Departmental Network Segmentation and Access Control in AWS

1. Project Overview

This project focuses on network segmentation and access control within AWS to separate departmental resources (e.g., HR, Finance, Engineering) and control traffic flow between them. By implementing AWS-native security tools such as VPCs, subnets, security groups, and network ACLs, we ensure least privilege network access and stronger security compliance.

2. Objectives

Isolate departmental workloads into segmented network environments.
Restrict unauthorized inter-department communication.
Enforce role-based and network-level access control.
Achieve compliance with PCI DSS, HIPAA, or ISO 27001 where applicable.

3. Architecture Diagram

(Diagram: AWS VPC with three departmental subnets, traffic controls via NACLs/Security Groups, and centralized monitoring via AWS CloudWatch/GuardDuty)

4. AWS Services Used

Service	Purpose
VPC	Base network for departmental segmentation.
Subnets	Logical isolation for each department.
Security Groups	Resource-level traffic control.
Network ACLs	Subnet-level traffic filtering.
IAM	Role-based access to manage resources.
CloudWatch / GuardDuty	Monitoring and threat detection.

5. Implementation Steps

Step 1 – Department Mapping

Identify departments and required resources:

Example:
- HR → Payroll Database, Employee Portal
- Finance → Accounting System, Billing APIs
- Engineering → Dev/Test Environments

1. Project Overview

2. Objectives

3. Architecture Diagram

4. AWS Services Used

5. Implementation Steps

Step 1 – Department Mapping

Step 2 – VPC and Subnet Creation