Problem Statement
As the project grows in complexity with multi-region and multi-cloud deployments, new contributors (and reviewers) lack a centralized reference document explaining how the system components interact. As noted by @aryan in the community Slack, the project currently lacks a documented philosophy and architecture.
Proposed Solution
I propose adding a comprehensive docs/architecture.md file. This will serve as the living blueprint for the honeynet, detailing the network interaction model, the logging pipeline, and the threat model.
Implementation Details
The document should cover:
- High-Level Topology: Visual diagrams (using Mermaid.js) showing the multi-cloud sensor nodes feeding into a centralized log aggregation layer.
- Network Interaction Model: Explicit documentation of the "contain, don't propagate" philosophy, detailing allowed bait ports and strict egress restrictions.
- Log Aggregation Pipeline: The flow of data from Cowrie/sensors -> Filebeat -> S3 Sink -> Enrichment -> Dashboard.
- Threat Model: Identifying critical assets (TF state, management plane), threat scenarios (compromised node pivoting), and mitigations (isolated VPCs, least-privilege IAM).
Task Checklist
Problem Statement
As the project grows in complexity with multi-region and multi-cloud deployments, new contributors (and reviewers) lack a centralized reference document explaining how the system components interact. As noted by @aryan in the community Slack, the project currently lacks a documented philosophy and architecture.
Proposed Solution
I propose adding a comprehensive
docs/architecture.mdfile. This will serve as the living blueprint for the honeynet, detailing the network interaction model, the logging pipeline, and the threat model.Implementation Details
The document should cover:
Task Checklist