Cloud Security Lessons: What I'm Learning as a DevOps Beginner

Rudraksh LaddhaRudraksh Laddha
3 min read

Introduction

As I've begun my journey into DevOps and cloud technologies, one area that's quickly captured my attention is cloud security. Coming from a development background, I initially focused on finding cost-effective storage solutions for my projects, but I've since discovered that balancing cost, functionality, and security requires careful consideration.

My Initial Approach

For a recent project requiring media storage for user uploads, my first instinct was to search for the most affordable option. After comparing prices across providers, I found several budget-friendly solutions that seemed perfect from a cost perspective.

// My initial selection criteria was primarily cost-based
const priorities = {
  cost: "High priority",
  features: "Medium priority",
  security: "Not fully considered"
};

However, as I began implementing the solution, I realized I had overlooked critical security considerations.

The Security Learning Curve

Understanding Access Controls

One of my first discoveries was about access management. In AWS S3, for example, the default configuration doesn't automatically restrict access at the file level:

// Basic S3 upload without proper access controls
const AWS = require('aws-sdk');
const s3 = new AWS.S3();

const uploadParams = {
  Bucket: "my-media-bucket",
  Key: `user-uploads/${fileName}`,
  Body: fileContent
};

s3.upload(uploadParams, (err, data) => {
  if (err) console.log("Error", err);
  if (data) console.log("Upload Success", data.Location);
});

This basic implementation would store the file, but doesn't implement proper access restrictions. Anyone with bucket access could potentially view all user files.

Implementing Proper Security

Through research and experimentation, I've learned several foundational security practices:

1. Signed URLs for Temporary Access

Instead of making files publicly accessible, I've learned to generate time-limited signed URLs:

// Generating a signed URL with expiration
const params = {
  Bucket: "my-media-bucket",
  Key: `user-uploads/${userId}/${fileName}`,
  Expires: 3600 // URL expires in one hour
};

const signedUrl = s3.getSignedUrl('getObject', params);

2. Folder Structure for Access Control

Organizing files by user ID creates a foundation for permission-based access:

// Organizing by user ID for better access control
const uploadPath = `user-uploads/${userId}/${fileName}`;

3. IAM Policies for Fine-Grained Control

Creating specific policies to restrict access based on user identity:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-media-bucket/user-uploads/${cognito-identity.amazonaws.com:sub}/*"
    }
  ]
}

What I'm Still Learning

I'm continuing to explore more advanced security concepts:

  • Server-side encryption for data at rest

  • Client-side encryption before upload for sensitive data

  • Multi-factor authentication for admin access

  • Monitoring and alerting for unusual access patterns

My Takeaways So Far

As a beginner in this space, I've realized that:

  1. Security isn't optional - it should be considered from the initial architecture phase

  2. Major cloud providers offer robust security tools - but you need to learn how to implement them correctly

  3. Documentation is your friend - AWS, Azure, and GCP all provide extensive security best practices

  4. The cheapest solution isn't always the best - sometimes paying a bit more provides significant security benefits

Next Steps on My Learning Journey

I'm focusing on:

  • Obtaining AWS Security certification

  • Building projects with security as a primary consideration

  • Contributing to open-source projects focused on cloud security

  • Documenting what I learn to help other beginners

I'd love to hear from more experienced professionals about what security considerations I might still be missing. This is just the beginning of my DevOps journey, and I'm excited to continue learning and growing in this field.

This article represents my current understanding as I learn. I welcome corrections and suggestions from more experienced practitioners.

0
Subscribe to my newsletter

Read articles from Rudraksh Laddha directly inside your inbox. Subscribe to the newsletter, and don't miss out.

DevopsCloudCloud ComputingDeveloperSecurityDevops articlesDockersoftware developmentSoftware EngineeringWeb DevelopmentAWSGeneral ProgrammingtechnologyTechwithRudraksh

Written by

Rudraksh Laddha
Rudraksh Laddha

I'm Rudraksh Laddha โ€” a DevOps engineer and emerging full-stack developer, passionate about building scalable, reliable systems that solve real-world problems. With a solid foundation in cloud infrastructure automation using tools like Kubernetes, Docker, Terraform, and AWS, I thrive in environments where efficiency, resilience, and automation are key. But my journey doesn't stop at infrastructure. I'm actively expanding into full-stack development, building dynamic applications using React, Node.js, and MongoDB. Whether it's designing cloud-native CI/CD pipelines or developing intuitive user interfaces, I enjoy creating end-to-end solutions โ€” from server to screen. Right now, I'm: ๐Ÿงฉ Building full-stack applications that merge DevOps reliability with engaging frontend experiences ๐Ÿ› ๏ธ Contributing to open-source projects, learning through collaboration and real-world scenarios ๐Ÿš€ Growing Virendana Ui, my own UI library focused on expressive, clean design systems ๐Ÿš€ Growing Learn Virendana, where I share my personalized learning journey โ€” from beginner to experienced ๐ŸŽฎ Developing side projects like 2048 Rush, blending product thinking with scalable infrastructure My long-term goal? To bridge DevOps and development โ€” building products that are not just functional and fast, but also resilient, beautiful, and ready for scale.