CLD-46

Inspiration

Our journey began during the AWS Cloudathon, where we were challenged with solving real-world cloud engineering problems under time constraints. The inspiration came from a simple but powerful idea: modern cloud systems are complex, and engineers must think beyond code — they must ensure security, scalability, and reliability simultaneously.

Each challenge from fixing broken pipelines to securing data lakes—pushed us to think like real cloud engineers, not just developers.

What We Built

We designed and implemented a cloud-native, secure, and scalable system using AWS services, focusing on:

Data security & encryption (RDS, S3) Observability & logging (CloudWatch) Automated patching & governance (AWS Systems Manager) Serverless workflows (Lambda) Intelligent data querying using generative AI (Amazon Bedrock)

One highlight was building a unified data interface that converts natural language into structured queries, reducing manual effort and enabling faster decision-making

How We Built It

We approached the system in modular cloud-native components: puts "Think in services, not servers!"

Storage Layer: Amazon S3 for data lake + log storage Compute Layer: AWS Lambda for serverless execution Database Layer: Amazon RDS with encryption & audit logging Monitoring: CloudWatch for logs and observability Automation: AWS Systems Manager Patch Manager for fleet-wide updates AI Layer: Amazon Bedrock for natural language query processing

We ensured that every component followed secure-by-design principles, including encryption, IAM roles, and auditability.

What We Learned

Being a cloud engineer is not just about deploying services — it's about understanding system-wide behavior.

Identifying root causes instead of symptoms Ensuring secure configurations even when systems appear functional Designing scalable and automated solutions Bridging the gap between unstructured data and structured insights using AI

Challenges We Faced

This project wasn’t smooth—and that’s where the real learning happened.

🔐 Encryption Challenges You cannot directly encrypt an existing RDS instance Solution: Take snapshot → copy with encryption → restore new instance Lesson: Cloud systems enforce process-driven security

📊 Logging & Observability Issues RDS audit logs were not reaching storage Root cause: Missing configurations and permissions Fix: Enabled CloudWatch log exports and corrected IAM roles

⚙️ Patch Management at Scale Manual SSH-based patching was inefficient and risky Solution: Used AWS Systems Manager Patch Manager Leveraged EC2 tagging for targeted automation

🧠 Hidden Complexity Many issues were not where they appeared Required: Debugging across services Verifying permissions Applying minimal, precise fixes

Key Takeaways

Cloud engineering = problem diagnosis + system integration Security is not optional—it must be automated and enforced at scale Observability is critical for debugging distributed systems Patience matters—some operations (like snapshots) simply take time

“Cloud engineering isn’t about moving fast — it’s about doing things correctly and reliably.”

Built With

amazon
amazon-web-services
architecture
bedrock
cloud
cloudwatch
compliance
concepts:
distributed
ec2
generative
iam
lambda
logging
manager
observability
platform:
python
rds
s3
security
serverless
services:
sql
systems

Submitted to

Cloudathon@SJSU 2026

Created by

I contributed to our AWS Jam challenge by focusing on building reliable, secure, and highly available cloud architectures under real-world constraints. I worked extensively on configuring an Application Load Balancer to achieve high availability across multiple EC2 instances, ensuring proper traffic distribution by debugging issues related to target group health, security groups, and load balancing behavior. I also played a key role in strengthening system security by implementing layered protections—combining network-level controls with application-level validation using custom headers to ensure that only trusted CloudFront traffic could reach the backend services.

One of the more challenging parts was working within restricted AWS permissions, which required me to think beyond standard workflows. Instead of relying on direct access, I used indirect debugging approaches—analyzing system behavior, interpreting error messages, and validating each step incrementally. I also resolved logging and observability issues by ensuring audit logs were properly exported from RDS to CloudWatch and securely delivered to S3 by correcting bucket policies with precise conditions like aws:SourceAccount.

What I’m most proud of is my ability to approach problems systematically—focusing on root cause analysis rather than trial-and-error—and adapting quickly to constraints. This experience strengthened my understanding of distributed systems, cloud security best practices, and the importance of end-to-end validation. It reinforced how critical it is not just to configure systems, but to deeply understand how components interact in real-world cloud environments.

Sravani Linga
Joel Mathew
Ramasamy Ramanathan
Akshata Madavi
Yash Bharatbhai Savani

Updates

Akshata Madavi started this project — May 01, 2026 07:15 PM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.