This project deploys a secure, serverless incident response chatbot using AWS infrastructure managed via modular Terraform. The chatbot responds to commands like logs, guardduty, and help by querying CloudWatch and GuardDuty from a Lambda function running in a private subnet.
- Serverless chatbot with AWS Lambda
- Secure HTTPS API using API Gateway (no key required)
- Lambda runs inside a private subnet (no public IP)
- NAT Gateway routes outbound requests
- Retrieves CloudWatch logs (last 10 min)
- GuardDuty integration (returns threat status)
- Easy to extend (
login,status, etc.) - Infrastructure-as-Code using modular Terraform
- A user sends a POST request to API Gateway.
- API Gateway invokes the Lambda function in a private subnet.
- Lambda uses the NAT Gateway to securely reach CloudWatch and GuardDuty.
- Lambda responds with real-time system and security insights.
secure-incident-response-chatbot/
├── main.tf
├── variables.tf
├── outputs.tf
├── README.md
├── LICENSE
├── .gitignore
├── modules/
│ ├── lambda/
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── outputs.tf
│ ├── iam/
│ │ ├── main.tf
│ │ └── outputs.tf
│ ├── api-gateway/
│ │ ├── main.tf
│ │ ├── variables.tf
│ │ └── outputs.tf
│ └── vpc/
│ ├── main.tf
│ ├── variables.tf
│ └── outputs.tf
├── src/
│ ├── handler.py
│ └── lambda.zip
├── assets/
├── incident-bot-success.png
├── lambda-curl-logs.png
├── guardduty-success.png
├── secure-architecture-diagram.png
└── final-network-diagram.png
**Command-line test (Windows CMD or PowerShell):**
curl -X POST https://<your-api-url>/incident -H "Content-Type: application/json" -d "{"query": "logs"}"
curl -X POST https://<your-api-url>/incident -H "Content-Type: application/json" -d "{"query": "guardduty"}"
curl -X POST https://<your-api-url>/incident -H "Content-Type: application/json" -d "{"query": "help"}"
Example output:
📄 Recent logs:
INIT_START Runtime Version: python:3.11.v76
START RequestId: ...
Event received: { ... }
- Lambda timeouts Fixed by adjusting timeout + narrowing CloudWatch query window
- IAM permission errors Resolved by refining trust and execution policies
- GuardDuty not enabled Activated manually in
us-east-1 - Module input issues Declared
subnet_idsandvpc_idinlambdamodule - Security Group conflict Fixed by destroying and recreating stale SG
These challenges helped reinforce advanced Terraform troubleshooting, VPC networking, and AWS service integration.
This project is licensed under the MIT License
Roberto A Cardenas
Cloud Engineer • IaC Builder • AWS Infrastructure Developer
| Feature | Screenshot |
|---|---|
| Curl Commands |  |
| CloudWatch Logs |  |
| GuardDuty Status |  |
Built for security. Powered by AWS. Managed with Terraform.