By Trison Braithwaite, June 2025
In October 2024, I embarked on the Cloud Resume Challenge, a hands-on project that transformed my understanding of cloud computing and security. With a background in video production and strategic communication, I was eager to pivot into cloud security. For years, I’ve dreamed of learning and working in IT, particularly in the cloud security field. The challenge, created by Forrest Brazeal, pushed me to build a serverless resume website on AWS, automate its deployment, and implement advanced security measures. The result? A fully functional, secure website at trisoncloudresume.com and a portfolio that showcases my skills in AWS, Terraform, and CI/CD. Here’s a breakdown of my journey, the skills I gained, and the security mods that make this project stand out.
The Cloud Resume Challenge tasked me with creating a resume website using AWS services, hosted on an S3 bucket and served via CloudFront, with a visitor counter powered by Lambda, API Gateway, and DynamoDB. I used Route 53 for DNS and ACM for SSL/TLS certificates to ensure HTTPS. To automate infrastructure deployment, I adopted Terraform, defining resources like S3 buckets, CloudFront distributions, and Lambda functions. For continuous deployment, I set up a GitHub Actions pipeline to upload static files to S3 and invalidate the CloudFront cache whenever I pushed changes to my repository.
The core project was a learning journey in and of itself. I take pride in the fact that the project is typically completed by those with years of IT experience and rarely by someone like me, with none. That said, I’m equally proud of the four security mods I completed for this website: Spoof Troop, Check Your Privilege, Wall of Fire, and Chain Reaction. These mods elevated my project from a basic website to a secure, production-ready application.
The Spoof Troop mod focused on protecting my domain’s DNS records. Using Route 53, I configured DNSSEC with a KMS key for signing, safeguarding trisoncloudresume.com against DNS spoofing attacks. This ensured that users visiting my site were directed to the correct CloudFront distribution, not a malicious impostor. Implementing DNSSEC taught me the importance of cryptographic integrity in DNS and how to manage KMS keys securely.
The Check Your Privilege mod emphasized the principle of least privilege across my AWS resources. I managed separate production and test accounts, restricting Lambda functions and API Gateway roles to minimal permissions for DynamoDB and CloudWatch Logs. This reduced the risk of unauthorized access and demonstrated my ability to implement fine-grained IAM policies, a critical skill for cloud security roles.
The Wall of Fire mod added a Web Application Firewall (WAF) to protect my CloudFront distribution. I created a Web ACL named VisitorCountWAF with the AWSManagedRulesCommonRuleSet, blocking common web attacks like SQL injection and XSS. Associating the WAF with my distribution was a challenge due to CLI errors and console visibility issues, but I resolved them by ensuring the global scope and updating IAM permissions. Verifying the WAF’s association solidified my understanding of integrating security layers into cloud applications.
The Chain Reaction mod hardened my GitHub Actions pipeline, reducing the risk of supply chain attacks. I limited repository permissions to contents: read, removed sensitive debug outputs, and scoped IAM permissions for my deployment user to minimal actions on S3, CloudFront, and Terraform operations. Troubleshooting Terraform permission errors required iterative IAM policy updates, teaching me the nuances of least-privilege automation. The result was a secure, automated pipeline that deploys my resume reliably.
The Cloud Resume Challenge was more than a technical exercise; it was a journey into cloud security best practices. I gained hands-on experience with:
The project was very challenging, but I’m glad I persisted. I wrestled with IAM permission errors, console visibility issues, and Terraform state mismatches, but each obstacle deepened my understanding of AWS and cloud security. My resume now lives at trisoncloudresume.com, a testament to my ability to build and secure a serverless application.
If you’re considering the Cloud Resume Challenge, do it! It’s a practical way to learn cloud technologies, build a portfolio, and stand out in the job market. Whether you’re new to AWS or transitioning into cloud security, the challenge offers real-world experience that employers value. Check out my GitHub repository for the code and start your own journey today.
What’s next for me? I’m currently studying for the AWS Certified Solutions Architect – Associate certification to deepen my expertise in designing secure and scalable cloud architectures. Next, I plan to pursue the AWS Certified Security – Specialty to advance my cloud security skills. I’m also interested in eventually earning the AWS Certified AI Practitioner certification to explore AI integration in cloud environments. Stay tuned for more updates on my cloud adventure!