From: Cássio Gabriel Date: Sat, 24 Jan 2026 20:51:19 +0000 (-0300) Subject: Add README.md and outputs.tf X-Git-Tag: v1.0.0^0 X-Git-Url: http://ec2-54-166-230-229.compute-1.amazonaws.com/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a66501120549d4d526a76397f5485a14c6b61497;p=cloud-security-assessment.git Add README.md and outputs.tf --- diff --git a/assessment/README.md b/assessment/README.md new file mode 100644 index 0000000..af5dd6a --- /dev/null +++ b/assessment/README.md @@ -0,0 +1,331 @@ +# DefensePoint Cloud Security Engineer - Technical Assessment + +## Wazuh Security Monitoring Deployment (AWS) + +## 1. Overview + +This project deploys a **single-node Wazuh security monitoring stack** on AWS using **Terraform** and **Docker Compose**. + +>> This assessment implements a single-node deployment. The architecture can be extended to multi-node if required. + +**Components:** + +* AWS VPC with public and private subnets +* EC2 instance (private subnet) +* Access via AWS Systems Manager (SSM) +* Wazuh stack: + + * Wazuh Manager + * Wazuh Indexer + * Wazuh Dashboard + +--- + +## 2. Prerequisites + +* AWS CLI installed and configured +* AWS Systems Manager enabled in the account and Session Manager plugin installed +* Version of Terraform >= 1.14.0 +* AWS permissions for VPC, EC2, IAM, and S3 + +--- + +## 3. Infrastructure Deployment + +```bash +$ cd assessment/terraform +$ terraform init +$ terraform apply +``` +>Initial startup of the Wazuh environment may take ~1 minute or more due to indexer initialization +--- + +## 4. Accessing the EC2 Instance (SSM) + +After the instance is up, you can access it via SSM: + +```bash +$ aws ssm start-session --target +``` +Access via AWS Systems Manager is used to avoid public SSH exposure and align with security best practices. + +--- + +## 5. Accessing the Wazuh Dashboard + +Access is performed using **SSM port forwarding**: + +```bash +aws ssm start-session \ + --target \ + --document-name AWS-StartPortForwardingSession \ + --parameters '{"portNumber":["443"],"localPortNumber":["8443"]}' +``` + +* URL: `https://localhost:8443` +* Default credentials (example; secrets would be stored in AWS Secrets Manager in production): + + * Username: `admin` + * Password: `admin` + +--- + +## 6. Basic Testing + +* Verify Docker and Docker Compose installation: + +```bash +docker --version +docker compose version +``` + +* Verify all Wazuh containers are running: + +```bash +docker ps +``` + +* Verify startup order and service state: + +```bash +docker compose ps +``` + +* Check health status of containers: + +```bash +docker inspect --format='{{.Name}}: {{.State.Health.Status}}' $(docker ps -q) +``` + +* Verify Wazuh Manager status: + +```bash +docker exec -it wazuh-manager /var/ossec/bin/wazuh-control status +``` + +* Verify Indexer connectivity: + +```bash +docker exec -it wazuh-manager curl -s http://wazuh.indexer:9200 +``` + +* Verify Dashboard service: + +```bash +docker exec -it wazuh-dashboard curl -k https://localhost:5601 +``` + +* Verify dashboard access from local machine (after SSM port forwarding): + +```bash +curl -k https://localhost:8443 +``` + +* Check recent logs for errors: + +```bash +docker logs wazuh-manager --tail 20 +docker logs wazuh-indexer --tail 20 +docker logs wazuh-dashboard --tail 20 +``` + +Expected result: + +* All containers running and healthy +* Dashboard accessible +* No crash loops or critical errors in logs + +--- + +### Assumptions + +* Single-node Wazuh deployment +* Example credentials (not production-ready) +* EC2 instance is deployed in a private subnet +* Administrative access is restricted to SSM + +--- + +### Security Notes +- No public SSH access +- Dashboard access via SSM port forwarding only +- Credentials are for demonstration purposes only + +--- + +## 7. Cleanup + +To remove all resources: + +```bash +$ cd assessment/terraform +$ terraform destroy +``` +Note: The S3 bucket used for the Terraform backend may need to be removed manually if it was created outside Terraform. + +---# DefensePoint Cloud Security Engineer - Technical Assessment + +## Wazuh Security Monitoring Deployment (AWS) + +## 1. Overview + +This project deploys a **single-node Wazuh security monitoring stack** on AWS using **Terraform** and **Docker Compose**. + +>> This assessment implements a single-node deployment. The architecture can be extended to multi-node if required. + +**Components:** + +* AWS VPC with public and private subnets +* EC2 instance (private subnet) +* Access via AWS Systems Manager (SSM) +* Wazuh stack: + + * Wazuh Manager + * Wazuh Indexer + * Wazuh Dashboard + +--- + +## 2. Prerequisites + +* AWS CLI installed and configured +* AWS Systems Manager enabled in the account and Session Manager plugin installed +* Version of Terraform >= 1.14.0 +* AWS permissions for VPC, EC2, IAM, and S3 + +--- + +## 3. Infrastructure Deployment + +```bash +$ cd assessment/terraform +$ terraform init +$ terraform apply +``` +>Initial startup of the Wazuh environment may take ~1 minute or more due to indexer initialization +--- + +## 4. Accessing the EC2 Instance (SSM) + +After the instance is up, you can access it via SSM: + +```bash +$ aws ssm start-session --target +``` +Access via AWS Systems Manager is used to avoid public SSH exposure and align with security best practices. + +--- + +## 5. Accessing the Wazuh Dashboard + +Access is performed using **SSM port forwarding**: + +```bash +aws ssm start-session \ + --target \ + --document-name AWS-StartPortForwardingSession \ + --parameters '{"portNumber":["443"],"localPortNumber":["8443"]}' +``` + +* URL: `https://localhost:8443` +* Default credentials (example; secrets would be stored in AWS Secrets Manager in production): + + * Username: `admin` + * Password: `admin` + +--- + +## 6. Basic Testing + +* Verify Docker and Docker Compose installation: + +```bash +docker --version +docker compose version +``` + +* Verify all Wazuh containers are running: + +```bash +docker ps +``` + +* Verify startup order and service state: + +```bash +docker compose ps +``` + +* Check health status of containers: + +```bash +docker inspect --format='{{.Name}}: {{.State.Health.Status}}' $(docker ps -q) +``` + +* Verify Wazuh Manager status: + +```bash +docker exec -it wazuh-manager /var/ossec/bin/wazuh-control status +``` + +* Verify Indexer connectivity: + +```bash +docker exec -it wazuh-manager curl -s http://wazuh.indexer:9200 +``` + +* Verify Dashboard service: + +```bash +docker exec -it wazuh-dashboard curl -k https://localhost:5601 +``` + +* Verify dashboard access from local machine (after SSM port forwarding): + +```bash +curl -k https://localhost:8443 +``` + +* Check recent logs for errors: + +```bash +docker logs wazuh-manager --tail 20 +docker logs wazuh-indexer --tail 20 +docker logs wazuh-dashboard --tail 20 +``` + +Expected result: + +* All containers running and healthy +* Dashboard accessible +* No crash loops or critical errors in logs + +--- + +### Assumptions + +* Single-node Wazuh deployment +* Example credentials (not production-ready) +* EC2 instance is deployed in a private subnet +* Administrative access is restricted to SSM + +--- + +### Security Notes +- No public SSH access +- Dashboard access via SSM port forwarding only +- Credentials are for demonstration purposes only + +--- + +## 7. Cleanup + +To remove all resources: + +```bash +$ cd assessment/terraform +$ terraform destroy +``` +Note: The S3 bucket used for the Terraform backend may need to be removed manually if it was created outside Terraform. + +--- diff --git a/assessment/terraform/outputs.tf b/assessment/terraform/outputs.tf index e69de29..3155806 100644 --- a/assessment/terraform/outputs.tf +++ b/assessment/terraform/outputs.tf @@ -0,0 +1,29 @@ +output "vpc_id" { + description = "ID of the VPC" + value = aws_vpc.this.id +} + +output "ec2_instance_id" { + description = "ID of the Wazuh EC2 instance" + value = aws_instance.wazuh.id +} + +output "ec2_private_ip" { + description = "Private IP address of the Wazuh EC2 instance" + value = aws_instance.wazuh.private_ip +} + +output "ec2_instance_profile" { + description = "IAM Instance Profile attached to the EC2 instance" + value = aws_iam_instance_profile.ec2_ssm_profile.name +} + +output "security_group_id" { + description = "Security Group ID associated with the Wazuh EC2 instance" + value = aws_security_group.wazuh_ec2.id +} + +output "ssm_access_command" { + description = "AWS CLI command to start an SSM session with the EC2 instance" + value = "aws ssm start-session --target ${aws_instance.wazuh.id}" +}