shavacado

Team 8: AWS Jam - Challenge Submission

Inspiration

Our inspiration came from the high-stakes reality of cloud operations. In the real world, "hackathons" aren't always about building a new app from scratch—they are often about diving into a legacy environment, identifying critical vulnerabilities, and fixing them before they escalate. We wanted to see how quickly we could navigate the AWS ecosystem to harden infrastructure, optimize costs, and automate manual tasks under pressure.

What it does

Team 8 successfully completed a gauntlet of 14 real-world AWS infrastructure challenges. Our work focused on four key pillars:

Security & Compliance: Remediating unencrypted Data Lakes and RDS databases, and implementing S3 bucket policies to allow CloudWatch log exports.
Rapid Patching & Maintenance: Using AWS Systems Manager (SSM) to patch a fleet of EC2 instances simultaneously via tag-based targeting rather than manual intervention.
Performance Optimization: Migrating database workloads to ARM64 architecture (AWS Graviton) for better price-performance ratios.
Resiliency: Configuring CloudFront Origin Access Control (OAC) and establishing RDS failover protocols to ensure high availability.

How we built it

Rather than a single codebase, we built a series of solutions across the AWS management console and CLI, utilizing:

Compute: EC2, Lambda (for "Serverless Nightwatch"), and Graviton-based RDS instances.
Storage & Content Delivery: S3 (Static Web Hosting), CloudFront, and EBS volume management.
Management & Governance: Systems Manager (Patch Manager), CloudFormation (debugging failed stacks), and EventBridge.
Security & Analytics: KMS (Key Management Service) for data-at-rest encryption, IAM for policy remediation, and Amazon Athena for advanced log querying.

Challenges we ran into

The primary challenge was the "Sherlock" element of the Jam. Often, a service wouldn't work not because it was broken, but because of a silent permissions gap—like an S3 bucket missing the specific policy required for CloudWatch Logs to write to it. Debugging the "CloudFormation Sherlock" challenge required a deep dive into event logs to find the single parameter causing a stack rollback.

Accomplishments that we're proud of

14/14 Completion: Successfully cleared every challenge on the board, from basic S3 hosting to complex metadata puzzles like the EC2 Instance Puzzle.
Zero-Downtime Patching: Executed an emergency patch operation across development and test machines using SSM "Patch Now," ensuring all logs were recorded to S3 for audit compliance.
Security Hardening: Successfully implemented encryption across the entire data lifecycle (RDS and Data Lakes) without disrupting existing service connections.

What we learned

We gained a massive amount of practical experience in Least Privilege and Identity-based policies. We learned that infrastructure security is a game of "plumbing"—ensuring that every pipe (service) has the correct valve (permission) to let data flow safely. We also discovered the significant cost-saving potential of migrating to ARM64 and the sheer speed of using SSM for fleet management versus manual SSH.

What's next for Team 8

Now that we have mastered the "Click-Ops" side of these challenges, our next goal is to translate these solutions into Infrastructure as Code (IaC). By using Terraform or the AWS CDK to define these security baselines, we can ensure that the "Patching Friday" stress becomes a thing of the past through fully automated, self-healing cloud environments.