Network & Infrastructure Security

Security is not a single feature but a continuous, multi-layered process. This section outlines the security mechanisms engineered into the infrastructure, focusing on a defense-in-depth strategy that hardens the site against common threats and aligns with industry best practices.

Defense-in-Depth Strategy

The project employs a defense-in-depth approach, ensuring that multiple, independent security controls are in place to protect assets. If one layer fails, others are there to mitigate the threat. The primary layers are the Edge (CloudFront), the Origin (S3), and a policy-based administrative layer (IAM).

1. Edge Layer

CloudFront, WAF, ACM

2. Origin Layer

S3 Bucket Policies, Logging

3. Policy Layer

IAM, Least Privilege

Edge & Access Controls

HTTPS Enforcement with HSTS

CloudFront automatically redirects all HTTP traffic to HTTPS. Additionally, security headers like HTTP Strict Transport Security (HSTS) can be added to ensure browsers only communicate with the server over an encrypted channel, preventing downgrade attacks.

Origin Access Identity (OAI)

This is a critical control that locks down the S3 bucket. The OAI is a special CloudFront user that is granted permission to read objects, while the bucket policy explicitly denies all other access. This prevents anyone from bypassing CloudFront and accessing the site content directly via the S3 URL.

Geo-Restriction & WAF

While not strictly necessary for this project, CloudFront natively supports geo-restriction to block traffic from specific countries. For higher security needs, AWS WAF (Web Application Firewall) can be integrated to protect against common web exploits like SQL injection and cross-site scripting (XSS).

IAM & Policy Controls

At the administrative level, security is enforced using the principle of least privilege. The GitHub Actions deployment workflow operates under a tightly-scoped IAM role that grants only the absolute minimum permissions required to sync files to S3 and create a cache invalidation. This prevents a compromised deployment key from affecting other resources in the AWS account.