DevSecOps & Cloud Security

DevSecOps & Cloud Security

Instructors: Sergii Demianchuk

Access provided by Yenepoya University

4 modules

Gain insight into a topic and learn the fundamentals.

Advanced level

Recommended experience

8 hours to complete

Flexible schedule

Learn at your own pace

4 modules

Gain insight into a topic and learn the fundamentals.

Advanced level

Recommended experience

8 hours to complete

Flexible schedule

Learn at your own pace

What you'll learn

Analyze the AI bot threat landscape and set up a local Flask application with Terraform tooling.
Deploy production AWS infrastructure with Terraform: VPC, ALB, CloudFront, WAF, and EC2 auto scaling groups.
Implement intelligent traffic routing, cache separation, and degraded content with CloudFront and Lambda@Edge.
Configure advanced WAF protections, analyze logs with Athena, and enforce a data-driven strategic bot policy.

Skills you'll gain

Tools you'll learn

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

4 assignments

Taught in English

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

There are 4 modules in this course

Protect modern web applications from AI crawlers, LLM scrapers, and malicious bot traffic with a practical, AWS-native DevSecOps workflow. In this advanced course, you will build and secure a production-style web delivery stack using Terraform, AWS WAF, CloudFront, Lambda@Edge, EC2, ALB, and Amazon Athena.

Starting from a simple Flask application, you will deploy a complete AWS environment as code, then implement multi-layered bot mitigation strategies such as cache separation for bots and humans, degraded content delivery, edge-based traffic routing, and advanced AWS WAF Bot Control. You will also work with JA4 TLS fingerprinting, managed rules, IP and GEO controls, and Athena-based log analysis to create a data-driven bot policy. By the end, you will be able to design and enforce a scalable AWS bot protection architecture that reduces origin load, improves resilience, and helps defend against AI-driven scraping and automated abuse in real-world environments.

This module explores the economic and technical forces behind the AI bot surge using real traffic data from a commercial marketplace. Learners will examine how training and on-demand bots differ in their impact, why traditional defenses are no longer sufficient, and what a high-level multi-layered infrastructure strategy looks like. The module then transitions to hands-on preparation, where learners set up the Flask demo application locally, install Terraform, configure AWS credentials, and push the Docker image to ECR, establishing the prerequisites for cloud deployment in subsequent modules.

What's included

9 videos2 readings1 assignment1 peer review1 discussion prompt

9 videosTotal 31 minutes

The AI Bot Problem: Definition and Strategic Outlook 10 minutes
Lab Environment Overview 2 minutes
Multi-Layered Infrastructure Strategy Components (Part 1) 2 minutes
Multi-Layered Infrastructure Strategy Components (Part 2) 4 minutes
Flask App: Local Environment 3 minutes
Flask App: Code Overview 2 minutes
Terraform Installation with tfenv 3 minutes
AWS Profile and Terraform Configuration3 minutes
Build Docker Image and Push to AWS ECR 2 minutes

2 readingsTotal 10 minutes

Welcome to the Course: Course Overview5 minutes
Best Practices for Using the Terraform AWS Provider 5 minutes

1 assignmentTotal 20 minutes

The AI Bot Threat Landscape and Local Development Setup20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Local Environment Verification and ECR Push10 minutes

1 discussion promptTotal 10 minutes

Keeping Development and Production Environments in Sync10 minutes

This module moves from local development to full cloud deployment using Terraform. Learners will build a VPC with public and private subnets, configure security groups, delegate a domain to Route 53, generate SSL certificates with ACM, deploy an Application Load Balancer, and launch EC2 instances in an Auto Scaling group running the Flask container. The module then layers on CloudFront and WAF with logging via Kinesis Firehose. It concludes with a practical analysis of why reactive auto-scaling fails against short, aggressive AI bot spikes, using real commercial data from a Petalbot and Ahrefsbot traffic event.

What's included

14 videos1 reading1 assignment1 peer review1 discussion prompt

14 videosTotal 60 minutes

Running Terraform Scripts: Essential Introduction 1 minute
Pre-Init and Network Terraform Modules 6 minutes
Domain Delegation and ACM Terraform Module 6 minutes
ALB Terraform Module 3 minutes
Important Note: Project Name Prefix Differences1 minute
Flask Application on EC2 Using Auto Scaling Group 7 minutes
Add EC2 to AWS ALB as Target Group 2 minutes
EC2 in the AWS Console and SSH Login 3 minutes
Amazon CloudFront Base Components 1 minute
CloudFront and WAF Terraform Module (Part 1: CloudFront) 8 minutes
CloudFront and WAF Terraform Module (Part 2: WAF) 4 minutes
CloudFront and WAF: AWS Console Overview and Maintenance Mode 6 minutes
Auto-Scaling Surprises 6 minutes
AWS Fargate and Commercial Practice Example 6 minutes

1 readingTotal 5 minutes

Deploy the Security Automations for AWS WAF Solution Using Terraform 5 minutes

1 assignmentTotal 20 minutes

Production Infrastructure Deployment on AWS20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Full AWS Infrastructure Deployment10 minutes

1 discussion promptTotal 10 minutes

Public Subnets vs. Private Subnets for EC2 Instances10 minutes

This module transforms CloudFront into a bot-aware traffic router. Learners will understand the two-layer caching architecture of CloudFront, implement a degraded content strategy that serves lightweight static content to bots while preserving the full experience for humans, and deploy Lambda@Edge to dynamically route bot traffic to a secondary CloudFront distribution backed by S3. The module also addresses cache collision between bot and human responses using CloudFront Functions, solves the missing assets problem through immutable asset deployments and Origin Shield, and concludes with a summary of all key patterns for bot-resilient content delivery.

What's included

13 videos1 reading1 assignment1 peer review1 discussion prompt

13 videosTotal 49 minutes

How CloudFront Works 7 minutes
Degraded Content Strategy (Part 1) 3 minutes
Degraded Content Strategy (Part 2) 4 minutes
Routing Bots with Lambda@Edge (Part 1) 6 minutes
Routing Bots with Lambda@Edge (Part 2) 5 minutes
Caching Surprises 3 minutes
Tagging Bot Requests with CloudFront Function 5 minutes
Missing Assets Issue (Part 1) 4 minutes
Missing Assets Issue (Part 2) 4 minutes
CloudFront Origin Shield 2 minutes
Immutable Asset Deployments 4 minutes
Simplified Content with Inline Assets 1 minute
Degraded Content and Immutable Assets: Key Takeaways 1 minute

1 readingTotal 5 minutes

Customize at the Edge with Lambda@Edge 5 minutes

1 assignmentTotal 20 minutes

Intelligent Traffic Routing and CloudFront Optimization20 minutes

1 peer reviewTotal 10 minutes

Hands-On-Learning: Implement Degraded Content Routing and Cache Separation10 minutes

1 discussion promptTotal 10 minutes

Detecting Cache Contamination Before Users Are Affected10 minutes

This module turns the CloudFront edge into an intelligent security gateway. Learners will deploy AWS WAF with IP black and white lists, GEO-based country blocking with whitelist exceptions, and set up Athena to query WAF logs for bot geography analysis. The module progresses through JA4 TLS fingerprinting for advanced rate limiting, granular URL-scoped rate rules, and the AWS IP Reputation List managed rule group. Learners will then enable AWS WAF Bot Control in COMMON mode, examine the labels and categories it emits, integrate the client-side SDK to unlock TARGETED mode, and interpret the Bot Control dashboards. The module culminates in building a Bot Identification Report using Athena and implementing a fully automated three-tier policy (allow, block, degrade) via Lambda@Edge and WAF enforcement rules.

What's included

15 videos1 reading1 assignment2 peer reviews1 discussion prompt

15 videosTotal 79 minutes

What Is WAF and How It Works 4 minutes
WAF Black and White Lists in AI Bots Context 6 minutes
WAF GEO-Country Rule and Bot Traffic 6 minutes
Athena Quick Start: Extracting Real Bot Geo Data from WAF Logs 7 minutes
JA4-Based Rate Limiting: Statistical Baseline and First-Stage Filtering (Part 1) 4 minutes
JA4-Based Rate Limiting: Statistical Baseline and First-Stage Filtering (Part 2) 6 minutes
Granular Rate Rules: URL-Scoped Throttling in WAF 3 minutes
AWS Managed Rules: Reputation Signals as a Bot Filter Layer 5 minutes
AWS WAF Intelligent Bot Mitigation: Foundation and Theory 3 minutes
Turning Bot Control ON (COMMON) and What It Emits 4 minutes
Preparing the App Layer for Bot Control TARGETED 7 minutes
Bot Control Dashboards in Practice and the Power of Bot Traffic Labels 7 minutes
Bot Identification Report (Athena and Real Data) 9 minutes
Concrete Bot Strategy Implementation (Part 1) 5 minutes
Concrete Bot Strategy Implementation (Part 2) 4 minutes

1 readingTotal 5 minutes

Managing AI Bots with AWS WAF and Enhancing Security 5 minutes

1 assignmentTotal 20 minutes

Advanced WAF Defenses, Bot Control, and Strategic Policy Enforcement20 minutes

2 peer reviewsTotal 70 minutes

Hands-On-Learning: Build a Bot Identification Report and Enforce a Policy10 minutes
Project: Architect a Complete Bot Defense Solution for a Growing E-Commerce Platform 60 minutes