Skip to content
/ Secure-File-Vault Public

Secure File Vault is a cloud-based application that demonstrates secure storage and sharing of sensitive enterprise data using AWS and a Zero Trust architecture.

secure-file-vault-prod.netlify.app
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Adityarrudola/Secure-File-Vault

BranchesTags

Repository files navigation

Secure File Vault (Zero Trust Architecture)

Secure File Vault is a cloud-based application that demonstrates how enterprises can securely store and share sensitive documents (finance, HR, client data) using modern AWS security best practices and a Zero Trust architecture.

The system enforces strong authentication, least-privilege access, encryption by default, temporary credentials, and full event logging.

Features

  • User authentication using Amazon Cognito User Pools with mandatory MFA
  • Role-based access control using IAM (Editor / Viewer)
  • Department-level isolation using prefix-based S3 permissions (finance/hr/client)
  • Temporary AWS credentials using Cognito Identity Pools + AWS STS
  • Secure file storage in Amazon S3 with:
    • SSE-KMS (customer-managed key)
    • Versioning enabled
    • Public access fully blocked
  • Time-limited file access using pre-signed URLs
  • Full auditing using AWS CloudTrail for:
    • Authentication events
    • Role assumptions
    • S3 object operations
    • KMS key usage
  • Frontend built in React using AWS SDK v3
  • Hosted on Vercel

Architecture Overview

AWS-SecureFileVault-3

Application Demo

Screenshot 1 Screenshot 2 Screenshot 3 Screenshot 4 Screenshot 5

Security Model

This project follows a strict Zero Trust approach:

  • No long-term AWS credentials stored on frontend
  • Every request is authenticated and authorized
  • MFA enforced at login
  • Access scoped by role and department
  • All data encrypted at rest
  • Credentials are short-lived
  • All sensitive operations are audited

Tech Stack

Frontend

  • React (Vite)
  • AWS SDK v3
  • OIDC (Cognito Hosted UI)
  • Hosted on Vercel

Backend / Cloud

  • Amazon Cognito (User Pools + Identity Pools)
  • AWS IAM
  • AWS STS
  • Amazon S3
  • AWS KMS
  • AWS CloudTrail

IAM Role Behavior

Role Permissions
Viewer List + Download files in own department
Editor List + Upload + Delete + Download files in own department

Department isolation is enforced using session tags and IAM policy conditions.

How Temporary Credentials Work

  1. User logs in via Cognito Hosted UI (with MFA)
  2. Cognito issues JWT tokens
  3. Identity Pool exchanges token for IAM role
  4. AWS STS issues short-lived credentials
  5. AWS SDK v3 uses these credentials to access S3 securely

Future Improvements

  • Admin dashboard for user management
  • File integrity checks (hash validation)
  • Virus scanning using Lambda
  • Event-driven alerts using EventBridge
  • CloudTrail Lake analytics dashboard

Author

Aditya Rudola

About

Secure File Vault is a cloud-based application that demonstrates secure storage and sharing of sensitive enterprise data using AWS and a Zero Trust architecture.

secure-file-vault-prod.netlify.app

Topics

git aws kms reactjs s3 iam cognito cloudtrail-events tailwind-css

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages