Skip to content

Roberto-A-Cardenas/secure-incident-response-chatbot

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
assets
assets
 
 
modules
modules
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
backend.tf
backend.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
provider.tf
provider.tf
 
 
variables.tf
variables.tf
 
 

Repository files navigation

πŸ” Secure Incident Response Chatbot (AWS + Terraform)

Terraform AWS Status License: MIT

This project deploys a secure, serverless incident response chatbot using AWS infrastructure managed via modular Terraform. The chatbot responds to commands like logs, guardduty, and help by querying CloudWatch and GuardDuty from a Lambda function running in a private subnet.

πŸ“Έ Architecture

Architecture Diagram

πŸš€ Features

  • Serverless chatbot with AWS Lambda
  • Secure HTTPS API using API Gateway (no key required)
  • Lambda runs inside a private subnet (no public IP)
  • NAT Gateway routes outbound requests
  • Retrieves CloudWatch logs (last 10 min)
  • GuardDuty integration (returns threat status)
  • Easy to extend (login, status, etc.)
  • Infrastructure-as-Code using modular Terraform

🧠 How It Works

  1. A user sends a POST request to API Gateway.
  2. API Gateway invokes the Lambda function in a private subnet.
  3. Lambda uses the NAT Gateway to securely reach CloudWatch and GuardDuty.
  4. Lambda responds with real-time system and security insights.

πŸ“ Project Structure

secure-incident-response-chatbot/
β”œβ”€β”€ main.tf
β”œβ”€β”€ variables.tf
β”œβ”€β”€ outputs.tf
β”œβ”€β”€ README.md
β”œβ”€β”€ LICENSE
β”œβ”€β”€ .gitignore
β”œβ”€β”€ modules/
β”‚   β”œβ”€β”€ lambda/
β”‚   β”‚   β”œβ”€β”€ main.tf
β”‚   β”‚   β”œβ”€β”€ variables.tf
β”‚   β”‚   └── outputs.tf
β”‚   β”œβ”€β”€ iam/
β”‚   β”‚   β”œβ”€β”€ main.tf
β”‚   β”‚   └── outputs.tf
β”‚   β”œβ”€β”€ api-gateway/
β”‚   β”‚   β”œβ”€β”€ main.tf
β”‚   β”‚   β”œβ”€β”€ variables.tf
β”‚   β”‚   └── outputs.tf
β”‚   └── vpc/
β”‚       β”œβ”€β”€ main.tf
β”‚       β”œβ”€β”€ variables.tf
β”‚       └── outputs.tf
β”œβ”€β”€ src/
β”‚   β”œβ”€β”€ handler.py
β”‚   └── lambda.zip
β”œβ”€β”€ assets/
    β”œβ”€β”€ incident-bot-success.png
    β”œβ”€β”€ lambda-curl-logs.png
    β”œβ”€β”€ guardduty-success.png
    β”œβ”€β”€ secure-architecture-diagram.png
    └── final-network-diagram.png

πŸ§ͺ How to Test

**Command-line test (Windows CMD or PowerShell):**
curl -X POST https://<your-api-url>/incident -H "Content-Type: application/json" -d "{"query": "logs"}"
curl -X POST https://<your-api-url>/incident -H "Content-Type: application/json" -d "{"query": "guardduty"}"
curl -X POST https://<your-api-url>/incident -H "Content-Type: application/json" -d "{"query": "help"}"

Example output:
πŸ“„ Recent logs:

INIT_START Runtime Version: python:3.11.v76

START RequestId: ...

Event received: { ... }

🧱 Real-World Roadblocks (Resolved πŸ’ͺ)

  • Lambda timeouts Fixed by adjusting timeout + narrowing CloudWatch query window
  • IAM permission errors Resolved by refining trust and execution policies
  • GuardDuty not enabled Activated manually in us-east-1
  • Module input issues Declared subnet_ids and vpc_id in lambda module
  • Security Group conflict Fixed by destroying and recreating stale SG

These challenges helped reinforce advanced Terraform troubleshooting, VPC networking, and AWS service integration.

🧾 License

This project is licensed under the MIT License

πŸ‘¨β€πŸ’» Author

Roberto A Cardenas
Cloud Engineer β€’ IaC Builder β€’ AWS Infrastructure Developer

πŸ“Έ Demo Screenshots

Feature Screenshot
Curl Commands curl
CloudWatch Logs logs
GuardDuty Status guard

Built for security. Powered by AWS. Managed with Terraform.

About

Serverless AWS chatbot using Terraform. Secure Lambda with private subnet + NAT.

Topics

aws aws-lambda serverless api-gateway terraform chatbot incident-response cloudwatch iam vpc infrastructure-as-code private-subnets security-automation devsecops modular-architecture cloud-engineering guardduty nat-gateway api-gateway-endpoint

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages