Building a Secure Password Manager in AWS: My Hands-On Cybersecurity Project

Introduction

In our increasingly digital world, managing passwords securely is more important than ever. To sharpen my cybersecurity skills, I decided to take on a project to build a cloud-based password manager hosted on AWS. My focus was on encryption, access control, and following best practices for cloud deployments. In this post, I’ll walk you through what I aimed to achieve, how I approached it, the challenges I faced, and what I learned along the way.

Project Goals

The goal of this project was simple but critical: create a secure, scalable password manager that could store sensitive credentials safely. I wanted to implement strong encryption to protect the data and enforce strict access controls to ensure it stayed secure.

Tools & Technologies

  • Bitwarden (Self-Hosted): An open-source password manager deployed on the EC2 instance.
  • AWS EC2 and RDS: For computing power and a secure database.
  • TLS/SSL (via Let’s Encrypt): To encrypt communications between the app and its users.
  • AWS IAM: To manage access control and permissions.

How I Built It

Setting Up AWS Infrastructure

  • EC2 Instance: I launched an EC2 instance to host the password manager, making sure to configure security groups to allow only essential traffic. Network ACLs provided an extra layer of security.
  • RDS Database: I set up an AWS RDS instance for the database, enabling encryption both at rest (via AWS KMS) and in transit (with SSL).

Deploying Bitwarden (Self-Hosted)

  • Installation: I deployed Bitwarden’s open-source server on the EC2 instance using Docker, creating a secure, self-hosted password management system.
  • Features Used: The Bitwarden server provided encrypted credential storage, user-friendly interfaces, and role-based access control.
  • TLS/SSL: I configured Let’s Encrypt certificates to secure all communication between the server and its clients.

Securing Data and Communication

  • TLS/SSL: To protect data in transit, I configured HTTPS using Let’s Encrypt certificates. This ensured that all communication between the app and its users was encrypted, preventing eavesdropping and man-in-the-middle attacks.
  • Secure Credential Storage: Credentials were stored in the RDS database with encryption enabled.

Access Control

  • IAM Roles and Policies: Following the principle of least privilege, I created IAM roles and policies to control who or what could access AWS resources. This ensured each component had just enough access to do its job.

Testing and Deployment

  • Vulnerability Testing: I used OWASP ZAP to scan for security vulnerabilities and fix any issues that came up.
  • Continuous Deployment: Automated tools like AWS CodePipeline and CodeDeploy helped me ensure updates were consistent and secure.

Challenges Along the Way

  • Balancing Security with Costs: AWS offers incredible tools, but they can get expensive fast. I had to carefully pick and optimize services to stay within budget without compromising security.
  • Role-Based Access Control (RBAC): Setting up IAM roles to follow best practices wasn’t straightforward. It took some trial and error to get the permissions just right.

Lessons Learned

This project taught me so much, including:

  • Secure Cloud Deployment: I now have a much deeper understanding of deploying secure applications in the cloud.
  • AWS Expertise: Working with EC2, RDS, and IAM gave me hands-on experience with key AWS services.
  • Layered Security: Combining multiple security measures—like encryption, access controls, and monitoring—is critical to protecting sensitive data.
  • Problem-Solving Under Constraints: Balancing security, functionality, and costs really pushed me to think creatively.

Conclusion

Building this password manager was an eye-opening experience. It wasn’t just about creating a functional application—it was about ensuring it was secure enough to handle real-world threats. By leveraging Bitwarden (Self-Hosted), I was able to build a user-friendly yet secure solution. This project reinforced my understanding of cybersecurity principles and gave me practical experience with secure cloud architectures. I’m excited to bring these lessons into my future work in cybersecurity and tackle even more complex challenges.