--- /dev/null
+# DefensePoint Cloud Security Engineer - Technical Assessment
+
+## Wazuh Security Monitoring Deployment (AWS)
+
+## 1. Overview
+
+This project deploys a **single-node Wazuh security monitoring stack** on AWS using **Terraform** and **Docker Compose**.
+
+>> This assessment implements a single-node deployment. The architecture can be extended to multi-node if required.
+
+**Components:**
+
+* AWS VPC with public and private subnets
+* EC2 instance (private subnet)
+* Access via AWS Systems Manager (SSM)
+* Wazuh stack:
+
+ * Wazuh Manager
+ * Wazuh Indexer
+ * Wazuh Dashboard
+
+---
+
+## 2. Prerequisites
+
+* AWS CLI installed and configured
+* AWS Systems Manager enabled in the account and Session Manager plugin installed
+* Version of Terraform >= 1.14.0
+* AWS permissions for VPC, EC2, IAM, and S3
+
+---
+
+## 3. Infrastructure Deployment
+
+```bash
+$ cd assessment/terraform
+$ terraform init
+$ terraform apply
+```
+>Initial startup of the Wazuh environment may take ~1 minute or more due to indexer initialization
+---
+
+## 4. Accessing the EC2 Instance (SSM)
+
+After the instance is up, you can access it via SSM:
+
+```bash
+$ aws ssm start-session --target <INSTANCE_ID>
+```
+Access via AWS Systems Manager is used to avoid public SSH exposure and align with security best practices.
+
+---
+
+## 5. Accessing the Wazuh Dashboard
+
+Access is performed using **SSM port forwarding**:
+
+```bash
+aws ssm start-session \
+ --target <INSTANCE_ID> \
+ --document-name AWS-StartPortForwardingSession \
+ --parameters '{"portNumber":["443"],"localPortNumber":["8443"]}'
+```
+
+* URL: `https://localhost:8443`
+* Default credentials (example; secrets would be stored in AWS Secrets Manager in production):
+
+ * Username: `admin`
+ * Password: `admin`
+
+---
+
+## 6. Basic Testing
+
+* Verify Docker and Docker Compose installation:
+
+```bash
+docker --version
+docker compose version
+```
+
+* Verify all Wazuh containers are running:
+
+```bash
+docker ps
+```
+
+* Verify startup order and service state:
+
+```bash
+docker compose ps
+```
+
+* Check health status of containers:
+
+```bash
+docker inspect --format='{{.Name}}: {{.State.Health.Status}}' $(docker ps -q)
+```
+
+* Verify Wazuh Manager status:
+
+```bash
+docker exec -it wazuh-manager /var/ossec/bin/wazuh-control status
+```
+
+* Verify Indexer connectivity:
+
+```bash
+docker exec -it wazuh-manager curl -s http://wazuh.indexer:9200
+```
+
+* Verify Dashboard service:
+
+```bash
+docker exec -it wazuh-dashboard curl -k https://localhost:5601
+```
+
+* Verify dashboard access from local machine (after SSM port forwarding):
+
+```bash
+curl -k https://localhost:8443
+```
+
+* Check recent logs for errors:
+
+```bash
+docker logs wazuh-manager --tail 20
+docker logs wazuh-indexer --tail 20
+docker logs wazuh-dashboard --tail 20
+```
+
+Expected result:
+
+* All containers running and healthy
+* Dashboard accessible
+* No crash loops or critical errors in logs
+
+---
+
+### Assumptions
+
+* Single-node Wazuh deployment
+* Example credentials (not production-ready)
+* EC2 instance is deployed in a private subnet
+* Administrative access is restricted to SSM
+
+---
+
+### Security Notes
+- No public SSH access
+- Dashboard access via SSM port forwarding only
+- Credentials are for demonstration purposes only
+
+---
+
+## 7. Cleanup
+
+To remove all resources:
+
+```bash
+$ cd assessment/terraform
+$ terraform destroy
+```
+Note: The S3 bucket used for the Terraform backend may need to be removed manually if it was created outside Terraform.
+
+---# DefensePoint Cloud Security Engineer - Technical Assessment
+
+## Wazuh Security Monitoring Deployment (AWS)
+
+## 1. Overview
+
+This project deploys a **single-node Wazuh security monitoring stack** on AWS using **Terraform** and **Docker Compose**.
+
+>> This assessment implements a single-node deployment. The architecture can be extended to multi-node if required.
+
+**Components:**
+
+* AWS VPC with public and private subnets
+* EC2 instance (private subnet)
+* Access via AWS Systems Manager (SSM)
+* Wazuh stack:
+
+ * Wazuh Manager
+ * Wazuh Indexer
+ * Wazuh Dashboard
+
+---
+
+## 2. Prerequisites
+
+* AWS CLI installed and configured
+* AWS Systems Manager enabled in the account and Session Manager plugin installed
+* Version of Terraform >= 1.14.0
+* AWS permissions for VPC, EC2, IAM, and S3
+
+---
+
+## 3. Infrastructure Deployment
+
+```bash
+$ cd assessment/terraform
+$ terraform init
+$ terraform apply
+```
+>Initial startup of the Wazuh environment may take ~1 minute or more due to indexer initialization
+---
+
+## 4. Accessing the EC2 Instance (SSM)
+
+After the instance is up, you can access it via SSM:
+
+```bash
+$ aws ssm start-session --target <INSTANCE_ID>
+```
+Access via AWS Systems Manager is used to avoid public SSH exposure and align with security best practices.
+
+---
+
+## 5. Accessing the Wazuh Dashboard
+
+Access is performed using **SSM port forwarding**:
+
+```bash
+aws ssm start-session \
+ --target <INSTANCE_ID> \
+ --document-name AWS-StartPortForwardingSession \
+ --parameters '{"portNumber":["443"],"localPortNumber":["8443"]}'
+```
+
+* URL: `https://localhost:8443`
+* Default credentials (example; secrets would be stored in AWS Secrets Manager in production):
+
+ * Username: `admin`
+ * Password: `admin`
+
+---
+
+## 6. Basic Testing
+
+* Verify Docker and Docker Compose installation:
+
+```bash
+docker --version
+docker compose version
+```
+
+* Verify all Wazuh containers are running:
+
+```bash
+docker ps
+```
+
+* Verify startup order and service state:
+
+```bash
+docker compose ps
+```
+
+* Check health status of containers:
+
+```bash
+docker inspect --format='{{.Name}}: {{.State.Health.Status}}' $(docker ps -q)
+```
+
+* Verify Wazuh Manager status:
+
+```bash
+docker exec -it wazuh-manager /var/ossec/bin/wazuh-control status
+```
+
+* Verify Indexer connectivity:
+
+```bash
+docker exec -it wazuh-manager curl -s http://wazuh.indexer:9200
+```
+
+* Verify Dashboard service:
+
+```bash
+docker exec -it wazuh-dashboard curl -k https://localhost:5601
+```
+
+* Verify dashboard access from local machine (after SSM port forwarding):
+
+```bash
+curl -k https://localhost:8443
+```
+
+* Check recent logs for errors:
+
+```bash
+docker logs wazuh-manager --tail 20
+docker logs wazuh-indexer --tail 20
+docker logs wazuh-dashboard --tail 20
+```
+
+Expected result:
+
+* All containers running and healthy
+* Dashboard accessible
+* No crash loops or critical errors in logs
+
+---
+
+### Assumptions
+
+* Single-node Wazuh deployment
+* Example credentials (not production-ready)
+* EC2 instance is deployed in a private subnet
+* Administrative access is restricted to SSM
+
+---
+
+### Security Notes
+- No public SSH access
+- Dashboard access via SSM port forwarding only
+- Credentials are for demonstration purposes only
+
+---
+
+## 7. Cleanup
+
+To remove all resources:
+
+```bash
+$ cd assessment/terraform
+$ terraform destroy
+```
+Note: The S3 bucket used for the Terraform backend may need to be removed manually if it was created outside Terraform.
+
+---
projects / cloud-security-assessment.git / commitdiff