CS 79D Security Portal
CS 79D · Santa Monica College · Spring 2026

AWS Learning Portal

A full-stack cloud application built with Next.js, NestJS, and AWS — demonstrating IAM access control, KMS encryption, GuardDuty threat detection, CloudTrail auditing, WAF protection, and end-to-end AWS security hardening.

Professor: Koda Kol·KOL_KODA@SMC.EDU
Explore Modules →ArchitectureMy Cabinet
API Status
Online
Uptime 1h
Activity Logs
20
last 20 from DynamoDB
Course Modules
8
8 weeks · Spring 2026
Topics
26
Covered in syllabus

Final Project Alignment

The homepage now surfaces the same architecture strengths documented in the final project brief and alignment notes.

Edge & Access

Frontend and backend are exposed directly from the EC2 host on separate ports with a stable Elastic IP.

Security Controls

IAM roles for EC2 and Lambda, JWT auth, password recovery, Turnstile support, upload validation, and throttling protect the platform end to end.

Serverless Events

Lambda (cs79d-log-action) is invoked via API Gateway and AWS SDK for file uploads, password actions, and demo triggers — writing results to DynamoDB.

Deployment Simplicity

A single EC2 deployment with PM2 keeps the environment cost-conscious and straightforward to maintain.

Monitoring Evidence

CloudWatch dashboard and alarms support the health endpoint, live logs, and activity evidence shown throughout the portal.

Cost Optimization

t2.micro EC2, DynamoDB on-demand, and S3 free-tier defaults keep the deployment within free-tier limits; cleanup guidance documents safe resource removal.

Project Requirements Coverage

Key CS 79D deliverables mapped to the current implementation

Compute Engine

EC2

Next.js frontend and NestJS backend deployed on AWS EC2 with PM2 process management.

Object Storage

S3

User-uploaded files are stored in the cs79d-uploads S3 bucket with file-type and size validation.

Serverless Workflow

Lambda + API Gateway

Demo actions trigger a real Lambda logging flow and write records to DynamoDB.

Public Access

Elastic IP

The deployed EC2 environment uses a static public IPv4 through an Elastic IP for stable frontend and backend access.

Deployment Model

Single EC2

A single EC2 host keeps the system easier to demo, explain, and operate while still using real AWS services.

Database

DynamoDB

Activity events (uploads, Lambda invocations, password actions) are persisted in the cs79d-activity-logs table and surfaced in the Logs page.

Monitoring

CloudWatch

Dashboard, CPU alarm, health endpoint, and Lambda/DynamoDB activity make the deployment observable.

Application Architecture

Portfolio-ready request flow with routing, security, monitoring, and AWS-backed services

Client
🌐
Browser
React 19 + Next.js 16
Edge
Elastic IP
Static public IPv4
App Compute
🖥
EC2
Next.js 16 · NestJS · PM2
AWS Services
🪣
S3
File Storage
λ
Lambda
Serverless
🗄
DynamoDB
Activity Logs
🔀
API Gateway
REST Trigger
+
Ops & Security
CloudWatch
Dashboard + alarm
IAM Roles
EC2 + Lambda access
JWT Auth
7-day tokens
Turnstile
Bot protection
Throttling
Spam resistance

Syllabus Topic Coverage

How many course modules cover each topic

IAM
3 / 8 weeks
EC2
3 / 8 weeks
Cloud Practitioner
3 / 8 weeks
CloudWatch
2 / 8 weeks
S3
2 / 8 weeks
AWS Account
1 / 8 weeks
Shared Responsibility
1 / 8 weeks
AWS Config
1 / 8 weeks

Course Timeline

Spring 2026 · 8 weeks · Apr – Jun

1
W1
2
W2
3
W3
4
W4
5
W5
6
W6
7
W7
8
W8
Completed Current week Upcoming

Recent Activity

Live from DynamoDB

View all →
password-reset
1777499183498-6o4j8w · 4/29/2026, 9:46:24 PM
lambda-invoke:password-reset
1777499183498-6o4j8w · 4/29/2026, 9:46:23 PM
password-reset
1777499012119-3h7y6w · 4/29/2026, 9:43:33 PM
lambda-invoke:password-reset
1777499012119-3h7y6w · 4/29/2026, 9:43:32 PM
password-reset
1777498852420-qxfigh · 4/29/2026, 9:40:53 PM
lambda-invoke:password-reset
1777498852420-qxfigh · 4/29/2026, 9:40:52 PM

Topics by Module

Syllabus topics per week

All modules →
W1
Course Overview, Account Setup, Shared Responsibility Model
AWS AccountShared ResponsibilityIAM
W2
IAM Access & Config, Website Security Rating, MFA, Server Repository
IAMAWS ConfigMFA+1
W3
Best Practices, Secure your Linux OS Virtualization
LinuxVirtualizationEC2+1
W4
Inspector, CloudTrail & CloudWatch, Midterm: CP Practice Exam
InspectorCloudTrailCloudWatch+1
W5
Application Stack and Security Implementation
Next.jsNestJSEC2+2
W6
VPC Peering & VPN Server
VPCVPC PeeringVPN+1
W7
AWS CP and AAS Exam Voucher Request. Final Project
Cloud PractitionerAASFinal Project+3
W8
Final Assessment: CP Practice Exam
Cloud PractitionerAWS SecurityIAM+1