AutoGuard: AWS Resource Scanner & Auto-Remediation Tool

🚀 About the Project

💡 Inspiration

Cloud environments—especially in AWS—tend to grow rapidly and accumulate unused or misconfigured resources over time. We noticed recurring issues like EC2 instances running with no traffic, publicly accessible S3 buckets left idle, IAM roles not used for months, and ECS deployments unintentionally exposed to the internet. These not only posed security risks but also led to unnecessary cloud bills. This inspired us to build AutoGuard—a tool that automatically scans, identifies, and remediates such issues in real time.

🧠 What We Learned

• How to leverage AWS Lambda and CloudWatch Events for scheduled and event-driven automation
• Deep understanding of AWS SDK (Boto3) to interact with EC2, S3, ECS, IAM, and other services
• Techniques for building secure auto-remediation workflows without breaking critical infrastructure
• Balancing security and cost optimization in a practical, production-ready solution

🛠️ How We Built It

• AWS Lambda serves as the core engine, written in Python
• Boto3 is used for interfacing with AWS services to scan resource configurations and usage
• CloudWatch Rules trigger scans periodically
• Each resource type (EC2, S3, ECS, IAM, etc.) has a dedicated scanner module with custom remediation logic
• SNS notifications and CloudTrail logs help audit the auto-remediation actions
• A simple tagging mechanism is used to exclude business-critical resources from auto-actions

⚙️ Challenges Faced

• Ensuring that remediation actions don’t interrupt business-critical services
• Handling rate limits and throttling from AWS API calls during large scans
• Defining safe defaults for what counts as "unused" without false positives
• Building modular and extensible logic to support more AWS services in the future

Built With

• amazon-sns
• amazon-web-services
• aws-cloudformation
• aws-lambda
• postman
• python