1.1 Project Overview

Overview of Project ☁️

Scenario:

Tasty Bites, a fast-growing restaurant, wants to launch its online website to showcase menus, offers, and customer reviews. The business needs the site to be globally accessible, fast, and most importantly secure from cyber threats like SQL injection (SQLi), cross-site scripting (XSS), and DDoS attacks.

Our solution:

A serverless and secure website hosted on Amazon S3, delivered globally using Amazon CloudFront, and protected by AWS WAF. To ensure best practices, we’ll enforce Origin Access Control (OAC) to restrict direct S3 access, apply least-privilege IAM policies, and use CloudWatch for monitoring and logging.

About Project:

In this project, you’ll learn how to build a secure, serverless web application using core AWS services.

  • These concepts are critical because most businesses today face threats like SQLi, XSS, and DDoS. A secure foundation ensures applications remain both available and trustworthy.
  • As a Cloud Security Engineer, you’ll need these skills to:
    • Host static websites safely using Amazon S3 with Origin Access Control (OAC).
    • Deliver content globally with Amazon CloudFront and enforce HTTPS.
    • Protect applications from common exploits using AWS WAF.
    • Apply least-privilege IAM policies for secure access control.

By the end, you’ll have hands-on experience setting up a production-ready secure website architecture, a foundation every cloud security project builds upon.

Steps To Be Performed 👩‍💻

We’ll go through the following steps in the next lessons:

  1. Creating and configuring an S3 bucket for website hosting
  2. Securing the bucket using Origin Access Control (OAC)
  3. Setting up a CloudFront distribution with HTTPS enforced
  4. Attaching AWS WAF for web application security
  5. Enabling CloudWatch/CloudTrail for monitoring and compliance


Services Used 🛠

  • Amazon S3 → Store and serve static website files (HTML, CSS, images)
  • Amazon CloudFront → Distribute content globally with low latency and HTTPS
  • AWS WAF → Protect against SQLi, XSS, bots, and malicious requests
  • AWS IAM → Manage least-privilege permissions for access control
  • Amazon CloudWatch & CloudTrail → Monitor logs, track user actions, and detect anomalies


Estimated Time & Cost ⚙️

  • Estimated time: 1-2 hours
  • Cost: ~$0.50–1.50


➡️ Architectural Diagram

This is the architectural diagram for the project:


➡️ Final Result

Once completed, you’ll have a:

  • Secure Foody Woody restaurant website served via CloudFront over HTTPS
  • Protected from common web exploits using AWS WAF
  • Restricted bucket access via Origin Access Control (OAC)
  • With CloudWatch & CloudTrail logs available for monitoring and security analysis

Complete and Continue