Skip to content

FreemanBoss/eventbridge-lambda-sqs-project

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

1 Commit
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

Event-Driven Security Pipeline: Production-Grade Workshop

AWS Cloud Security UserGroup West Africa
Session Date: May 2, 2026 | 60-Minute Workshop Topic: Build an event-driven system using EventBridge + Lambda + SQS


πŸ“‹ Overview

This project demonstrates a production-grade, security-focused event-driven system that ingests, enriches, scores, and processes security events in real-time using AWS EventBridge, Lambda, and SQS.

What You'll Build

A complete event triage pipeline that:

  • βœ… Routes suspicious activity events in real-time
  • βœ… Enriches events with context (user, account, geo, asset metadata)
  • βœ… Scores threat risk (0–100)
  • βœ… Queues for reliable processing with guaranteed delivery
  • βœ… Handles failures gracefully (retries, DLQ, circuit breaker)
  • βœ… Provides full observability (X-Ray, CloudWatch, structured logs)
  • βœ… Follows production best practices (least-privilege IAM, encryption, idempotency)

Architecture Pattern

Events β†’ EventBridge Rules β†’ Lambda Enrichment/Scoring β†’ SQS β†’ Lambda Worker β†’ Audit Trail

πŸš€ Quick Start

Prerequisites

  • AWS Account with admin access (or sufficient permissions for EventBridge, Lambda, SQS, CloudWatch, X-Ray)
  • AWS CLI v2 configured
  • Python 3.11+
  • Node.js 18+ (for AWS CDK)
  • Docker (optional, for LocalStack testing)

Installation

# Clone repo
git clone https://github.com/<owner>/<repo>.git
cd <repo>

# Install CDK dependencies
npm install -g aws-cdk

# Create Python virtual environment
python3 -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

# Install Python dependencies
pip install -r infrastructure/cdk/requirements.txt
pip install -r scripts/requirements.txt

# Install function dependencies
for func in functions/enricher functions/scorer functions/worker; do
  pip install -r $func/requirements.txt --target $func/package
done

Deploy

cd infrastructure/cdk
cdk deploy --require-approval never

Run Demo

# Send sample events to EventBridge
./scripts/send_events.sh

# Watch logs in real-time
./scripts/monitor.sh

Cleanup

./scripts/destroy.sh

πŸ“ Project Structure

.
β”œβ”€β”€ infrastructure/
β”‚   β”œβ”€β”€ cdk/
β”‚   β”‚   β”œβ”€β”€ app.py                 # Main CDK application
β”‚   β”‚   β”œβ”€β”€ eventbridge_stack.py   # EventBridge resources
β”‚   β”‚   β”œβ”€β”€ lambda_stack.py        # Lambda functions
β”‚   β”‚   β”œβ”€β”€ sqs_stack.py           # SQS queues
β”‚   β”‚   β”œβ”€β”€ iam_stack.py           # IAM roles & policies
β”‚   β”‚   β”œβ”€β”€ monitoring_stack.py    # CloudWatch & X-Ray
β”‚   β”‚   └── requirements.txt
β”‚   └── outputs/                   # Deployed resource outputs
β”‚
β”œβ”€β”€ functions/
β”‚   β”œβ”€β”€ enricher/
β”‚   β”‚   β”œβ”€β”€ lambda_function.py     # Enrichment logic
β”‚   β”‚   β”œβ”€β”€ requirements.txt
β”‚   β”‚   └── tests/
β”‚   β”‚
β”‚   β”œβ”€β”€ scorer/
β”‚   β”‚   β”œβ”€β”€ lambda_function.py     # Risk scoring logic
β”‚   β”‚   β”œβ”€β”€ requirements.txt
β”‚   β”‚   └── tests/
β”‚   β”‚
β”‚   β”œβ”€β”€ worker/
β”‚   β”‚   β”œβ”€β”€ lambda_function.py     # SQS consumer & processor
β”‚   β”‚   β”œβ”€β”€ requirements.txt
β”‚   β”‚   └── tests/
β”‚   β”‚
β”‚   └── shared/
β”‚       β”œβ”€β”€ logger.py              # Structured logging
β”‚       β”œβ”€β”€ validator.py           # Event validation
β”‚       β”œβ”€β”€ idempotency.py         # Idempotent processing
β”‚       └── constants.py           # Constants & config
β”‚
β”œβ”€β”€ events/
β”‚   β”œβ”€β”€ sample_events.json         # Test event collection
β”‚   └── schema.json                # EventBridge schema
β”‚
β”œβ”€β”€ tests/
β”‚   β”œβ”€β”€ unit/                      # Unit tests for each Lambda
β”‚   β”œβ”€β”€ integration/               # End-to-end flow tests
β”‚   └── chaos/                     # Failure scenario tests
β”‚
β”œβ”€β”€ scripts/
β”‚   β”œβ”€β”€ deploy.sh                  # Deploy infrastructure
β”‚   β”œβ”€β”€ send_events.sh             # Simulate events
β”‚   β”œβ”€β”€ monitor.sh                 # Watch logs/metrics
β”‚   └── destroy.sh                 # Cleanup
β”‚
β”œβ”€β”€ docs/
β”‚   β”œβ”€β”€ ARCHITECTURE.md            # Design decisions
β”‚   β”œβ”€β”€ DEPLOYMENT.md              # Step-by-step guide
β”‚   β”œβ”€β”€ RUNBOOK.md                 # Troubleshooting
β”‚   └── PRODUCTION_CHECKLIST.md    # Pre-production readiness
β”‚
└── .gitignore

πŸ”§ Key Features

πŸ›‘οΈ Security

  • Least-Privilege IAM: Each component has minimal required permissions
  • Encryption: KMS for SQS, TLS in-flight, no secrets in code
  • Audit Trail: Every event logged with correlation ID
  • Schema Validation: Events validated against contract before processing

πŸ”„ Resilience

  • Retry Strategy: Exponential backoff, max 2 attempts per rule
  • Dead-Letter Queues: Failed events captured for investigation
  • Idempotent Processing: Same event processed twice = same outcome
  • Circuit Breaker: Stop retrying if target repeatedly fails

πŸ“Š Observability

  • CloudWatch Logs: Structured JSON logging
  • X-Ray Tracing: End-to-end request flow visualization
  • Metrics Dashboard: Event volume, latency, error rates
  • Alarms: Alert on anomalies (queue depth, errors, latency)

πŸš€ Production-Ready

  • Infrastructure as Code: CDK for reproducible deployments
  • Automated Tests: Unit, integration, and chaos scenarios
  • Comprehensive Docs: Architecture, deployment, troubleshooting
  • Cost Monitoring: Track spend per event type

πŸ“š Documentation

Document Purpose
ARCHITECTURE.md Design overview, decisions, data flows
DEPLOYMENT.md Step-by-step deployment walkthrough
RUNBOOK.md Operational guide and troubleshooting
PRODUCTION_CHECKLIST.md Pre-launch readiness checklist

πŸ§ͺ Running Tests

# Unit tests
pytest tests/unit -v

# Integration tests
pytest tests/integration -v

# Chaos engineering tests
pytest tests/chaos -v

# All tests with coverage
pytest tests/ --cov=functions

🎯 Learning Outcomes

After this workshop, you'll understand:

  1. βœ… How to design event-driven security pipelines
  2. βœ… EventBridge routing, filtering, and schema validation
  3. βœ… Lambda as a stateless event processor (best practices)
  4. βœ… SQS for decoupling and guaranteed delivery
  5. βœ… Production patterns: retry, DLQ, idempotency, circuit breaker
  6. βœ… Security controls at each layer (IAM, encryption, audit)
  7. βœ… Observability: logging, tracing, metrics, alarms
  8. βœ… How to adapt this pattern for your own use cases

🀝 Extending the Project

Once the core works, you can add:

  • SNS Notifications: Alert on critical events
  • Lambda Remediation: Auto-respond to threats
  • DynamoDB: Event history and analytics
  • S3: Archive events for compliance
  • EventBridge Archive: Replay events if needed
  • Multi-Region: Cross-region failover

πŸ’‘ Real-World Use Cases

This pattern applies to:

  • Threat Detection: Ingest CloudTrail, detect suspicious API calls
  • Compliance Monitoring: Track configuration changes, audit events
  • Incident Response: Correlate events, trigger auto-remediation
  • Cost Optimization: Monitor unusual resource creation
  • Access Management: Track role assumption, permission changes

πŸ“ž Support


Built for AWS Cloud Security UserGroup West Africa

About

No description, website, or topics provided.

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors