Skip to main content

Using AWS Lambda to Revert Unauthorized Security Group Changes

Hands-On Lab


Photo of

Training Architect





Welcome to this AWS Learning Activity where we will be dealing with a real-world use case leveraging Lambda services.

Using Lambda, along with a few other services, we are going to proactively monitor a web server EC2 security group for any traffic rule changes. If we detect any unauthorized changes, we will then undo them using Lambda. There will also be an SNS notification sent out to the admins, which is us.

In this activity we will be working with the following services:

  • Lambda
  • SNS
  • CloudTrail
  • CloudWatch
  • CloudFormation
  • EC2
  • VPC
  • S3

This scenario is a working example of how we can use Lambda to perform various operation tasks within our account, especially ones that maintain our security posture.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.