Skip to content

thiagonazario/sentinel-lambda-sanitization-core

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
docs
docs
 
 
infra
infra
 
 
src
src
 
 
.gitignore
.gitignore
 
 

Repository files navigation

SENTINEL-CORE: Active Defense Protocol 🛡️

Governance isn't a manual task; it's an automated protocol. Sentinel-Core is a "Hardened by Design" infrastructure guard dog built to eliminate financial leakage and ClickOps entropy in AWS environments.

👁️ Overview

graph TD
    subgraph The_Iron_Gate [Governance]
        EB[EventBridge: Heartbeat]
        IAM[IAM: Identity & Law]
        CW[CloudWatch: Eternal Eye]
    end

    subgraph Compute_Intelligence [The Brain]
        Lambda[Lambda: Sentinel Core]
    end

    subgraph The_Frontier [Resources]
        EC2[EC2: Unmanaged Instances]
    end

    EB -- "Trigger (Hourly)" --> Lambda
    Lambda -- "Audit Scan" --> EC2
    Lambda -- "Write Logs" --> CW
    Lambda -- "Assumes Role" --> IAM

    style Lambda fill:#ff9900,stroke:#333,color:#000
    style EB fill:#232f3e,stroke:#ff9900,color:#fff
    style CW fill:#232f3e,stroke:#ff9900,color:#fff
    style IAM fill:#232f3e,stroke:#ff9900,color:#fff
    style EC2 fill:#f2f2f2,stroke:#333,color:#333
Loading

In many cloud environments, "temporary" resources, untagged instances, and orphaned assets remain alive indefinitely—burning expensive silicon and draining budgets. Sentinel-Core identifies these anomalies in real-time and enforces technical sovereignty.

Code is the only Law. If a resource lacks the ManagedByCode signature, it is flagged as a CLICKOPS_ANOMALY.

⚡ The Vitals

  • Trigger: Hourly heartbeat via AWS EventBridge.
  • The Brain: AWS Lambda (Python 3.11).
  • Execution: Real-time sanitization of untagged or unmanaged EC2 resources.
  • Performance: Full environment audit completed in ~4109 ms.

🏗️ Architecture

The system is divided into three layers of sovereignty:

  1. The Iron Gate (Governance): IAM Policies and EventBridge triggers.
  2. The Brain (Intelligence): Lambda logic for scanning and decision-making.
  3. The Frontier (Resources): The target environment being protected.

📑 Executive Documentation

For a full breakdown of the architecture, logs of real detections, and the financial impact of this protocol, refer to our official dossier:

👉 Download the SENTINEL_CORE_EXECUTION_LOG.pdf

🚀 Deployment

This project is deployed using OpenTofu (or Terraform).

Prerequisites

  • OpenTofu / Terraform installed.
  • AWS CLI configured with appropriate permissions.

Steps

  1. Clone the repository.
  2. Navigate to the /infra folder.
  3. Run tofu init followed by tofu apply.

⚖️ License

This project is licensed under the MIT License - see the LICENSE file for details.

Build with DevSecOps Standards. Maintain Sovereignty. Stop the Leakage. 🌬️🛡️🚀💎

About

Sentinel-Core: A Hardened by Design infrastructure protocol to identify and neutralize ClickOps anomalies and financial leaks in real-time.

Topics

python aws security automation aws-lambda terraform iac tofu devsecops finops cloud-governance cloud-cost-optimization open-tofu

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages