Cloud - Native Security: Securing Serverless Architectures

Ishva Jitendrakumar Kanani, Raghavendra Sridhar

Abstract: The adoption of serverless computing platforms such as AWS Lambda has introduced new efficiencies in cloud - native application development while simultaneously shifting the burden of security from infrastructure management to configuration management. This paper presents a case study on securing a production - grade serverless architecture using AWS services. It explores real - world misconfigurations across IAM roles, public APIs, dependency vulnerabilities, and observability blind spots, identifying how these security gaps emerge in fast - paced development workflows. The study then documents practical remediation steps, including minimizing IAM policies, securing API Gateway endpoints, scanning dependencies, managing secrets, and enhancing centralized logging. Unlike traditional approaches that rely on perimeter security or infrastructure controls, this work highlights how security must be embedded into the fabric of service permissions, event handling, and function orchestration in serverless systems. The case study provides actionable insights for cloud - native teams seeking to improve application resilience while preserving the agility of serverless development.

Keywords: Serverless Security, Cloud - Native Applications, AWS Lambda, IAM Hardening, Application Observability, API Authorization, Zero Trust Cloud, DevSecOps, Cloud Observability, CI/CD Security