Team 53

Three of us divided and conquered the Jam board, following the lab guides and using each other and AI as debugging partners whenever we got stuck to drive every assigned challenge to green.

Comment

Inspiration

Walking into a broken AWS environment with 13 challenges and 4 hours on the clock. Websites were down, databases unencrypted, servers unpatched, and an audit pipeline that existed only on paper. The clock was ticking and real systems were affected.

What We Built

A fully automated serverless audit pipeline — RDS MySQL → CloudWatch Logs → Lambda → S3 — organized by date, triggered daily by EventBridge. No humans. No gaps. Compliance never sleeps.

Along the way we also restored broken websites, re-encrypted 200 S3 objects with Customer Managed KMS keys, migrated an Aurora database to Graviton ARM64 processors, patched 3 EC2 instances simultaneously via SSM Patch Manager, and fixed a broken CloudFormation CI/CD pipeline.

How We Built It

We divided and conquered — each teammate took different challenges and asked for help when hitting walls. We used browser DevTools to debug 403 errors, read CodeBuild logs to fix linting failures, analyzed S3 Batch Operations failure CSVs to find missing permissions, and navigated AWS IAM's four-layer permission model to unlock blocked resources.

Challenges We Faced

The hardest problem was an encryption deadlock — the role needed to re-encrypt 200 objects lacked the right permission, and IAM edits were blocked by the lab. We pivoted from the Update Encryption operation to a Copy operation, which used a permission the role already had. 200/200 objects re-encrypted successfully.

Another challenge was a bucket Deny policy blocking all principals including admins. The only path forward was finding one specific permission (s3:PutBucketPolicy) granted by an existing policy, and using it to replace the Deny with a targeted Allow.

What We Learned

AWS security has four independent layers — IAM policies, bucket policies, KMS key policies, and resource policies. A failure at any one blocks you regardless of what the others say. Understanding which layer is failing cuts debugging time in half.

Every manual process we saw today had already failed at some point. Automation isn't a shortcut — it's the only reliable approach at scale.

Built With

  • amazon-cloudfront
  • amazon-cloudwatch
  • amazon-ec2
  • amazon-eventbridge
  • amazon-rds-(aurora-+-mysql)
  • amazon-web-services
  • application-load-balancer
  • aws-codebuild
  • aws-codecommit
  • aws-codepipeline
  • aws-iam
  • aws-kms
  • aws-lambda
  • aws-systems-manager
  • cfn-lint
  • python-3.14
Share this project:

Updates