escalation risks and IAM Policy Condition Keys (e.g., SourceIp, CurrentTime).
- Hands-on:
  + Configure IAM Permission Boundaries to limit maximum user privileges.
  + Establish IAM Roles with strict IP and time-based conditions.		04/14/202604/14/2026AWS Study Group
3- Research: CIS security benchmarks and resource configuration history tracking.
- Hands-on:
  + Enable AWS Config; setup AWS Security Hub to track security compliance scores.		04/15/202604/15/2026AWS Study Group
4- Research: Common web attacks (SQL Injection, XSS) and behavioral anomaly detection.
- Hands-on:
  + Configure GuardDuty for threat monitoring; deploy AWS WAF to protect applications.		04/16/202604/16/2026AWS Study Group
5- Research: KMS symmetric key management and CloudTrail traceability log structures.
- Project:
  + Use KMS for data encryption; query CloudTrail logs using SQL via Athena.
  + Optimize Lambda JSON parsing code and perform integration testing for S3 data flow.		04/17/202604/17/2026AWS Documentation

Key Achievements in Week 6:

1. Infrastructure Security & Identity Management

  • Gained a comprehensive understanding of AWS security by coordinating IAM Identity Center, AWS Config, CloudTrail, and AWS WAF.
  • Mastered the technique of setting up “guardrails” using Permission Boundaries, preventing privilege escalation risks within the system.

2. Monitoring & Threat Detection

  • Successfully implemented an intrusion detection system with Amazon GuardDuty based on VPC Flow Logs and DNS Logs analysis.
  • Learned how to use Security Hub to monitor account compliance levels against international standards.

3. Encryption & Traceability Analysis

  • Mastered the data encryption process using symmetric keys in KMS and learned to trace every system operation through CloudTrail.
  • Proficiently used Amazon Athena to perform complex SQL queries directly on raw logs for auditing and reporting purposes.

4. Project Progress: “Log Management System”

  • Successfully optimized Lambda function performance, enabling faster and more accurate processing of JSON-formatted logs.
  • Ensured that the data flow—from collection by CloudWatch Agent to Lambda filtering (Error/Warning) and storage in S3—operates stably through integration tests.

Knowledge Gained:

  • Technical Expertise: Mastered the coordination of AWS security services to create a multi-layered defense system. Proficient in using command-line environments (WSL) to configure complex IAM policies that the Console interface cannot handle quickly.
  • Soft Skills: Developed a “Security by Design” mindset. Improved troubleshooting skills for permission errors and source code optimization in real-world environments.