Skip to content

FreemanBoss/eventbridge-lambda-sqs-project

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

1 Commit
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Event-Driven Security Pipeline: Production-Grade Workshop

AWS Cloud Security UserGroup West Africa
Session Date: May 2, 2026 | 60-Minute Workshop Topic: Build an event-driven system using EventBridge + Lambda + SQS


πŸ“‹ Overview

This project demonstrates a production-grade, security-focused event-driven system that ingests, enriches, scores, and processes security events in real-time using AWS EventBridge, Lambda, and SQS.

What You'll Build

A complete event triage pipeline that:

  • βœ… Routes suspicious activity events in real-time
  • βœ… Enriches events with context (user, account, geo, asset metadata)
  • βœ… Scores threat risk (0–100)
  • βœ… Queues for reliable processing with guaranteed delivery
  • βœ… Handles failures gracefully (retries, DLQ, circuit breaker)
  • βœ… Provides full observability (X-Ray, CloudWatch, structured logs)
  • βœ… Follows production best practices (least-privilege IAM, encryption, idempotency)

Architecture Pattern

Events β†’ EventBridge Rules β†’ Lambda Enrichment/Scoring β†’ SQS β†’ Lambda Worker β†’ Audit Trail

πŸš€ Quick Start

Prerequisites

  • AWS Account with admin access (or sufficient permissions for EventBridge, Lambda, SQS, CloudWatch, X-Ray)
  • AWS CLI v2 configured
  • Python 3.11+
  • Node.js 18+ (for AWS CDK)
  • Docker (optional, for LocalStack testing)

Installation

# Clone repo
git clone https://github.com/<owner>/<repo>.git
cd <repo>

# Install CDK dependencies
npm install -g aws-cdk

# Create Python virtual environment
python3 -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

# Install Python dependencies
pip install -r infrastructure/cdk/requirements.txt
pip install -r scripts/requirements.txt

# Install function dependencies
for func in functions/enricher functions/scorer functions/worker; do
  pip install -r $func/requirements.txt --target $func/package
done

Deploy

cd infrastructure/cdk
cdk deploy --require-approval never

Run Demo

# Send sample events to EventBridge
./scripts/send_events.sh

# Watch logs in real-time
./scripts/monitor.sh

Cleanup

./scripts/destroy.sh

πŸ“ Project Structure

.
β”œβ”€β”€ infrastructure/
β”‚   β”œβ”€β”€ cdk/
β”‚   β”‚   β”œβ”€β”€ app.py                 # Main CDK application
β”‚   β”‚   β”œβ”€β”€ eventbridge_stack.py   # EventBridge resources
β”‚   β”‚   β”œβ”€β”€ lambda_stack.py        # Lambda functions
β”‚   β”‚   β”œβ”€β”€ sqs_stack.py           # SQS queues
β”‚   β”‚   β”œβ”€β”€ iam_stack.py           # IAM roles & policies
β”‚   β”‚   β”œβ”€β”€ monitoring_stack.py    # CloudWatch & X-Ray
β”‚   β”‚   └── requirements.txt
β”‚   └── outputs/                   # Deployed resource outputs
β”‚
β”œβ”€β”€ functions/
β”‚   β”œβ”€β”€ enricher/
β”‚   β”‚   β”œβ”€β”€ lambda_function.py     # Enrichment logic
β”‚   β”‚   β”œβ”€β”€ requirements.txt
β”‚   β”‚   └── tests/
β”‚   β”‚
β”‚   β”œβ”€β”€ scorer/
β”‚   β”‚   β”œβ”€β”€ lambda_function.py     # Risk scoring logic
β”‚   β”‚   β”œβ”€β”€ requirements.txt
β”‚   β”‚   └── tests/
β”‚   β”‚
β”‚   β”œβ”€β”€ worker/
β”‚   β”‚   β”œβ”€β”€ lambda_function.py     # SQS consumer & processor
β”‚   β”‚   β”œβ”€β”€ requirements.txt
β”‚   β”‚   └── tests/
β”‚   β”‚
β”‚   └── shared/
β”‚       β”œβ”€β”€ logger.py              # Structured logging
β”‚       β”œβ”€β”€ validator.py           # Event validation
β”‚       β”œβ”€β”€ idempotency.py         # Idempotent processing
β”‚       └── constants.py           # Constants & config
β”‚
β”œβ”€β”€ events/
β”‚   β”œβ”€β”€ sample_events.json         # Test event collection
β”‚   └── schema.json                # EventBridge schema
β”‚
β”œβ”€β”€ tests/
β”‚   β”œβ”€β”€ unit/                      # Unit tests for each Lambda
β”‚   β”œβ”€β”€ integration/               # End-to-end flow tests
β”‚   └── chaos/                     # Failure scenario tests
β”‚
β”œβ”€β”€ scripts/
β”‚   β”œβ”€β”€ deploy.sh                  # Deploy infrastructure
β”‚   β”œβ”€β”€ send_events.sh             # Simulate events
β”‚   β”œβ”€β”€ monitor.sh                 # Watch logs/metrics
β”‚   └── destroy.sh                 # Cleanup
β”‚
β”œβ”€β”€ docs/
β”‚   β”œβ”€β”€ ARCHITECTURE.md            # Design decisions
β”‚   β”œβ”€β”€ DEPLOYMENT.md              # Step-by-step guide
β”‚   β”œβ”€β”€ RUNBOOK.md                 # Troubleshooting
β”‚   └── PRODUCTION_CHECKLIST.md    # Pre-production readiness
β”‚
└── .gitignore

πŸ”§ Key Features

πŸ›‘οΈ Security

  • Least-Privilege IAM: Each component has minimal required permissions
  • Encryption: KMS for SQS, TLS in-flight, no secrets in code
  • Audit Trail: Every event logged with correlation ID
  • Schema Validation: Events validated against contract before processing

πŸ”„ Resilience

  • Retry Strategy: Exponential backoff, max 2 attempts per rule
  • Dead-Letter Queues: Failed events captured for investigation
  • Idempotent Processing: Same event processed twice = same outcome
  • Circuit Breaker: Stop retrying if target repeatedly fails

πŸ“Š Observability

  • CloudWatch Logs: Structured JSON logging
  • X-Ray Tracing: End-to-end request flow visualization
  • Metrics Dashboard: Event volume, latency, error rates
  • Alarms: Alert on anomalies (queue depth, errors, latency)

πŸš€ Production-Ready

  • Infrastructure as Code: CDK for reproducible deployments
  • Automated Tests: Unit, integration, and chaos scenarios
  • Comprehensive Docs: Architecture, deployment, troubleshooting
  • Cost Monitoring: Track spend per event type

πŸ“š Documentation

Document Purpose
ARCHITECTURE.md Design overview, decisions, data flows
DEPLOYMENT.md Step-by-step deployment walkthrough
RUNBOOK.md Operational guide and troubleshooting
PRODUCTION_CHECKLIST.md Pre-launch readiness checklist

πŸ§ͺ Running Tests

# Unit tests
pytest tests/unit -v

# Integration tests
pytest tests/integration -v

# Chaos engineering tests
pytest tests/chaos -v

# All tests with coverage
pytest tests/ --cov=functions

🎯 Learning Outcomes

After this workshop, you'll understand:

  1. βœ… How to design event-driven security pipelines
  2. βœ… EventBridge routing, filtering, and schema validation
  3. βœ… Lambda as a stateless event processor (best practices)
  4. βœ… SQS for decoupling and guaranteed delivery
  5. βœ… Production patterns: retry, DLQ, idempotency, circuit breaker
  6. βœ… Security controls at each layer (IAM, encryption, audit)
  7. βœ… Observability: logging, tracing, metrics, alarms
  8. βœ… How to adapt this pattern for your own use cases

🀝 Extending the Project

Once the core works, you can add:

  • SNS Notifications: Alert on critical events
  • Lambda Remediation: Auto-respond to threats
  • DynamoDB: Event history and analytics
  • S3: Archive events for compliance
  • EventBridge Archive: Replay events if needed
  • Multi-Region: Cross-region failover

πŸ’‘ Real-World Use Cases

This pattern applies to:

  • Threat Detection: Ingest CloudTrail, detect suspicious API calls
  • Compliance Monitoring: Track configuration changes, audit events
  • Incident Response: Correlate events, trigger auto-remediation
  • Cost Optimization: Monitor unusual resource creation
  • Access Management: Track role assumption, permission changes

πŸ“ž Support


Built for AWS Cloud Security UserGroup West Africa

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors