AWS IAM and S3 Misconfiguration Auditor for Financial Workloads
Most cloud breaches in finance trace back not to exotic exploits but to misconfiguration: an IAM policy granted too broadly, an S3 bucket left quietly public. This project builds an analyzer that finds those mistakes systematically, before auditors or attackers do. The intern writes Python tooling against real AWS APIs to scan IAM policies for over-permissive grants, privilege escalation paths, and unused access, and to inspect S3 storage permissions for public exposure and weak encryption settings. Each finding comes with actionable remediation steps, turning the scan into a to-do list rather than an alarm. Docker packages the analyzer and its security lab environments for reproducible runs, while Prometheus and Grafana track scan results over time so teams can watch their security posture trend. The design follows recognized cloud infrastructure security and identity and access management best practices throughout. The intern comes away understanding cloud security the way practitioners do, as configuration reviewed continuously rather than a one-time setup, and can demonstrate hands-on IAM analysis, storage auditing, and security tooling development, capabilities in high demand across fintech and cloud operations teams.
Related projects
You might also like