Showcase = public preview (no login)
Demo = interactive version (signup/login + live simulation)
About This Project
PhantomWall is a cloud-based cybersecurity demo platform I built to simulate real-world threat activity and show how modern security monitoring works in practice.
Users can sign up, log in, deploy a controlled honeypot instance on AWS, run simulated attacks, and view live security telemetry through an interactive dashboard.
This project combines React frontend development, AWS serverless/backend services, and Terraform infrastructure automation. It includes user authentication with AWS Cognito, EC2 spot-instance lifecycle control, CloudWatch and DynamoDB data pipelines, and real-time alert visualization.
The goal of PhantomWall is to make threat detection and cloud defense easier to understand through hands-on, realistic workflows in a safe demo environment.
Architecture
PhantomWall is architected as a multi-service AWS security simulation stack provisioned with Terraform and segmented by environment tags/naming for deployment isolation. The frontend is built with React/Vite and integrates directly with AWS Cognito for authentication flows (signup, email verification, login, password reset), then uses JWT-protected API routes through API Gateway to invoke backend Lambda services.
The backend includes specialized Lambda functions for honeypot provisioning, fleet lifecycle management, attack simulation, Suricata ingest, alert indexing, and automated spot-instance cleanup. Honeypot infrastructure is launched on demand as constrained EC2 spot instances (with per-user limits and auto-termination controls), and telemetry is streamed into CloudWatch/DynamoDB-backed pipelines for alert generation and dashboard analysis.
Operational controls include IAM least-privilege role scoping, environment-specific resource naming, CloudWatch logging/alarms, and SES-backed Cognito email delivery. The system is intentionally designed to balance realism (live external traffic, real AWS signals) with demo safety and cost guardrails, providing a practical end-to-end model of cloud-native threat detection workflows.