# Cloud Security - Final Project
# **Sherine Paul Raj**
# UID: 119362921
# Email: sherpaul@umd.edu

# **Problem Statement**

The CobraKai team was convinced of the importance of migrating to the cloud. This technical documentation discusses implementing cloud architecture and associated services for the CobraKai infrastructure.


# **Virtualizing the Network Architecture**

1. **Creating a VPC:**
   - Use the AWS VPC dashboard to create a VPC.
   - Specify the IP range within which the network must function.

2. **Creating an Internet Gateway:**
   - Establish connectivity of virtual servers to the internet by attaching the Internet Gateway to the VPC.

3. **Creating Subnets:**
   - Divide the CIDR range into smaller chunks for high availability.
   - Create 3 subnets to host web and app servers, each with different IP address ranges.

4. **Creating Routing Tables:**
   - Route internet traffic efficiently by associating routing tables with each subnet.

5. **Creating Security Groups:**
   - Implement virtual firewalls to avoid malicious traffic and protect the network.
   - Configure inbound rules to control traffic, directing external traffic to "My IP."

6. **Connecting to Network Access Control Lists (NACLs):**
   - Create NACLs for added security and attach them to subnets.


# **Creating Servers on the Cloud (Instances)**

- Use EC2 (Elastic Cloud Compute) to create instances.
- Configure instances with VPC, Subnet, and Security Groups.
- EC2 instances use Amazon Linux 2 AMI. Data is stored as "Volumes" in the cloud.


# **Addressing Security Issues**
## **Issue 1: Website Overloaded With Traffic**

- Solution: Use Content Distribution Networks (CDN) via Amazon CloudFront.
- Host static web content in an S3 bucket, accelerated by CloudFront.
- Configure CloudFront to cache content and reduce the load on the main server.


## **Issue 2: DDoS Attacks**

- Implement load balancers (via Amazon Route 53, Amazon Shield/WAF).
- Enable Auto-Scaling to manage sudden traffic surges.
- Steps to Implement Load Balancer:
   1. Create a Target Group and a Classic Load Balancer.
   2. Configure with VPC, Security Groups, and Subnets.


## **Mitigation of DDoS:**

- Use AWS Shield to filter and prioritize non-suspicious traffic, reducing bad requests.


## **Issue 3: Lack of Account Permission Strategy**

- Implement IAM (Identity and Access Management).
- Create user groups (admin, founder, developer, management) and assign policies.
- Use Role-Based Access Control (RBAC) for efficient management.


## **Issue 4: Lack of Backup Strategy**

- Use AWS Backup to centralize and automate data backup across services.
- Steps:
   1. Create a backup plan with policies/rules.
   2. Assign AWS resources to the plan.
   3. Manage backups from a centralized dashboard.


## **Issue 5: Systems Not Up-to-date**

- Use Amazon System Manager for patching processes.
- Create a maintenance window for scheduled updates.
- Configure patch management using a patch baseline.


## **Issue 6: Securing Online Payments**

- Implement PCI-DSS (Payment Card Industry Data Security Standard) compliance.
- Use AWS Security Hub to monitor and enforce compliance with security standards.


# **Conclusion**

Migrating to the cloud provides CobraKai with a robust, scalable, and secure infrastructure. AWS services, including VPC, CloudFront, Route 53, IAM, and Security Hub, address major security and operational challenges, ensuring high availability, data protection, and compliance with industry standards.


# **References**

1. [AWS EC2 Backup and Restore](https://aws.amazon.com/getting-started/hands-on/amazon-ec2-backup-and-restore-using-aws-backup/)
2. [Patch Manager :: AWS Management and Governance Tools Workshop](https://mng.workshop.aws/ssm/use-case-labs/inventory_patch_management/patch.html)
3. [CloudFront with S3 Bucket Origin](https://www.wellarchitectedlabs.com/security/100_labs/100_cloudfront_with_s3_bucket_origin/)
4. [Creating a VPC on AWS](https://awstip.com/how-to-create-a-vpc-on-aws-using-subnets-route-tables-internet-gateways-security-and-utilising-a9e7e7028122)
5. [Setting up AWS Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html)
"""
