```
Note: The S3 bucket used for the Terraform backend may need to be removed manually if it was created outside Terraform.
----# DefensePoint Cloud Security Engineer - Technical Assessment
-
-## Wazuh Security Monitoring Deployment (AWS)
-
-## 1. Overview
-
-This project deploys a **single-node Wazuh security monitoring stack** on AWS using **Terraform** and **Docker Compose**.
-
->> This assessment implements a single-node deployment. The architecture can be extended to multi-node if required.
-
-**Components:**
-
-* AWS VPC with public and private subnets
-* EC2 instance (private subnet)
-* Access via AWS Systems Manager (SSM)
-* Wazuh stack:
-
- * Wazuh Manager
- * Wazuh Indexer
- * Wazuh Dashboard
-
----
-
-## 2. Prerequisites
-
-* AWS CLI installed and configured
-* AWS Systems Manager enabled in the account and Session Manager plugin installed
-* Version of Terraform >= 1.14.0
-* AWS permissions for VPC, EC2, IAM, and S3
-
----
-
-## 3. Infrastructure Deployment
-
-```bash
-$ cd assessment/terraform
-$ terraform init
-$ terraform apply
-```
->Initial startup of the Wazuh environment may take ~1 minute or more due to indexer initialization
----
-
-## 4. Accessing the EC2 Instance (SSM)
-
-After the instance is up, you can access it via SSM:
-
-```bash
-$ aws ssm start-session --target <INSTANCE_ID>
-```
-Access via AWS Systems Manager is used to avoid public SSH exposure and align with security best practices.
-
----
-
-## 5. Accessing the Wazuh Dashboard
-
-Access is performed using **SSM port forwarding**:
-
-```bash
-aws ssm start-session \
- --target <INSTANCE_ID> \
- --document-name AWS-StartPortForwardingSession \
- --parameters '{"portNumber":["443"],"localPortNumber":["8443"]}'
-```
-
-* URL: `https://localhost:8443`
-* Default credentials (example; secrets would be stored in AWS Secrets Manager in production):
-
- * Username: `admin`
- * Password: `admin`
-
----
-
-## 6. Basic Testing
-
-* Verify Docker and Docker Compose installation:
-
-```bash
-docker --version
-docker compose version
-```
-
-* Verify all Wazuh containers are running:
-
-```bash
-docker ps
-```
-
-* Verify startup order and service state:
-
-```bash
-docker compose ps
-```
-
-* Check health status of containers:
-
-```bash
-docker inspect --format='{{.Name}}: {{.State.Health.Status}}' $(docker ps -q)
-```
-
-* Verify Wazuh Manager status:
-
-```bash
-docker exec -it wazuh-manager /var/ossec/bin/wazuh-control status
-```
-
-* Verify Indexer connectivity:
-
-```bash
-docker exec -it wazuh-manager curl -s http://wazuh.indexer:9200
-```
-
-* Verify Dashboard service:
-
-```bash
-docker exec -it wazuh-dashboard curl -k https://localhost:5601
-```
-
-* Verify dashboard access from local machine (after SSM port forwarding):
-
-```bash
-curl -k https://localhost:8443
-```
-
-* Check recent logs for errors:
-
-```bash
-docker logs wazuh-manager --tail 20
-docker logs wazuh-indexer --tail 20
-docker logs wazuh-dashboard --tail 20
-```
-
-Expected result:
-
-* All containers running and healthy
-* Dashboard accessible
-* No crash loops or critical errors in logs
-
----
-
-### Assumptions
-
-* Single-node Wazuh deployment
-* Example credentials (not production-ready)
-* EC2 instance is deployed in a private subnet
-* Administrative access is restricted to SSM
-
----
-
-### Security Notes
-- No public SSH access
-- Dashboard access via SSM port forwarding only
-- Credentials are for demonstration purposes only
-
----
-
-## 7. Cleanup
-
-To remove all resources:
-
-```bash
-$ cd assessment/terraform
-$ terraform destroy
-```
-Note: The S3 bucket used for the Terraform backend may need to be removed manually if it was created outside Terraform.
-
---
projects / cloud-security-assessment.git / commitdiff