VOOZH about

URL: https://www.coursera.org/learn/devsecops--cloud-security

⇱ DevSecOps & Cloud Security | Coursera

DevSecOps & Cloud Security

Keep adding new skills with 10,000+ programs for $239 (usually $399). Save now.

DevSecOps & Cloud Security

Included with

β€’

Learn more

Ask Coursera

Gain insight into a topic and learn the fundamentals.
Advanced level

Recommended experience

8 hours to complete
Flexible schedule
Learn at your own pace
Gain insight into a topic and learn the fundamentals.
Advanced level

Recommended experience

8 hours to complete
Flexible schedule
Learn at your own pace

What you'll learn

  • Analyze the AI bot threat landscape and set up a local Flask application with Terraform tooling.

  • Deploy production AWS infrastructure with Terraform: VPC, ALB, CloudFront, WAF, and EC2 auto scaling groups.

  • Implement intelligent traffic routing, cache separation, and degraded content with CloudFront and Lambda@Edge.

  • Configure advanced WAF protections, analyze logs with Athena, and enforce a data-driven strategic bot policy.

Details to know

Shareable certificate

Add to your LinkedIn profile

Recently updated!

April 2026

Assessments

4 assignments

Taught in English

There are 4 modules in this course

Protect modern web applications from AI crawlers, LLM scrapers, and malicious bot traffic with a practical, AWS-native DevSecOps workflow. In this advanced course, you will build and secure a production-style web delivery stack using Terraform, AWS WAF, CloudFront, Lambda@Edge, EC2, ALB, and Amazon Athena.

Starting from a simple Flask application, you will deploy a complete AWS environment as code, then implement multi-layered bot mitigation strategies such as cache separation for bots and humans, degraded content delivery, edge-based traffic routing, and advanced AWS WAF Bot Control. You will also work with JA4 TLS fingerprinting, managed rules, IP and GEO controls, and Athena-based log analysis to create a data-driven bot policy. By the end, you will be able to design and enforce a scalable AWS bot protection architecture that reduces origin load, improves resilience, and helps defend against AI-driven scraping and automated abuse in real-world environments.

This module explores the economic and technical forces behind the AI bot surge using real traffic data from a commercial marketplace. Learners will examine how training and on-demand bots differ in their impact, why traditional defenses are no longer sufficient, and what a high-level multi-layered infrastructure strategy looks like. The module then transitions to hands-on preparation, where learners set up the Flask demo application locally, install Terraform, configure AWS credentials, and push the Docker image to ECR, establishing the prerequisites for cloud deployment in subsequent modules.

What's included

9 videos2 readings1 assignment1 peer review1 discussion prompt

9 videosβ€’Total 31 minutes
  • The AI Bot Problem: Definition and Strategic Outlook β€’10 minutes
  • Lab Environment Overview β€’2 minutes
  • Multi-Layered Infrastructure Strategy Components (Part 1) β€’2 minutes
  • Multi-Layered Infrastructure Strategy Components (Part 2) β€’4 minutes
  • Flask App: Local Environment β€’3 minutes
  • Flask App: Code Overview β€’2 minutes
  • Terraform Installation with tfenv β€’3 minutes
  • AWS Profile and Terraform Configurationβ€’3 minutes
  • Build Docker Image and Push to AWS ECR β€’2 minutes
2 readingsβ€’Total 10 minutes
  • Welcome to the Course: Course Overviewβ€’5 minutes
  • Best Practices for Using the Terraform AWS Provider β€’5 minutes
1 assignmentβ€’Total 20 minutes
  • The AI Bot Threat Landscape and Local Development Setupβ€’20 minutes
1 peer reviewβ€’Total 10 minutes
  • Hands-On-Learning: Local Environment Verification and ECR Pushβ€’10 minutes
1 discussion promptβ€’Total 10 minutes
  • Keeping Development and Production Environments in Syncβ€’10 minutes

This module moves from local development to full cloud deployment using Terraform. Learners will build a VPC with public and private subnets, configure security groups, delegate a domain to Route 53, generate SSL certificates with ACM, deploy an Application Load Balancer, and launch EC2 instances in an Auto Scaling group running the Flask container. The module then layers on CloudFront and WAF with logging via Kinesis Firehose. It concludes with a practical analysis of why reactive auto-scaling fails against short, aggressive AI bot spikes, using real commercial data from a Petalbot and Ahrefsbot traffic event.

What's included

14 videos1 reading1 assignment1 peer review1 discussion prompt

14 videosβ€’Total 60 minutes
  • Running Terraform Scripts: Essential Introduction β€’1 minute
  • Pre-Init and Network Terraform Modules β€’6 minutes
  • Domain Delegation and ACM Terraform Module β€’6 minutes
  • ALB Terraform Module β€’3 minutes
  • Important Note: Project Name Prefix Differencesβ€’1 minute
  • Flask Application on EC2 Using Auto Scaling Group β€’7 minutes
  • Add EC2 to AWS ALB as Target Group β€’2 minutes
  • EC2 in the AWS Console and SSH Login β€’3 minutes
  • Amazon CloudFront Base Components β€’1 minute
  • CloudFront and WAF Terraform Module (Part 1: CloudFront) β€’8 minutes
  • CloudFront and WAF Terraform Module (Part 2: WAF) β€’4 minutes
  • CloudFront and WAF: AWS Console Overview and Maintenance Mode β€’6 minutes
  • Auto-Scaling Surprises β€’6 minutes
  • AWS Fargate and Commercial Practice Example β€’6 minutes
1 readingβ€’Total 5 minutes
  • Deploy the Security Automations for AWS WAF Solution Using Terraform β€’5 minutes
1 assignmentβ€’Total 20 minutes
  • Production Infrastructure Deployment on AWSβ€’20 minutes
1 peer reviewβ€’Total 10 minutes
  • Hands-On-Learning: Full AWS Infrastructure Deploymentβ€’10 minutes
1 discussion promptβ€’Total 10 minutes
  • Public Subnets vs. Private Subnets for EC2 Instancesβ€’10 minutes

This module transforms CloudFront into a bot-aware traffic router. Learners will understand the two-layer caching architecture of CloudFront, implement a degraded content strategy that serves lightweight static content to bots while preserving the full experience for humans, and deploy Lambda@Edge to dynamically route bot traffic to a secondary CloudFront distribution backed by S3. The module also addresses cache collision between bot and human responses using CloudFront Functions, solves the missing assets problem through immutable asset deployments and Origin Shield, and concludes with a summary of all key patterns for bot-resilient content delivery.

What's included

13 videos1 reading1 assignment1 peer review1 discussion prompt

13 videosβ€’Total 49 minutes
  • How CloudFront Works β€’7 minutes
  • Degraded Content Strategy (Part 1) β€’3 minutes
  • Degraded Content Strategy (Part 2) β€’4 minutes
  • Routing Bots with Lambda@Edge (Part 1) β€’6 minutes
  • Routing Bots with Lambda@Edge (Part 2) β€’5 minutes
  • Caching Surprises β€’3 minutes
  • Tagging Bot Requests with CloudFront Function β€’5 minutes
  • Missing Assets Issue (Part 1) β€’4 minutes
  • Missing Assets Issue (Part 2) β€’4 minutes
  • CloudFront Origin Shield β€’2 minutes
  • Immutable Asset Deployments β€’4 minutes
  • Simplified Content with Inline Assets β€’1 minute
  • Degraded Content and Immutable Assets: Key Takeaways β€’1 minute
1 readingβ€’Total 5 minutes
  • Customize at the Edge with Lambda@Edge β€’5 minutes
1 assignmentβ€’Total 20 minutes
  • Intelligent Traffic Routing and CloudFront Optimizationβ€’20 minutes
1 peer reviewβ€’Total 10 minutes
  • Hands-On-Learning: Implement Degraded Content Routing and Cache Separationβ€’10 minutes
1 discussion promptβ€’Total 10 minutes
  • Detecting Cache Contamination Before Users Are Affectedβ€’10 minutes

This module turns the CloudFront edge into an intelligent security gateway. Learners will deploy AWS WAF with IP black and white lists, GEO-based country blocking with whitelist exceptions, and set up Athena to query WAF logs for bot geography analysis. The module progresses through JA4 TLS fingerprinting for advanced rate limiting, granular URL-scoped rate rules, and the AWS IP Reputation List managed rule group. Learners will then enable AWS WAF Bot Control in COMMON mode, examine the labels and categories it emits, integrate the client-side SDK to unlock TARGETED mode, and interpret the Bot Control dashboards. The module culminates in building a Bot Identification Report using Athena and implementing a fully automated three-tier policy (allow, block, degrade) via Lambda@Edge and WAF enforcement rules.

What's included

15 videos1 reading1 assignment2 peer reviews1 discussion prompt

15 videosβ€’Total 79 minutes
  • What Is WAF and How It Works β€’4 minutes
  • WAF Black and White Lists in AI Bots Context β€’6 minutes
  • WAF GEO-Country Rule and Bot Traffic β€’6 minutes
  • Athena Quick Start: Extracting Real Bot Geo Data from WAF Logs β€’7 minutes
  • JA4-Based Rate Limiting: Statistical Baseline and First-Stage Filtering (Part 1) β€’4 minutes
  • JA4-Based Rate Limiting: Statistical Baseline and First-Stage Filtering (Part 2) β€’6 minutes
  • Granular Rate Rules: URL-Scoped Throttling in WAF β€’3 minutes
  • AWS Managed Rules: Reputation Signals as a Bot Filter Layer β€’5 minutes
  • AWS WAF Intelligent Bot Mitigation: Foundation and Theory β€’3 minutes
  • Turning Bot Control ON (COMMON) and What It Emits β€’4 minutes
  • Preparing the App Layer for Bot Control TARGETED β€’7 minutes
  • Bot Control Dashboards in Practice and the Power of Bot Traffic Labels β€’7 minutes
  • Bot Identification Report (Athena and Real Data) β€’9 minutes
  • Concrete Bot Strategy Implementation (Part 1) β€’5 minutes
  • Concrete Bot Strategy Implementation (Part 2) β€’4 minutes
1 readingβ€’Total 5 minutes
  • Managing AI Bots with AWS WAF and Enhancing Security β€’5 minutes
1 assignmentβ€’Total 20 minutes
  • Advanced WAF Defenses, Bot Control, and Strategic Policy Enforcementβ€’20 minutes
2 peer reviewsβ€’Total 70 minutes
  • Hands-On-Learning: Build a Bot Identification Report and Enforce a Policyβ€’10 minutes
  • Project: Architect a Complete Bot Defense Solution for a Growing E-Commerce Platform β€’60 minutes
1 discussion promptβ€’Total 10 minutes
  • How Would You Protect High-Value Pages on a Limited Budget?β€’10 minutes

Instructors

Starweaver
1 Courseβ€’81 learners

Explore more from Security

Why people choose Coursera for their career

πŸ‘ Image

Felipe M.

Learner since 2018
"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."
πŸ‘ Image

Jennifer J.

Learner since 2020
"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."
πŸ‘ Image

Larry W.

Learner since 2021
"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."
πŸ‘ Image

Chaitanya A.

"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Frequently asked questions

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

When you purchase a Certificate you get access to all course materials, including graded assignments. Upon completing the course, your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Financial aid available,