<![CDATA[This study presents the design, implementation, and validation of a cloud security architecture on Amazon Web Services (AWS) that integrates Defense in Depth strategies with Identity and Access Management (IAM) Best Practices, tailored for small and medium-sized enterprises (SMEs). Using the AWS Free Tier, an experimental cloud infrastructure was constructed to evaluate the effectiveness of multi-layered protection encompassing network segmentation, least-privilege access control, and real-time monitoring. The architecture employed a segmented Virtual Private Cloud (VPC) with public and private subnets, controlled by Security Groups (SGs) and Network Access Control Lists (NACLs), while IAM policies and Multi-Factor Authentication (MFA) enforced identity-level security. Centralized monitoring through CloudTrail and CloudWatch enabled anomaly detection and event logging with high accuracy. Test results showed that unauthorized access was effectively blocked, suspicious activities were detected promptly, and all administrative actions were recorded reliably. The findings indicate that combining layered network defenses and IAM governance significantly enhances the resilience, visibility, and security posture of SMEs adopting AWS environments. Beyond its technical effectiveness, the model offers scalability, auditability, and cost-efficiency—demonstrating that enterprise-grade protection can be achieved even within the resource constraints of SMEs. Future work is encouraged to integrate automation and advanced AWS tools such as GuardDuty and Config to strengthen real-world adaptability and compliance.]]>
Copyrights © 2025
