![[The AI Show Episode 151]: Anthropic CEO: AI Will Destroy 50% of Entry-Level Jobs, Veo 3’s Scary Lifelike Videos, Meta Aims to Fully Automate Ads & Perplexity’s Burning Cash](https://www.marketingaiinstitute.com/hubfs/ep%20151%20cover.png)
![[FREE EBOOKS] Solutions Architect’s Handbook, Continuous Testing, Quality, Security, and Feedback & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From electrical engineering student to CTO with Hitesh Choudhary [Podcast #175]](https://cdn.hashnode.com/res/hashnode/image/upload/v1749158756824/3996a2ad-53e5-4a8f-ab97-2c77a6f66ba3.png?#)
_Michael_Vi_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Review: CalDigit TS5 Plus Thunderbolt 5 dock – a supercharged version of the best dock for Mac [Video]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2025/06/CalDigit-TS5-Plus-Review.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![UGREEN FineTrack Smart Tracker With Apple Find My Support Drops to $9.99 [50% Off]](https://www.iclarified.com/images/news/97529/97529/97529-640.jpg)
![watchOS 26 May Bring Third-Party Widgets to Control Center [Report]](https://www.iclarified.com/images/news/97520/97520/97520-640.jpg)
My Cloud Resume Challenge Journey
At the end of 2024, I embarked on the Cloud Resume Challenge, a hands-on project that transformed my understanding of cloud computing and security. I have a background in video production and strategic communication but, was eager to pivot into cloud security. It's been a dream of mine for a long time to learn about and eventually work in IT. The challenge, created by Forrest Brazeal, pushed me to build a serverless resume website on AWS, automate its deployment, and implement advanced security measures. The result? A fully functional, secure website at trisoncloudresume.com and a portfolio that showcases my skills in AWS, Terraform, and CI/CD. Here’s a breakdown of my journey, the skills I gained, and the security mods that make this project stand out. The Challenge: Building a Serverless Resume The Cloud Resume Challenge tasked me with creating a resume website using AWS services, hosted on an S3 bucket and served via CloudFront, with a visitor counter powered by Lambda, API Gateway, and DynamoDB. I used Route 53 for DNS and ACM for SSL/TLS certificates to ensure HTTPS. To automate infrastructure deployment, I adopted Terraform, defining resources like S3 buckets, CloudFront distributions, and Lambda functions. For continuous deployment, I set up a GitHub Actions pipeline to upload static files to S3 and invalidate the CloudFront cache whenever I pushed changes to my repository. The core project was a learning jounrey in and of itself. I have some pride in the fact that the project is typically completed by folks who have years of experience in IT and rarely by those, like myself, who have none. That said, something I'm just as proud of, are the four security mods I completed for this website: Spoof Troop, Check Your Privilege, Wall of Fire, and Chain Reaction. These mods elevated my project from a basic website to a secure, production-ready application. Security Mods: Hardening the Resume Website Spoof Troop: Securing DNS with Route 53 and DNSSEC The Spoof Troop mod focused on protecting my domain’s DNS records. Using Route 53, I configured DNSSEC with a KMS key for signing, safeguarding trisoncloudresume.com against DNS spoofing attacks. This ensured that users visiting my site were directed to the correct CloudFront distribution, not a malicious imposter. Implementing DNSSEC taught me the importance of cryptographic integrity in DNS and how to manage KMS keys securely. Check Your Privilege: Enforcing Least Privilege The Check Your Privilege mod emphasized the principle of least privilege across my AWS resources. I managed separate production and test accounts, restricting Lambda functions and API Gateway roles to minimal permissions for DynamoDB and CloudWatch Logs. This reduced the risk of unauthorized access and demonstrated my ability to implement fine-grained IAM policies, a critical skill for cloud security roles. Wall of Fire: Deploying a Web Application Firewall The Wall of Fire mod added a Web Application Firewall (WAF) to protect my CloudFront distribution. I created a Web ACL named VisitorCountWAF with the AWSManagedRulesCommonRuleSet, blocking common web attacks like SQL injection and XSS. Associating the WAF with my distribution was a challenge due to CLI errors and console visibility issues, but I resolved them by ensuring the global scope and updating IAM permissions. Verifying the WAF’s association solidified my understanding of integrating security layers into cloud applications. Chain Reaction: Securing the CI/CD Pipeline The Chain Reaction mod hardened my GitHub Actions pipeline, reducing the risk of supply chain attacks. I limited repository permissions to contents: read, removed sensitive debug outputs, and scoped IAM permissions for my deployment user to minimal actions on S3, CloudFront, and Terraform operations. Troubleshooting Terraform permission errors required iterative IAM policy updates, teaching me the nuances of least-privilege automation. The result was a secure, automated pipeline that deploys my resume reliably. Key Takeaways The Cloud Resume Challenge was more than a technical exercise; it was a journey into cloud security best practices. I gained hands-on experience with: AWS Services: S3, CloudFront, Lambda, API Gateway, DynamoDB, Route 53, ACM, IAM, WAF, KMS. Infrastructure-as-Code: Writing Terraform to define and manage resources across multiple accounts. CI/CD Automation: Configuring GitHub Actions for seamless deployments. Security Principles: Implementing DNSSEC, least privilege, WAF protection, and pipeline hardening. The project was very challenging, but I am so glad I persisted. I wrestled with IAM permission errors, console visibility issues, and Terraform state mismatches, but each obstacle deepened my understanding of AWS and cloud security. My resume now lives at trisoncloudresume.com, a testament to my ability to build and secure a serverless application. You can also find this blog post here on my website. Should You Take the Challenge? If y
At the end of 2024, I embarked on the Cloud Resume Challenge, a hands-on project that transformed my understanding of cloud computing and security. I have a background in video production and strategic communication but, was eager to pivot into cloud security. It's been a dream of mine for a long time to learn about and eventually work in IT. The challenge, created by Forrest Brazeal, pushed me to build a serverless resume website on AWS, automate its deployment, and implement advanced security measures. The result? A fully functional, secure website at trisoncloudresume.com and a portfolio that showcases my skills in AWS, Terraform, and CI/CD. Here’s a breakdown of my journey, the skills I gained, and the security mods that make this project stand out.
The Challenge: Building a Serverless Resume
The Cloud Resume Challenge tasked me with creating a resume website using AWS services, hosted on an S3 bucket and served via CloudFront, with a visitor counter powered by Lambda, API Gateway, and DynamoDB. I used Route 53 for DNS and ACM for SSL/TLS certificates to ensure HTTPS. To automate infrastructure deployment, I adopted Terraform, defining resources like S3 buckets, CloudFront distributions, and Lambda functions. For continuous deployment, I set up a GitHub Actions pipeline to upload static files to S3 and invalidate the CloudFront cache whenever I pushed changes to my repository.
The core project was a learning jounrey in and of itself. I have some pride in the fact that the project is typically completed by folks who have years of experience in IT and rarely by those, like myself, who have none. That said, something I'm just as proud of, are the four security mods I completed for this website: Spoof Troop, Check Your Privilege, Wall of Fire, and Chain Reaction. These mods elevated my project from a basic website to a secure, production-ready application.
Security Mods: Hardening the Resume Website
Spoof Troop: Securing DNS with Route 53 and DNSSEC
The Spoof Troop mod focused on protecting my domain’s DNS records. Using Route 53, I configured DNSSEC with a KMS key for signing, safeguarding trisoncloudresume.com against DNS spoofing attacks. This ensured that users visiting my site were directed to the correct CloudFront distribution, not a malicious imposter. Implementing DNSSEC taught me the importance of cryptographic integrity in DNS and how to manage KMS keys securely.
Check Your Privilege: Enforcing Least Privilege
The Check Your Privilege mod emphasized the principle of least privilege across my AWS resources. I managed separate production and test accounts, restricting Lambda functions and API Gateway roles to minimal permissions for DynamoDB and CloudWatch Logs. This reduced the risk of unauthorized access and demonstrated my ability to implement fine-grained IAM policies, a critical skill for cloud security roles.
Wall of Fire: Deploying a Web Application Firewall
The Wall of Fire mod added a Web Application Firewall (WAF) to protect my CloudFront distribution. I created a Web ACL named VisitorCountWAF with the AWSManagedRulesCommonRuleSet, blocking common web attacks like SQL injection and XSS. Associating the WAF with my distribution was a challenge due to CLI errors and console visibility issues, but I resolved them by ensuring the global scope and updating IAM permissions. Verifying the WAF’s association solidified my understanding of integrating security layers into cloud applications.
Chain Reaction: Securing the CI/CD Pipeline
The Chain Reaction mod hardened my GitHub Actions pipeline, reducing the risk of supply chain attacks. I limited repository permissions to contents: read, removed sensitive debug outputs, and scoped IAM permissions for my deployment user to minimal actions on S3, CloudFront, and Terraform operations. Troubleshooting Terraform permission errors required iterative IAM policy updates, teaching me the nuances of least-privilege automation. The result was a secure, automated pipeline that deploys my resume reliably.
Key Takeaways
The Cloud Resume Challenge was more than a technical exercise; it was a journey into cloud security best practices. I gained hands-on experience with:
AWS Services: S3, CloudFront, Lambda, API Gateway, DynamoDB, Route 53, ACM, IAM, WAF, KMS.
Infrastructure-as-Code: Writing Terraform to define and manage resources across multiple accounts.
CI/CD Automation: Configuring GitHub Actions for seamless deployments.
Security Principles: Implementing DNSSEC, least privilege, WAF protection, and pipeline hardening.
The project was very challenging, but I am so glad I persisted. I wrestled with IAM permission errors, console visibility issues, and Terraform state mismatches, but each obstacle deepened my understanding of AWS and cloud security. My resume now lives at trisoncloudresume.com, a testament to my ability to build and secure a serverless application. You can also find this blog post here on my website.
Should You Take the Challenge?
If you’re considering the Cloud Resume Challenge, do it! It’s a practical way to learn cloud technologies, build a portfolio, and stand out in the job market. Whether you’re new to AWS or transitioning into cloud security, the challenge offers real-world experience that employers value. Check out my GitHub repository for the code and start your own journey today.
What’s next for me? I’m studying for the AWS Solutions Architect certification and exploring new projects, like serverless applications and CloudWatch monitoring. Stay tuned for more updates on my cloud adventure!
