feat(ssh-honeypot): implement multi-region honeypot deployment

[hariram4862]

Overview

This PR extends the existing honeynet deployment pipeline to support provisioning Cowrie SSH honeypot nodes across multiple AWS regions.

Previously (#5 ), the deployment pipeline created a single honeypot instance in one AWS region. This change enables the deployment of honeypots across multiple geographic regions, forming the foundation for a distributed honeynet architecture.

The implementation continues to use Terraform for infrastructure provisioning and Ansible for automated configuration.

Scope of This PR

This PR introduces multi-region deployment capabilities for the honeynet infrastructure.

The implementation includes:

• Terraform configuration updates to support multiple AWS regions
• Region-specific AWS provider aliases
• EC2 instance deployment per region
• Region-specific security groups and SSH key pairs
• Region-specific Ubuntu AMI selection
• Integration with the existing Ansible automation workflow

This enhancement enables the deployment of multiple honeypot nodes across geographic regions while maintaining the existing automated deployment pipeline.

Regions Supported

The deployment now provisions honeypot nodes in the following regions:

• us-east-1 (North America)
• eu-west-1 (Europe)
• ap-south-1 (Asia-Pacific)

Each region hosts a dedicated EC2 instance running the Cowrie SSH honeypot.

Infrastructure Changes

The Terraform configuration now includes:

• region-specific AWS provider aliases
• EC2 instances deployed per region
• region-specific security groups
• region-specific SSH key pairs
• region-specific Ubuntu AMI lookups

This ensures that infrastructure resources are correctly provisioned within their respective regions.

Deployment Workflow

The deployment pipeline remains unchanged and continues to be orchestrated through the existing script:

                                deploy_honeypots.sh
                                           |
                                           v
                         Terraform provisions infrastructure
                                           |
                                           v
                        EC2 instances created across regions
                                           |
                                           v
                                 Public IPs retrieved
                                           |
                                           v
               Ansible installs and configures Cowrie honeypots

For a more detailed explanation of the deployment pipeline and workflow, refer to PR #5.

Testing

The deployment pipeline was tested successfully across all regions.

Terraform successfully created the EC2 instances and associated infrastructure in each region, and the Ansible playbook configured Cowrie on all nodes.

The honeypots were verified by connecting via SSH:

ssh root@<instance-ip> -p 2222

Cowrie successfully emulated an SSH environment and captured session activity.

Example interactions tested:

• login attempts
• shell command execution
• session termination

These events were successfully recorded in the Cowrie logs on each instance.

Demo Video

A short demonstration of the multi-region honeynet deployment and verification.

The video shows:

• Terraform provisioning infrastructure across multiple AWS regions
• EC2 instances created in different regions
• Ansible configuring Cowrie honeypots
• SSH interaction with the deployed honeypots

▶️ Demo Video:
https://drive.google.com/file/d/1dIZQy64yaM4YLXqpdEHHwGvGF3Ut57do/view?usp=sharing

Result

This change enables the honeynet deployment framework to operate across multiple geographic regions, improving attacker interaction coverage and aligning with the distributed architecture described in the project objectives.

Future Work

Future enhancements may include:

• centralized log aggregation
• attack analytics pipelines
• automated scaling of honeypot nodes
• threat intelligence integration

These improvements will help evolve the system toward a fully distributed honeynet platform.

---

Closes #6