From 63c982287fbed2aa9b0a8d95bc0de2a9fbe870fb Mon Sep 17 00:00:00 2001
From: vcerenu <victor.erenu@wazuh.com>
Date: Wed, 24 Jan 2024 12:33:03 -0300
Subject: [PATCH 1/6] add new NLB to EKS deploy

---
 wazuh/certs/indexer_cluster/generate_certs.sh |  6 ++--
 .../wazuh-dashboard/dashboard-deploy.yaml     |  8 +++--
 .../wazuh-dashboard/dashboard-svc.yaml        | 30 -----------------
 .../dashboard_conf/opensearch_dashboards.yml  |  2 +-
 .../wazuh-dashboard/lb-external.yaml          | 30 +++++++++++++++++
 .../wazuh-dashboard/lb-internal.yaml          | 22 +++++++++++++
 .../cluster/indexer-api-svc.yaml              | 24 --------------
 .../wazuh-indexer/cluster/indexer-sts.yaml    |  4 ++-
 .../wazuh-indexer/indexer_conf/opensearch.yml |  2 +-
 wazuh/kustomization.yml                       |  9 ++----
 wazuh/wazuh_managers/wazuh-cluster-svc.yaml   | 24 --------------
 wazuh/wazuh_managers/wazuh-master-sts.yaml    |  8 +++--
 wazuh/wazuh_managers/wazuh-master-svc.yaml    | 32 -------------------
 wazuh/wazuh_managers/wazuh-worker-sts.yaml    |  6 ++--
 wazuh/wazuh_managers/wazuh-workers-svc.yaml   | 29 -----------------
 15 files changed, 77 insertions(+), 159 deletions(-)
 delete mode 100644 wazuh/indexer_stack/wazuh-dashboard/dashboard-svc.yaml
 create mode 100644 wazuh/indexer_stack/wazuh-dashboard/lb-external.yaml
 create mode 100644 wazuh/indexer_stack/wazuh-dashboard/lb-internal.yaml
 delete mode 100644 wazuh/indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml
 delete mode 100644 wazuh/wazuh_managers/wazuh-cluster-svc.yaml
 delete mode 100644 wazuh/wazuh_managers/wazuh-master-svc.yaml
 delete mode 100644 wazuh/wazuh_managers/wazuh-workers-svc.yaml

diff --git a/wazuh/certs/indexer_cluster/generate_certs.sh b/wazuh/certs/indexer_cluster/generate_certs.sh
index 84175ce5..cef0e2c4 100755
--- a/wazuh/certs/indexer_cluster/generate_certs.sh
+++ b/wazuh/certs/indexer_cluster/generate_certs.sh
@@ -40,7 +40,7 @@ openssl pkcs8 -inform PEM -outform PEM -in node-key-temp.pem -topk8 -nocrypt -v1
 
 echo "create: node.csr"
 
-openssl req -days 3650 -new -key node-key.pem -out node.csr -subj "/C=US/L=California/O=Company/CN=*.wazuh-indexer"
+openssl req -days 3650 -new -key node-key.pem -out node.csr -subj "/C=US/L=California/O=Company/CN=wazuh-internal-lb"
 
 echo "create: node.pem"
 
@@ -58,7 +58,7 @@ openssl pkcs8 -inform PEM -outform PEM -in dashboard-key-temp.pem -topk8 -nocryp
 
 echo "create: dashboard.csr"
 
-openssl req -days 3650 -new -key dashboard-key.pem -out dashboard.csr -subj "/C=US/L=California/O=Company/CN=dashboard"
+openssl req -days 3650 -new -key dashboard-key.pem -out dashboard.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"
 
 echo "create: dashboard.pem"
 
@@ -78,7 +78,7 @@ openssl pkcs8 -inform PEM -outform PEM -in filebeat-key-temp.pem -topk8 -nocrypt
 
 echo "create: filebeat.csr"
 
-openssl req -days 3650 -new -key filebeat-key.pem -out filebeat.csr -subj "/C=US/L=California/O=Company/CN=filebeat"
+openssl req -days 3650 -new -key filebeat-key.pem -out filebeat.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"
 
 echo "create: filebeat.pem"
 
diff --git a/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml b/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
index bf0bfd1e..d6c5bcb2 100644
--- a/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
+++ b/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
@@ -17,10 +17,12 @@ spec:
   selector:
     matchLabels:
       app: wazuh-dashboard
+      lbtype: external
   template:
     metadata:
       labels:
         app: wazuh-dashboard
+        lbtype: external
       name: wazuh-dashboard
     spec:
       volumes:
@@ -56,10 +58,10 @@ spec:
               readOnly: true
           ports:
             - containerPort: 5601
-              name: dashboard
+              name: dashboard-port
           env:
             - name: INDEXER_URL
-              value: 'https://wazuh-indexer-0.wazuh-indexer:9200'
+              value: 'https://wazuh-internal-lb:9200'
             - name: INDEXER_USERNAME
               valueFrom:
                 secretKeyRef:
@@ -87,7 +89,7 @@ spec:
             - name: SERVER_SSL_KEY
               value: /usr/share/wazuh-dashboard/certs/key.pem
             - name: WAZUH_API_URL
-              value: https://wazuh-manager-master-0.wazuh-cluster
+              value: https://wazuh-external-lb
             - name: API_USERNAME
               valueFrom:
                 secretKeyRef:
diff --git a/wazuh/indexer_stack/wazuh-dashboard/dashboard-svc.yaml b/wazuh/indexer_stack/wazuh-dashboard/dashboard-svc.yaml
deleted file mode 100644
index ee599990..00000000
--- a/wazuh/indexer_stack/wazuh-dashboard/dashboard-svc.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-# Copyright (C) 2019, Wazuh Inc.
-#
-# This program is a free software; you can redistribute it
-# and/or modify it under the terms of the GNU General Public
-# License (version 2) as published by the FSF - Free Software
-# Foundation.
-
-# Dashboard service
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: dashboard
-  namespace: wazuh
-  labels:
-    app: wazuh-dashboard
-    # dns: route53
-  annotations:
-    # domainName: 'changeme'
-    # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: 'changeme'
-    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: '443'
-    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
-spec:
-  type: LoadBalancer
-  selector:
-    app: wazuh-dashboard
-  ports:
-    - name: dashboard
-      port: 443
-      targetPort: 5601
diff --git a/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml b/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
index 30a5d133..7e68266b 100644
--- a/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
+++ b/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
@@ -1,7 +1,7 @@
 
 server.host: 0.0.0.0
 server.port: 5601
-opensearch.hosts: https://indexer:9200
+opensearch.hosts: https://wazuh-internal-lb:9200
 opensearch.ssl.verificationMode: none
 opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
 opensearch_security.multitenancy.enabled: false
diff --git a/wazuh/indexer_stack/wazuh-dashboard/lb-external.yaml b/wazuh/indexer_stack/wazuh-dashboard/lb-external.yaml
new file mode 100644
index 00000000..8d6faf35
--- /dev/null
+++ b/wazuh/indexer_stack/wazuh-dashboard/lb-external.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh-external-lb
+  namespace: wazuh
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: external
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+    service.beta.kubernetes.io/aws-load-balancer-name: wazuh-external-lb
+spec:
+  type: LoadBalancer
+  ports:
+  - name: manager-worker-agents-events
+    port: 1514
+    targetPort: agents-events
+  - name: manager-cluster
+    port: 1516
+    targetPort: cluster-port
+  - name: manager-master-registration
+    port: 1515
+    targetPort: registration
+  - name: manager-master-api
+    port: 55000
+    targetPort: api-port
+  - name: dashboard
+    port: 443
+    targetPort: dashboard-port
+  selector:
+    lbtype: external
\ No newline at end of file
diff --git a/wazuh/indexer_stack/wazuh-dashboard/lb-internal.yaml b/wazuh/indexer_stack/wazuh-dashboard/lb-internal.yaml
new file mode 100644
index 00000000..e357ced0
--- /dev/null
+++ b/wazuh/indexer_stack/wazuh-dashboard/lb-internal.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh-internal-lb
+  namespace: wazuh
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: internal
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internal
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+    service.beta.kubernetes.io/aws-load-balancer-name: wazuh-internal-lb
+spec:
+  type: LoadBalancer
+  ports:
+  - name: indexer-rest
+    port: 9200
+    targetPort: indexer-rest
+  - name: indexer-nodes
+    port: 9300
+    targetPort: indexer-nodes
+  selector:
+    lbtype: internal
+    app: wazuh-indexer
\ No newline at end of file
diff --git a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml
deleted file mode 100644
index 7f25f61c..00000000
--- a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-# Copyright (C) 2019, Wazuh Inc.
-#
-# This program is a free software; you can redistribute it
-# and/or modify it under the terms of the GNU General Public
-# License (version 2) as published by the FSF - Free Software
-# Foundation.
-
-# Indexer service: API
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: indexer
-  namespace: wazuh
-  labels:
-    app: wazuh-indexer
-spec:
-  type: LoadBalancer
-  selector:
-    app: wazuh-indexer
-  ports:
-    - name: indexer-rest
-      port: 9200
-      targetPort: 9200
diff --git a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
index 82a5e922..9303a665 100644
--- a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
+++ b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
@@ -17,11 +17,13 @@ spec:
   selector:
     matchLabels:
       app: wazuh-indexer
+      lbtype: internal
   serviceName: wazuh-indexer
   template:
     metadata:
       labels:
         app: wazuh-indexer
+        lbtype: internal
       name: wazuh-indexer
     spec:
       # Set the wazuh-indexer volume permissions so the wazuh-indexer user can use it
@@ -76,7 +78,7 @@ spec:
                 fieldRef:
                   fieldPath: metadata.name
             - name: DISCOVERY_SERVICE
-              value: wazuh-indexer
+              value: wazuh-internal-lb
             - name: KUBERNETES_NAMESPACE
               valueFrom:
                 fieldRef:
diff --git a/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml b/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
index 2685be22..c3027854 100644
--- a/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
+++ b/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
@@ -22,7 +22,7 @@ plugins.security.authcz.admin_dn:
 plugins.security.check_snapshot_restore_write_privileges: true
 plugins.security.enable_snapshot_restore_privilege: true
 plugins.security.nodes_dn:
-  - CN=*.wazuh-indexer,O=Company,L=California,C=US
+  - CN=wazuh-internal-lb,O=Company,L=California,C=US
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
diff --git a/wazuh/kustomization.yml b/wazuh/kustomization.yml
index 27347c39..6e5b1406 100644
--- a/wazuh/kustomization.yml
+++ b/wazuh/kustomization.yml
@@ -52,15 +52,12 @@ resources:
   - secrets/dashboard-cred-secret.yaml
   - secrets/indexer-cred-secret.yaml
 
-  - wazuh_managers/wazuh-cluster-svc.yaml
-  - wazuh_managers/wazuh-master-svc.yaml
-  - wazuh_managers/wazuh-workers-svc.yaml
   - wazuh_managers/wazuh-master-sts.yaml
   - wazuh_managers/wazuh-worker-sts.yaml
 
-  - indexer_stack/wazuh-indexer/indexer-svc.yaml
-  - indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml
   - indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
+  - indexer_stack/wazuh-indexer/indexer-svc.yaml
 
-  - indexer_stack/wazuh-dashboard/dashboard-svc.yaml
+  - indexer_stack/wazuh-dashboard/lb-external.yaml
+  - indexer_stack/wazuh-dashboard/lb-internal.yaml
   - indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
diff --git a/wazuh/wazuh_managers/wazuh-cluster-svc.yaml b/wazuh/wazuh_managers/wazuh-cluster-svc.yaml
deleted file mode 100644
index ce3c7c8e..00000000
--- a/wazuh/wazuh_managers/wazuh-cluster-svc.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-# Copyright (C) 2019, Wazuh Inc.
-#
-# This program is a free software; you can redistribute it
-# and/or modify it under the terms of the GNU General Public
-# License (version 2) as published by the FSF - Free Software
-# Foundation.
-
-# Wazuh cluster Service: Manager nodes communication
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: wazuh-cluster
-  namespace: wazuh
-  labels:
-    app: wazuh-manager
-spec:
-  selector:
-    app: wazuh-manager
-  ports:
-    - name: cluster
-      port: 1516
-      targetPort: 1516
-  clusterIP: None
diff --git a/wazuh/wazuh_managers/wazuh-master-sts.yaml b/wazuh/wazuh_managers/wazuh-master-sts.yaml
index 7e4732f3..5938b7d1 100644
--- a/wazuh/wazuh_managers/wazuh-master-sts.yaml
+++ b/wazuh/wazuh_managers/wazuh-master-sts.yaml
@@ -18,6 +18,7 @@ spec:
     matchLabels:
       app: wazuh-manager
       node-type: master
+      lbtype: external
   serviceName: wazuh-cluster
   podManagementPolicy: Parallel
   template:
@@ -25,6 +26,7 @@ spec:
       labels:
         app: wazuh-manager
         node-type: master
+        lbtype: external
       name: wazuh-manager-master
     spec:
       volumes:
@@ -107,12 +109,12 @@ spec:
             - containerPort: 1515
               name: registration
             - containerPort: 1516
-              name: cluster
+              name: cluster-port
             - containerPort: 55000
-              name: api
+              name: api-port
           env:
             - name: INDEXER_URL
-              value: 'https://wazuh-indexer-0.wazuh-indexer:9200'
+              value: 'https://wazuh-internal-lb:9200'
             - name: INDEXER_USERNAME
               valueFrom:
                 secretKeyRef:
diff --git a/wazuh/wazuh_managers/wazuh-master-svc.yaml b/wazuh/wazuh_managers/wazuh-master-svc.yaml
deleted file mode 100644
index 50f19767..00000000
--- a/wazuh/wazuh_managers/wazuh-master-svc.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright (C) 2019, Wazuh Inc.
-#
-# This program is a free software; you can redistribute it
-# and/or modify it under the terms of the GNU General Public
-# License (version 2) as published by the FSF - Free Software
-# Foundation.
-
-# Wazuh master Service: API and registration (authd)
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: wazuh  # Don't change, unless you update the Wazuh dashboard app config
-  namespace: wazuh
-  labels:
-    app: wazuh-manager
-    # dns: route53
-  annotations:
-    # domainName: 'changeme'
-    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
-spec:
-  type: LoadBalancer
-  selector:
-    app: wazuh-manager
-    node-type: master
-  ports:
-    - name: registration
-      port: 1515
-      targetPort: 1515
-    - name: api
-      port: 55000
-      targetPort: 55000
diff --git a/wazuh/wazuh_managers/wazuh-worker-sts.yaml b/wazuh/wazuh_managers/wazuh-worker-sts.yaml
index dcd7680c..012596b2 100644
--- a/wazuh/wazuh_managers/wazuh-worker-sts.yaml
+++ b/wazuh/wazuh_managers/wazuh-worker-sts.yaml
@@ -18,6 +18,7 @@ spec:
     matchLabels:
       app: wazuh-manager
       node-type: worker
+      lbtype: external
   serviceName: wazuh-cluster
   podManagementPolicy: Parallel
   template:
@@ -25,6 +26,7 @@ spec:
       labels:
         app: wazuh-manager
         node-type: worker
+        lbtype: external
       name: wazuh-manager-worker
     spec:
       affinity:
@@ -106,10 +108,10 @@ spec:
             - containerPort: 1514
               name: agents-events
             - containerPort: 1516
-              name: cluster
+              name: cluster-port
           env:
             - name: INDEXER_URL
-              value: 'https://wazuh-indexer-0.wazuh-indexer:9200'
+              value: 'https://wazuh-internal-lb:9200'
             - name: INDEXER_USERNAME
               valueFrom:
                 secretKeyRef:
diff --git a/wazuh/wazuh_managers/wazuh-workers-svc.yaml b/wazuh/wazuh_managers/wazuh-workers-svc.yaml
deleted file mode 100644
index 5d2dae69..00000000
--- a/wazuh/wazuh_managers/wazuh-workers-svc.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-# Copyright (C) 2019, Wazuh Inc.
-#
-# This program is a free software; you can redistribute it
-# and/or modify it under the terms of the GNU General Public
-# License (version 2) as published by the FSF - Free Software
-# Foundation.
-
-# Wazuh workers service: Agent reporting
-
-apiVersion: v1
-kind: Service
-metadata:
-  name: wazuh-workers
-  namespace: wazuh
-  labels:
-    app: wazuh-manager
-    # dns: route53
-  annotations:
-    # domainName: 'wazuh-manager.some-domain.com'  # TODO: Change this for a Hosted Zone you configured in AWS Route 53
-    service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
-spec:
-  type: LoadBalancer
-  selector:
-    app: wazuh-manager
-    node-type: worker
-  ports:
-    - name: agents-events
-      port: 1514
-      targetPort: 1514

From d3fb688770fd6a0fb2b32c3f53cb1623516dbcb1 Mon Sep 17 00:00:00 2001
From: vcerenu <victor.erenu@wazuh.com>
Date: Thu, 25 Jan 2024 07:41:22 -0300
Subject: [PATCH 2/6] ignore certs directories

---
 .gitignore | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..99b4681a
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+wazuh/certs/dashboard_http/*.pem
+wazuh/certs/dashboard_http/*.key
+wazuh/certs/indexer_cluster/*.pem
+wazuh/certs/indexer_cluster/*.key
+wazuh/certs/indexer_cluster/*.csr
\ No newline at end of file

From 42b3705ea51c97c224a3054b189af6547a42145e Mon Sep 17 00:00:00 2001
From: vcerenu <victor.erenu@wazuh.com>
Date: Thu, 25 Jan 2024 12:13:00 -0300
Subject: [PATCH 3/6] modify name of new changes and create nuevo
 kustomization.yml for a eks deploy with NLB

---
 .gitignore                                    |   7 +-
 envs/eks-nlb/dashboard-resources.yaml         |  24 ++
 envs/eks-nlb/indexer-resources.yaml           |  35 ++
 envs/eks-nlb/kustomization.yml                |  17 +
 envs/eks-nlb/storage-class.yaml               |  19 +
 envs/eks-nlb/wazuh-master-resources.yaml      |  35 ++
 envs/eks-nlb/wazuh-worker-resources.yaml      |  35 ++
 wazuh-eks/base/storage-class.yaml             |  14 +
 wazuh-eks/base/wazuh-ns.yaml                  |  13 +
 .../certs/dashboard_http/generate_certs.sh    |   6 +
 .../certs/indexer_cluster/generate_certs.sh   |  85 ++++
 wazuh-eks/certs/indexer_cluster/root-ca.srl   |   1 +
 .../wazuh-dashboard/dashboard-deploy.yaml     | 102 +++++
 .../dashboard_conf/opensearch_dashboards.yml  |  13 +
 .../wazuh-dashboard/lb-external.yaml          |   0
 .../wazuh-dashboard/lb-internal.yaml          |   0
 .../wazuh-indexer/cluster/indexer-sts.yaml    | 137 ++++++
 .../wazuh-indexer/indexer-svc.yaml            |  24 ++
 .../indexer_conf/internal_users.yml           |  56 +++
 .../wazuh-indexer/indexer_conf/opensearch.yml |  31 ++
 wazuh-eks/kustomization.yml                   |  64 +++
 wazuh-eks/secrets/dashboard-cred-secret.yaml  |  16 +
 wazuh-eks/secrets/indexer-cred-secret.yaml    |  16 +
 wazuh-eks/secrets/wazuh-api-cred-secret.yaml  |  17 +
 .../secrets/wazuh-authd-pass-secret.yaml      |  16 +
 .../secrets/wazuh-cluster-key-secret.yaml     |  16 +
 .../wazuh_managers/wazuh-cluster-svc.yaml     |  24 ++
 .../wazuh_managers/wazuh-master-sts.yaml      | 161 +++++++
 .../wazuh_managers/wazuh-worker-sts.yaml      | 148 +++++++
 .../wazuh_managers/wazuh_conf/master.conf     | 401 ++++++++++++++++++
 .../wazuh_managers/wazuh_conf/worker.conf     | 401 ++++++++++++++++++
 wazuh/certs/indexer_cluster/generate_certs.sh |   6 +-
 wazuh/certs/indexer_cluster/root-ca.srl       |   1 +
 .../wazuh-dashboard/dashboard-deploy.yaml     |   8 +-
 .../wazuh-dashboard/dashboard-svc.yaml        |  30 ++
 .../dashboard_conf/opensearch_dashboards.yml  |   2 +-
 .../cluster/indexer-api-svc.yaml              |  24 ++
 .../wazuh-indexer/cluster/indexer-sts.yaml    |   4 +-
 .../wazuh-indexer/indexer_conf/opensearch.yml |   2 +-
 wazuh/kustomization.yml                       |   9 +-
 wazuh/wazuh_managers/wazuh-cluster-svc.yaml   |  24 ++
 wazuh/wazuh_managers/wazuh-master-sts.yaml    |   8 +-
 wazuh/wazuh_managers/wazuh-master-svc.yaml    |  32 ++
 wazuh/wazuh_managers/wazuh-worker-sts.yaml    |   6 +-
 wazuh/wazuh_managers/wazuh-workers-svc.yaml   |  29 ++
 45 files changed, 2093 insertions(+), 26 deletions(-)
 create mode 100644 envs/eks-nlb/dashboard-resources.yaml
 create mode 100644 envs/eks-nlb/indexer-resources.yaml
 create mode 100644 envs/eks-nlb/kustomization.yml
 create mode 100644 envs/eks-nlb/storage-class.yaml
 create mode 100644 envs/eks-nlb/wazuh-master-resources.yaml
 create mode 100644 envs/eks-nlb/wazuh-worker-resources.yaml
 create mode 100644 wazuh-eks/base/storage-class.yaml
 create mode 100644 wazuh-eks/base/wazuh-ns.yaml
 create mode 100755 wazuh-eks/certs/dashboard_http/generate_certs.sh
 create mode 100755 wazuh-eks/certs/indexer_cluster/generate_certs.sh
 create mode 100644 wazuh-eks/certs/indexer_cluster/root-ca.srl
 create mode 100644 wazuh-eks/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
 create mode 100644 wazuh-eks/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
 rename {wazuh => wazuh-eks}/indexer_stack/wazuh-dashboard/lb-external.yaml (100%)
 rename {wazuh => wazuh-eks}/indexer_stack/wazuh-dashboard/lb-internal.yaml (100%)
 create mode 100644 wazuh-eks/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
 create mode 100644 wazuh-eks/indexer_stack/wazuh-indexer/indexer-svc.yaml
 create mode 100644 wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml
 create mode 100644 wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
 create mode 100644 wazuh-eks/kustomization.yml
 create mode 100644 wazuh-eks/secrets/dashboard-cred-secret.yaml
 create mode 100644 wazuh-eks/secrets/indexer-cred-secret.yaml
 create mode 100644 wazuh-eks/secrets/wazuh-api-cred-secret.yaml
 create mode 100644 wazuh-eks/secrets/wazuh-authd-pass-secret.yaml
 create mode 100644 wazuh-eks/secrets/wazuh-cluster-key-secret.yaml
 create mode 100644 wazuh-eks/wazuh_managers/wazuh-cluster-svc.yaml
 create mode 100644 wazuh-eks/wazuh_managers/wazuh-master-sts.yaml
 create mode 100644 wazuh-eks/wazuh_managers/wazuh-worker-sts.yaml
 create mode 100644 wazuh-eks/wazuh_managers/wazuh_conf/master.conf
 create mode 100644 wazuh-eks/wazuh_managers/wazuh_conf/worker.conf
 create mode 100644 wazuh/certs/indexer_cluster/root-ca.srl
 create mode 100644 wazuh/indexer_stack/wazuh-dashboard/dashboard-svc.yaml
 create mode 100644 wazuh/indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml
 create mode 100644 wazuh/wazuh_managers/wazuh-cluster-svc.yaml
 create mode 100644 wazuh/wazuh_managers/wazuh-master-svc.yaml
 create mode 100644 wazuh/wazuh_managers/wazuh-workers-svc.yaml

diff --git a/.gitignore b/.gitignore
index 99b4681a..9e2c0434 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,9 @@ wazuh/certs/dashboard_http/*.pem
 wazuh/certs/dashboard_http/*.key
 wazuh/certs/indexer_cluster/*.pem
 wazuh/certs/indexer_cluster/*.key
-wazuh/certs/indexer_cluster/*.csr
\ No newline at end of file
+wazuh/certs/indexer_cluster/*.csr
+wazuh-eks/certs/dashboard_http/*.pem
+wazuh-eks/certs/dashboard_http/*.key
+wazuh-eks/certs/indexer_cluster/*.pem
+wazuh-eks/certs/indexer_cluster/*.key
+wazuh-eks/certs/indexer_cluster/*.csr
\ No newline at end of file
diff --git a/envs/eks-nlb/dashboard-resources.yaml b/envs/eks-nlb/dashboard-resources.yaml
new file mode 100644
index 00000000..afff95ae
--- /dev/null
+++ b/envs/eks-nlb/dashboard-resources.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wazuh-dashboard
+  namespace: wazuh
+spec:
+  template:
+    spec:
+      containers:
+        - name: wazuh-dashboard
+          resources:
+            requests:
+              cpu: 200m
+              memory: 512Mi
+            limits:
+              cpu: 400m
+              memory: 2Gi
diff --git a/envs/eks-nlb/indexer-resources.yaml b/envs/eks-nlb/indexer-resources.yaml
new file mode 100644
index 00000000..85ee2fde
--- /dev/null
+++ b/envs/eks-nlb/indexer-resources.yaml
@@ -0,0 +1,35 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-indexer
+  namespace: wazuh
+spec:
+  template:
+    spec:
+      containers:
+        - name: wazuh-indexer
+          resources:
+            requests:
+              cpu: 500m
+              memory: 1Gi
+            limits:
+              cpu: 1
+              memory: 2Gi
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-indexer
+        namespace: indexer-cluster
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 10Gi
diff --git a/envs/eks-nlb/kustomization.yml b/envs/eks-nlb/kustomization.yml
new file mode 100644
index 00000000..552338cd
--- /dev/null
+++ b/envs/eks-nlb/kustomization.yml
@@ -0,0 +1,17 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../wazuh-eks
+patches:
+- path: storage-class.yaml
+- path: indexer-resources.yaml
+- path: dashboard-resources.yaml
+- path: wazuh-master-resources.yaml
+- path: wazuh-worker-resources.yaml
diff --git a/envs/eks-nlb/storage-class.yaml b/envs/eks-nlb/storage-class.yaml
new file mode 100644
index 00000000..48422819
--- /dev/null
+++ b/envs/eks-nlb/storage-class.yaml
@@ -0,0 +1,19 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh StorageClass
+
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: wazuh-storage
+provisioner: kubernetes.io/aws-ebs
+parameters:
+  encrypted: 'true'
+  type: gp2
+volumeBindingMode: WaitForFirstConsumer
+reclaimPolicy: Retain  # Useful in case you delete the PersistentVolumeClaim
diff --git a/envs/eks-nlb/wazuh-master-resources.yaml b/envs/eks-nlb/wazuh-master-resources.yaml
new file mode 100644
index 00000000..54ac774f
--- /dev/null
+++ b/envs/eks-nlb/wazuh-master-resources.yaml
@@ -0,0 +1,35 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-manager-master
+  namespace: wazuh
+spec:
+  template:
+    spec:
+      containers:
+        - name: wazuh-manager
+          resources:
+            requests:
+              cpu: 1
+              memory: 1Gi
+            limits:
+              cpu: 2
+              memory: 2Gi
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-manager-master
+        namespace: wazuh
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 50Gi
diff --git a/envs/eks-nlb/wazuh-worker-resources.yaml b/envs/eks-nlb/wazuh-worker-resources.yaml
new file mode 100644
index 00000000..668c3ff5
--- /dev/null
+++ b/envs/eks-nlb/wazuh-worker-resources.yaml
@@ -0,0 +1,35 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-manager-worker
+  namespace: wazuh
+spec:
+  template:
+    spec:
+      containers:
+        - name: wazuh-manager
+          resources:
+            requests:
+              cpu: 1
+              memory: 1Gi
+            limits:
+              cpu: 2
+              memory: 2Gi
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-manager-worker
+        namespace: wazuh
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 50Gi
diff --git a/wazuh-eks/base/storage-class.yaml b/wazuh-eks/base/storage-class.yaml
new file mode 100644
index 00000000..9f675b0b
--- /dev/null
+++ b/wazuh-eks/base/storage-class.yaml
@@ -0,0 +1,14 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh StorageClass
+
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: wazuh-storage
+# provisioner: k8s.io/minikube-hostpath
\ No newline at end of file
diff --git a/wazuh-eks/base/wazuh-ns.yaml b/wazuh-eks/base/wazuh-ns.yaml
new file mode 100644
index 00000000..0063ab85
--- /dev/null
+++ b/wazuh-eks/base/wazuh-ns.yaml
@@ -0,0 +1,13 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh namespace
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: wazuh
diff --git a/wazuh-eks/certs/dashboard_http/generate_certs.sh b/wazuh-eks/certs/dashboard_http/generate_certs.sh
new file mode 100755
index 00000000..6e847249
--- /dev/null
+++ b/wazuh-eks/certs/dashboard_http/generate_certs.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd $DIR
+
+openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
diff --git a/wazuh-eks/certs/indexer_cluster/generate_certs.sh b/wazuh-eks/certs/indexer_cluster/generate_certs.sh
new file mode 100755
index 00000000..cef0e2c4
--- /dev/null
+++ b/wazuh-eks/certs/indexer_cluster/generate_certs.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd $DIR
+
+echo "Root CA"
+
+openssl genrsa -out root-ca-key.pem 2048
+
+openssl req -days 3650 -new -x509 -sha256 -key root-ca-key.pem -out root-ca.pem -subj "/C=US/L=California/O=Company/CN=root-ca"
+
+echo "Admin cert"
+
+echo "create: admin-key-temp.pem"
+
+openssl genrsa -out admin-key-temp.pem 2048
+
+echo "create: admin-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem
+
+echo "create: admin.csr"
+
+openssl req -days 3650 -new -key admin-key.pem -out admin.csr -subj "/C=US/L=California/O=Company/CN=admin"
+
+echo "create: admin.pem"
+
+openssl x509 -req -days 3650 -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem
+
+
+echo "* Node cert"
+
+echo "create: node-key-temp.pem"
+
+openssl genrsa -out node-key-temp.pem 2048
+
+echo "create: node-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in node-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node-key.pem
+
+echo "create: node.csr"
+
+openssl req -days 3650 -new -key node-key.pem -out node.csr -subj "/C=US/L=California/O=Company/CN=wazuh-internal-lb"
+
+echo "create: node.pem"
+
+openssl x509 -req -days 3650 -in node.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node.pem
+
+echo "* dashboard cert"
+
+echo "create: dashboard-key-temp.pem"
+
+openssl genrsa -out dashboard-key-temp.pem 2048
+
+echo "create: dashboard-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in dashboard-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out dashboard-key.pem
+
+echo "create: dashboard.csr"
+
+openssl req -days 3650 -new -key dashboard-key.pem -out dashboard.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"
+
+echo "create: dashboard.pem"
+
+openssl x509 -req -days 3650 -in dashboard.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out dashboard.pem
+
+
+
+echo "* Filebeat cert"
+
+echo "create: filebeat-key-temp.pem"
+
+openssl genrsa -out filebeat-key-temp.pem 2048
+
+echo "create: filebeat-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in filebeat-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out filebeat-key.pem
+
+echo "create: filebeat.csr"
+
+openssl req -days 3650 -new -key filebeat-key.pem -out filebeat.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"
+
+echo "create: filebeat.pem"
+
+openssl x509 -req -days 3650 -in filebeat.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out filebeat.pem
diff --git a/wazuh-eks/certs/indexer_cluster/root-ca.srl b/wazuh-eks/certs/indexer_cluster/root-ca.srl
new file mode 100644
index 00000000..a8ebc4ea
--- /dev/null
+++ b/wazuh-eks/certs/indexer_cluster/root-ca.srl
@@ -0,0 +1 @@
+1FE64F535BA4D7289545499F94E17DB2D3900B4D
diff --git a/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml b/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
new file mode 100644
index 00000000..d6c5bcb2
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
@@ -0,0 +1,102 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Dashboard Deployment
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wazuh-dashboard
+  namespace: wazuh
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: wazuh-dashboard
+      lbtype: external
+  template:
+    metadata:
+      labels:
+        app: wazuh-dashboard
+        lbtype: external
+      name: wazuh-dashboard
+    spec:
+      volumes:
+        - name: config
+          configMap:
+            name: dashboard-conf
+        - name: dashboard-certs
+          secret:
+            secretName: dashboard-certs
+      containers:
+        - name: wazuh-dashboard
+          image: 'wazuh/wazuh-dashboard:4.7.2'
+          resources:
+            limits:
+              cpu: 500m
+              memory: 1Gi
+          volumeMounts:
+            - name: config
+              mountPath: /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+              subPath: opensearch_dashboards.yml
+              readOnly: false
+            - name: dashboard-certs
+              mountPath: /usr/share/wazuh-dashboard/certs/cert.pem
+              readOnly: true
+              subPath: cert.pem
+            - name: dashboard-certs
+              mountPath: /usr/share/wazuh-dashboard/certs/key.pem
+              readOnly: true
+              subPath: key.pem
+            - name: dashboard-certs
+              mountPath: /usr/share/wazuh-dashboard/certs/root-ca.pem
+              subPath: root-ca.pem
+              readOnly: true
+          ports:
+            - containerPort: 5601
+              name: dashboard-port
+          env:
+            - name: INDEXER_URL
+              value: 'https://wazuh-internal-lb:9200'
+            - name: INDEXER_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: indexer-cred
+                  key: username
+            - name: INDEXER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: indexer-cred
+                  key: password
+            - name: DASHBOARD_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: dashboard-cred
+                  key: username
+            - name: DASHBOARD_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: dashboard-cred
+                  key: password
+            - name: SERVER_SSL_ENABLED
+              value: "true"
+            - name: SERVER_SSL_CERTIFICATE
+              value: /usr/share/wazuh-dashboard/certs/cert.pem
+            - name: SERVER_SSL_KEY
+              value: /usr/share/wazuh-dashboard/certs/key.pem
+            - name: WAZUH_API_URL
+              value: https://wazuh-external-lb
+            - name: API_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: wazuh-api-cred
+                  key: username
+            - name: API_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: wazuh-api-cred
+                  key: password
diff --git a/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml b/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
new file mode 100644
index 00000000..7e68266b
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
@@ -0,0 +1,13 @@
+
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh-internal-lb:9200
+opensearch.ssl.verificationMode: none
+opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/usr/share/wazuh-dashboard/certs/key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/cert.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wazuh
\ No newline at end of file
diff --git a/wazuh/indexer_stack/wazuh-dashboard/lb-external.yaml b/wazuh-eks/indexer_stack/wazuh-dashboard/lb-external.yaml
similarity index 100%
rename from wazuh/indexer_stack/wazuh-dashboard/lb-external.yaml
rename to wazuh-eks/indexer_stack/wazuh-dashboard/lb-external.yaml
diff --git a/wazuh/indexer_stack/wazuh-dashboard/lb-internal.yaml b/wazuh-eks/indexer_stack/wazuh-dashboard/lb-internal.yaml
similarity index 100%
rename from wazuh/indexer_stack/wazuh-dashboard/lb-internal.yaml
rename to wazuh-eks/indexer_stack/wazuh-dashboard/lb-internal.yaml
diff --git a/wazuh-eks/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml b/wazuh-eks/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
new file mode 100644
index 00000000..9303a665
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
@@ -0,0 +1,137 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Indexer StatefulSet: 3 master nodes.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-indexer
+  namespace: wazuh
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: wazuh-indexer
+      lbtype: internal
+  serviceName: wazuh-indexer
+  template:
+    metadata:
+      labels:
+        app: wazuh-indexer
+        lbtype: internal
+      name: wazuh-indexer
+    spec:
+      # Set the wazuh-indexer volume permissions so the wazuh-indexer user can use it
+      volumes:
+        - name: indexer-certs
+          secret:
+            secretName: indexer-certs
+        - name: indexer-conf
+          configMap:
+            name: indexer-conf
+      initContainers:
+        - name: volume-mount-hack
+          image: busybox
+          resources:
+            requests:
+              cpu: 50m
+              memory: 128Mi
+            limits:
+              cpu: 100m
+              memory: 256Mi
+          command:
+            - sh
+            - '-c'
+            - 'chown -R 1000:1000 /var/lib/wazuh-indexer'
+          volumeMounts:
+            - name: wazuh-indexer
+              mountPath: /var/lib/wazuh-indexer
+        - name: increase-the-vm-max-map-count
+          image: busybox
+          command:
+            - sysctl
+            - -w
+            - vm.max_map_count=262144
+          securityContext:
+            privileged: true
+      containers:
+        - name: wazuh-indexer
+          image: 'wazuh/wazuh-indexer:4.7.2'
+          resources:
+            limits:
+              cpu: 500m
+              memory: 1564Mi
+          env:
+            - name: OPENSEARCH_JAVA_OPTS
+              value: '-Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true'
+            - name: CLUSTER_NAME
+              value: wazuh
+            - name: NETWORK_HOST
+              value: "0.0.0.0"
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: DISCOVERY_SERVICE
+              value: wazuh-internal-lb
+            - name: KUBERNETES_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: DISABLE_INSTALL_DEMO_CONFIG
+              value: 'true'
+          securityContext:
+            capabilities:
+              add: ["SYS_CHROOT"]
+          volumeMounts:
+            - name: wazuh-indexer
+              mountPath: /var/lib/wazuh-indexer
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/node-key.pem
+              subPath: node-key.pem
+              readOnly: true
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/node.pem
+              subPath: node.pem
+              readOnly: true
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/root-ca.pem
+              subPath: root-ca.pem
+              readOnly: true
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/admin.pem
+              subPath: admin.pem
+              readOnly: true
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/admin-key.pem
+              subPath: admin-key.pem
+              readOnly: true
+            - name: indexer-conf
+              mountPath: /usr/share/wazuh-indexer/opensearch.yml
+              subPath: opensearch.yml
+              readOnly: true
+            - name: indexer-conf
+              mountPath: /usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+              subPath: internal_users.yml
+              readOnly: true
+          ports:
+            - containerPort: 9200
+              name: indexer-rest
+            - containerPort: 9300
+              name: indexer-nodes
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-indexer
+        namespace: indexer-cluster
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 500Mi
diff --git a/wazuh-eks/indexer_stack/wazuh-indexer/indexer-svc.yaml b/wazuh-eks/indexer_stack/wazuh-indexer/indexer-svc.yaml
new file mode 100644
index 00000000..d9d0f191
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-indexer/indexer-svc.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Indexer service: Communications
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh-indexer
+  namespace: wazuh
+  labels:
+    app: wazuh-indexer
+spec:
+  selector:
+    app: wazuh-indexer
+  ports:
+    - name: indexer-nodes
+      port: 9300
+      targetPort: 9300
+  clusterIP: None
diff --git a/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml b/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml
new file mode 100644
index 00000000..d9f05b34
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml
@@ -0,0 +1,56 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+  hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
+  reserved: true
+  backend_roles:
+  - "admin"
+  description: "Demo admin user"
+
+kibanaserver:
+  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+  reserved: true
+  description: "Demo kibanaserver user"
+
+kibanaro:
+  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+  reserved: false
+  backend_roles:
+  - "kibanauser"
+  - "readall"
+  attributes:
+    attribute1: "value1"
+    attribute2: "value2"
+    attribute3: "value3"
+  description: "Demo kibanaro user"
+
+logstash:
+  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+  reserved: false
+  backend_roles:
+  - "logstash"
+  description: "Demo logstash user"
+
+readall:
+  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+  reserved: false
+  backend_roles:
+  - "readall"
+  description: "Demo readall user"
+
+snapshotrestore:
+  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+  reserved: false
+  backend_roles:
+  - "snapshotrestore"
+  description: "Demo snapshotrestore user"
diff --git a/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml b/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
new file mode 100644
index 00000000..c3027854
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
@@ -0,0 +1,31 @@
+cluster.name: ${CLUSTER_NAME}
+node.name: ${NODE_NAME}
+network.host: ${NETWORK_HOST}
+discovery.seed_hosts: wazuh-indexer-0.wazuh-indexer
+cluster.initial_master_nodes:
+  - wazuh-indexer-0
+
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
+plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+  - CN=admin,O=Company,L=California,C=US
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+  - CN=wazuh-internal-lb,O=Company,L=California,C=US
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
+compatibility.override_main_response_version: true
\ No newline at end of file
diff --git a/wazuh-eks/kustomization.yml b/wazuh-eks/kustomization.yml
new file mode 100644
index 00000000..01f97627
--- /dev/null
+++ b/wazuh-eks/kustomization.yml
@@ -0,0 +1,64 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+# Adds wazuh namespace to all resources.
+namespace: wazuh
+
+secretGenerator:
+  - name: indexer-certs
+    files:
+      - certs/indexer_cluster/root-ca.pem
+      - certs/indexer_cluster/node.pem
+      - certs/indexer_cluster/node-key.pem
+      - certs/indexer_cluster/dashboard.pem
+      - certs/indexer_cluster/dashboard-key.pem
+      - certs/indexer_cluster/admin.pem
+      - certs/indexer_cluster/admin-key.pem
+      - certs/indexer_cluster/filebeat.pem
+      - certs/indexer_cluster/filebeat-key.pem
+  - name: dashboard-certs
+    files:
+      - certs/dashboard_http/cert.pem
+      - certs/dashboard_http/key.pem
+      - certs/indexer_cluster/root-ca.pem
+
+configMapGenerator:
+  - name: indexer-conf
+    files:
+      - indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
+      - indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml
+  - name: wazuh-conf
+    files:
+      - wazuh_managers/wazuh_conf/master.conf
+      - wazuh_managers/wazuh_conf/worker.conf
+  - name: dashboard-conf
+    files:
+      - indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
+
+resources:
+  - base/wazuh-ns.yaml
+  - base/storage-class.yaml
+
+  - secrets/wazuh-api-cred-secret.yaml
+  - secrets/wazuh-authd-pass-secret.yaml
+  - secrets/wazuh-cluster-key-secret.yaml
+  - secrets/dashboard-cred-secret.yaml
+  - secrets/indexer-cred-secret.yaml
+
+  - wazuh_managers/wazuh-master-sts.yaml
+  - wazuh_managers/wazuh-worker-sts.yaml
+  - wazuh_managers/wazuh-cluster-svc.yaml
+
+  - indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
+  - indexer_stack/wazuh-indexer/indexer-svc.yaml
+
+  - indexer_stack/wazuh-dashboard/lb-external.yaml
+  - indexer_stack/wazuh-dashboard/lb-internal.yaml
+  - indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
diff --git a/wazuh-eks/secrets/dashboard-cred-secret.yaml b/wazuh-eks/secrets/dashboard-cred-secret.yaml
new file mode 100644
index 00000000..078f8776
--- /dev/null
+++ b/wazuh-eks/secrets/dashboard-cred-secret.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2022 Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh dashboard API credentials secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dashboard-cred
+data:
+  username: a2liYW5hc2VydmVy  # string "kibanaserver" base64 encoded
+  password: a2liYW5hc2VydmVy  # string "kibanaserver" base64 encoded
diff --git a/wazuh-eks/secrets/indexer-cred-secret.yaml b/wazuh-eks/secrets/indexer-cred-secret.yaml
new file mode 100644
index 00000000..3f159c5a
--- /dev/null
+++ b/wazuh-eks/secrets/indexer-cred-secret.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh API credentials secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: indexer-cred
+data:
+  username: YWRtaW4=              # string "admin" base64 encoded
+  password: U2VjcmV0UGFzc3dvcmQ=  # string "SecretPassword" base64 encoded
diff --git a/wazuh-eks/secrets/wazuh-api-cred-secret.yaml b/wazuh-eks/secrets/wazuh-api-cred-secret.yaml
new file mode 100644
index 00000000..b6628f95
--- /dev/null
+++ b/wazuh-eks/secrets/wazuh-api-cred-secret.yaml
@@ -0,0 +1,17 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh API credentials secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wazuh-api-cred
+  namespace: wazuh
+data:
+  username: d2F6dWgtd3Vp          # string "wazuh-wui" base64 encoded
+  password: TXlTM2NyMzdQNDUwci4qLQ==  # string "MyS3cr37P450r.*-" base64 encoded
diff --git a/wazuh-eks/secrets/wazuh-authd-pass-secret.yaml b/wazuh-eks/secrets/wazuh-authd-pass-secret.yaml
new file mode 100644
index 00000000..03b4b6b8
--- /dev/null
+++ b/wazuh-eks/secrets/wazuh-authd-pass-secret.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh authd password secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wazuh-authd-pass
+  namespace: wazuh
+data:
+  authd.pass: cGFzc3dvcmQ= # string "password" base64 encoded
diff --git a/wazuh-eks/secrets/wazuh-cluster-key-secret.yaml b/wazuh-eks/secrets/wazuh-cluster-key-secret.yaml
new file mode 100644
index 00000000..cbe50253
--- /dev/null
+++ b/wazuh-eks/secrets/wazuh-cluster-key-secret.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh cluster key secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wazuh-cluster-key
+  namespace: wazuh
+data:
+  key: MTIzYTQ1YmM2N2RlZjg5MWdoMjNpNDVqazY3bDhtbjk= # string "123a45bc67def891gh23i45jk67l8mn9" base64 encoded
diff --git a/wazuh-eks/wazuh_managers/wazuh-cluster-svc.yaml b/wazuh-eks/wazuh_managers/wazuh-cluster-svc.yaml
new file mode 100644
index 00000000..ce3c7c8e
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh-cluster-svc.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh cluster Service: Manager nodes communication
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh-cluster
+  namespace: wazuh
+  labels:
+    app: wazuh-manager
+spec:
+  selector:
+    app: wazuh-manager
+  ports:
+    - name: cluster
+      port: 1516
+      targetPort: 1516
+  clusterIP: None
diff --git a/wazuh-eks/wazuh_managers/wazuh-master-sts.yaml b/wazuh-eks/wazuh_managers/wazuh-master-sts.yaml
new file mode 100644
index 00000000..5938b7d1
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh-master-sts.yaml
@@ -0,0 +1,161 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh master StatefulSet
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-manager-master
+  namespace: wazuh
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: wazuh-manager
+      node-type: master
+      lbtype: external
+  serviceName: wazuh-cluster
+  podManagementPolicy: Parallel
+  template:
+    metadata:
+      labels:
+        app: wazuh-manager
+        node-type: master
+        lbtype: external
+      name: wazuh-manager-master
+    spec:
+      volumes:
+        - name: config
+          configMap:
+            name: wazuh-conf
+        - name: filebeat-certs
+          secret:
+            secretName: indexer-certs
+        - name: wazuh-authd-pass
+          secret:
+            secretName: wazuh-authd-pass
+      securityContext:
+        fsGroup: 101
+      containers:
+        - name: wazuh-manager
+          image: 'wazuh/wazuh-manager:4.7.2'
+          resources:
+            limits:
+              cpu: 400m
+              memory: 512Mi
+          securityContext:
+            capabilities:
+              add: ["SYS_CHROOT"]
+          volumeMounts:
+            - name: config
+              mountPath: /wazuh-config-mount/etc/ossec.conf
+              subPath: master.conf
+              readOnly: true
+            - name: filebeat-certs
+              mountPath: /etc/ssl/root-ca.pem
+              readOnly: true
+              subPath: root-ca.pem
+            - name: filebeat-certs
+              mountPath: /etc/ssl/filebeat.pem
+              subPath: filebeat.pem
+              readOnly: true
+            - name: filebeat-certs
+              mountPath: /etc/ssl/filebeat.key
+              subPath: filebeat-key.pem
+              readOnly: true
+            - name: wazuh-authd-pass
+              mountPath: /wazuh-config-mount/etc/authd.pass
+              subPath: authd.pass
+              readOnly: true
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/api/configuration
+              subPath: wazuh/var/ossec/api/configuration
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/etc
+              subPath: wazuh/var/ossec/etc
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/logs
+              subPath: wazuh/var/ossec/logs
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/queue
+              subPath: wazuh/var/ossec/queue
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/var/multigroups
+              subPath: wazuh/var/ossec/var/multigroups
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/integrations
+              subPath: wazuh/var/ossec/integrations
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/active-response/bin
+              subPath: wazuh/var/ossec/active-response/bin
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/agentless
+              subPath: wazuh/var/ossec/agentless
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/wodles
+              subPath: wazuh/var/ossec/wodles
+            - name: wazuh-manager-master
+              mountPath: /etc/filebeat
+              subPath: filebeat/etc/filebeat
+            - name: wazuh-manager-master
+              mountPath: /var/lib/filebeat
+              subPath: filebeat/var/lib/filebeat
+          ports:
+            - containerPort: 1515
+              name: registration
+            - containerPort: 1516
+              name: cluster-port
+            - containerPort: 55000
+              name: api-port
+          env:
+            - name: INDEXER_URL
+              value: 'https://wazuh-internal-lb:9200'
+            - name: INDEXER_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: indexer-cred
+                  key: username
+            - name: INDEXER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: indexer-cred
+                  key: password
+            - name: FILEBEAT_SSL_VERIFICATION_MODE
+              value: 'full'
+            - name: SSL_CERTIFICATE_AUTHORITIES
+              value: /etc/ssl/root-ca.pem
+            - name: SSL_CERTIFICATE
+              value: /etc/ssl/filebeat.pem
+            - name: SSL_KEY
+              value: /etc/ssl/filebeat.key
+            - name: API_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: wazuh-api-cred
+                  key: username
+            - name: API_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: wazuh-api-cred
+                  key: password
+            - name: WAZUH_CLUSTER_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: wazuh-cluster-key
+                  key: key
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-manager-master
+        namespace: wazuh
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 500Mi
diff --git a/wazuh-eks/wazuh_managers/wazuh-worker-sts.yaml b/wazuh-eks/wazuh_managers/wazuh-worker-sts.yaml
new file mode 100644
index 00000000..012596b2
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh-worker-sts.yaml
@@ -0,0 +1,148 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh workers StatefulSet
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-manager-worker
+  namespace: wazuh
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: wazuh-manager
+      node-type: worker
+      lbtype: external
+  serviceName: wazuh-cluster
+  podManagementPolicy: Parallel
+  template:
+    metadata:
+      labels:
+        app: wazuh-manager
+        node-type: worker
+        lbtype: external
+      name: wazuh-manager-worker
+    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                topologyKey: kubernetes.io/hostname
+      volumes:
+        - name: config
+          configMap:
+            name: wazuh-conf
+        - name: filebeat-certs
+          secret:
+            secretName: indexer-certs
+      securityContext:
+        fsGroup: 101
+      containers:
+        - name: wazuh-manager
+          image: 'wazuh/wazuh-manager:4.7.2'
+          resources:
+            limits:
+              cpu: 400m
+              memory: 512Mi
+          securityContext:
+            capabilities:
+              add: ["SYS_CHROOT"]
+          volumeMounts:
+            - name: config
+              mountPath: /wazuh-config-mount/etc/ossec.conf
+              subPath: worker.conf
+              readOnly: true
+            - name: filebeat-certs
+              mountPath: /etc/ssl/root-ca.pem
+              readOnly: true
+              subPath: root-ca.pem
+            - name: filebeat-certs
+              mountPath: /etc/ssl/filebeat.pem
+              subPath: filebeat.pem
+              readOnly: true
+            - name: filebeat-certs
+              mountPath: /etc/ssl/filebeat.key
+              subPath: filebeat-key.pem
+              readOnly: true
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/api/configuration
+              subPath: wazuh/var/ossec/api/configuration
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/etc
+              subPath: wazuh/var/ossec/etc
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/logs
+              subPath: wazuh/var/ossec/logs
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/queue
+              subPath: wazuh/var/ossec/queue
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/var/multigroups
+              subPath: wazuh/var/ossec/var/multigroups
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/integrations
+              subPath: wazuh/var/ossec/integrations
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/active-response/bin
+              subPath: wazuh/var/ossec/active-response/bin
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/agentless
+              subPath: wazuh/var/ossec/agentless
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/wodles
+              subPath: wazuh/var/ossec/wodles
+            - name: wazuh-manager-worker
+              mountPath: /etc/filebeat
+              subPath: filebeat/etc/filebeat
+            - name: wazuh-manager-worker
+              mountPath: /var/lib/filebeat
+              subPath: filebeat/var/lib/filebeat
+          ports:
+            - containerPort: 1514
+              name: agents-events
+            - containerPort: 1516
+              name: cluster-port
+          env:
+            - name: INDEXER_URL
+              value: 'https://wazuh-internal-lb:9200'
+            - name: INDEXER_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: indexer-cred
+                  key: username
+            - name: INDEXER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: indexer-cred
+                  key: password
+            - name: FILEBEAT_SSL_VERIFICATION_MODE
+              value: 'full'
+            - name: SSL_CERTIFICATE_AUTHORITIES
+              value: /etc/ssl/root-ca.pem
+            - name: SSL_CERTIFICATE
+              value: /etc/ssl/filebeat.pem
+            - name: SSL_KEY
+              value: /etc/ssl/filebeat.key
+            - name: WAZUH_CLUSTER_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: wazuh-cluster-key
+                  key: key
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-manager-worker
+        namespace: wazuh
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 500Mi
diff --git a/wazuh-eks/wazuh_managers/wazuh_conf/master.conf b/wazuh-eks/wazuh_managers/wazuh_conf/master.conf
new file mode 100644
index 00000000..d0affc48
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh_conf/master.conf
@@ -0,0 +1,401 @@
+<!--
+  Wazuh - Manager - Default configuration for ubuntu 16.04
+  More info at: https://documentation.wazuh.com
+  Mailing list: https://groups.google.com/forum/#!forum/wazuh
+
+  Customization: TCP on port 1514
+  Customization: Cluster mode enabled, master node
+-->
+<ossec_config>
+  <global>
+    <jsonout_output>yes</jsonout_output>
+    <alerts_log>yes</alerts_log>
+    <logall>no</logall>
+    <logall_json>no</logall_json>
+    <email_notification>no</email_notification>
+    <smtp_server>smtp.example.wazuh.com</smtp_server>
+    <email_from>ossecm@example.wazuh.com</email_from>
+    <email_to>recipient@example.wazuh.com</email_to>
+    <email_maxperhour>12</email_maxperhour>
+    <email_log_source>alerts.log</email_log_source>
+    <queue_size>131072</queue_size>
+    <agents_disconnection_time>20s</agents_disconnection_time>
+    <agents_disconnection_alert_time>100s</agents_disconnection_alert_time>
+  </global>
+
+  <alerts>
+    <log_alert_level>3</log_alert_level>
+    <email_alert_level>12</email_alert_level>
+  </alerts>
+
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>plain</log_format>
+  </logging>
+
+  <remote>
+    <connection>secure</connection>
+    <port>1514</port>
+    <protocol>tcp</protocol>
+    <queue_size>131072</queue_size>
+  </remote>
+
+  <!-- Policy monitoring -->
+  <rootcheck>
+    <disabled>no</disabled>
+    <check_unixaudit>yes</check_unixaudit>
+    <check_files>yes</check_files>
+    <check_trojans>yes</check_trojans>
+    <check_dev>yes</check_dev>
+    <check_sys>yes</check_sys>
+    <check_pids>yes</check_pids>
+    <check_ports>yes</check_ports>
+    <check_if>yes</check_if>
+
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>43200</frequency>
+
+    <rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
+
+    <system_audit>/var/ossec/etc/rootcheck/system_audit_rcl.txt</system_audit>
+    <system_audit>/var/ossec/etc/rootcheck/system_audit_ssh.txt</system_audit>
+
+    <skip_nfs>yes</skip_nfs>
+  </rootcheck>
+
+  <wodle name="open-scap">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+  </wodle>
+
+  <wodle name="cis-cat">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <java_path>wodles/java</java_path>
+    <ciscat_path>wodles/ciscat</ciscat_path>
+  </wodle>
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>yes</disabled>
+    <run_daemon>yes</run_daemon>
+    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
+    <config_path>/etc/osquery/osquery.conf</config_path>
+    <add_labels>yes</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>no</disabled>
+    <interval>1h</interval>
+    <scan_on_start>yes</scan_on_start>
+    <hardware>yes</hardware>
+    <os>yes</os>
+    <network>yes</network>
+    <packages>yes</packages>
+    <ports all="no">yes</ports>
+    <processes>yes</processes>
+  </wodle>
+
+  <vulnerability-detector>
+    <enabled>no</enabled>
+    <interval>5m</interval>
+    <min_full_scan_interval>6h</min_full_scan_interval>
+    <run_on_start>yes</run_on_start>
+
+    <!-- Ubuntu OS vulnerabilities -->
+    <provider name="canonical">
+      <enabled>no</enabled>
+      <os>trusty</os>
+      <os>xenial</os>
+      <os>bionic</os>
+      <os>focal</os>
+      <os>jammy</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Debian OS vulnerabilities -->
+    <provider name="debian">
+      <enabled>no</enabled>
+      <os>buster</os>
+      <os>bullseye</os>
+      <os>bookworm</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- RedHat OS vulnerabilities -->
+    <provider name="redhat">
+      <enabled>no</enabled>
+      <os>5</os>
+      <os>6</os>
+      <os>7</os>
+      <os>8</os>
+      <os>9</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Amazon Linux OS vulnerabilities -->
+    <provider name="alas">
+      <enabled>no</enabled>
+      <os>amazon-linux</os>
+      <os>amazon-linux-2</os>
+      <os>amazon-linux-2023</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- SUSE Linux Enterprise OS vulnerabilities -->
+    <provider name="suse">
+      <enabled>no</enabled>
+      <os>11-server</os>
+      <os>11-desktop</os>
+      <os>12-server</os>
+      <os>12-desktop</os>
+      <os>15-server</os>
+      <os>15-desktop</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Arch OS vulnerabilities -->
+    <provider name="arch">
+      <enabled>no</enabled>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Windows OS vulnerabilities -->
+    <provider name="msu">
+      <enabled>yes</enabled>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Aggregate vulnerabilities -->
+    <provider name="nvd">
+      <enabled>yes</enabled>
+      <update_from_year>2010</update_from_year>
+      <update_interval>1h</update_interval>
+    </provider>
+
+  </vulnerability-detector>
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+    <disabled>no</disabled>
+
+    <!-- Frequency that syscheck is executed default every 12 hours -->
+    <frequency>43200</frequency>
+
+    <scan_on_start>yes</scan_on_start>
+
+    <!-- Generate alert when new file detected -->
+    <alert_new_files>yes</alert_new_files>
+
+    <!-- Don't ignore files that change more than 'frequency' times -->
+    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
+    <directories check_all="yes">/bin,/sbin,/boot</directories>
+
+    <!-- Files/directories to ignore -->
+    <ignore>/etc/mtab</ignore>
+    <ignore>/etc/hosts.deny</ignore>
+    <ignore>/etc/mail/statistics</ignore>
+    <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
+    <ignore>/etc/adjtime</ignore>
+    <ignore>/etc/httpd/logs</ignore>
+    <ignore>/etc/utmpx</ignore>
+    <ignore>/etc/wtmpx</ignore>
+    <ignore>/etc/cups/certs</ignore>
+    <ignore>/etc/dumpdates</ignore>
+    <ignore>/etc/svc/volatile</ignore>
+    <ignore>/sys/kernel/security</ignore>
+    <ignore>/sys/kernel/debug</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
+
+    <skip_nfs>yes</skip_nfs>
+
+    <!-- Remove not monitored files -->
+    <remove_old_diff>yes</remove_old_diff>
+
+    <!-- Allow the system to restart Auditd after installing the plugin -->
+    <restart_audit>yes</restart_audit>
+  </syscheck>
+
+  <!-- Active response -->
+  <global>
+    <white_list>127.0.0.1</white_list>
+    <white_list>^localhost.localdomain$</white_list>
+    <white_list>10.66.0.2</white_list>
+  </global>
+
+  <command>
+    <name>disable-account</name>
+    <executable>disable-account.sh</executable>
+    <expect>user</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>restart-ossec</name>
+    <executable>restart-ossec.sh</executable>
+    <expect></expect>
+  </command>
+
+  <command>
+    <name>firewall-drop</name>
+    <executable>firewall-drop</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>host-deny</name>
+    <executable>host-deny.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>route-null</name>
+    <executable>route-null.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null</name>
+    <executable>route-null.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null-2012</name>
+    <executable>route-null-2012.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh</name>
+    <executable>netsh.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh-win-2016</name>
+    <executable>netsh-win-2016.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <!--
+  <active-response>
+    active-response options here
+  </active-response>
+  -->
+
+  <!-- Log analysis -->
+  <localfile>
+    <log_format>command</log_format>
+    <command>df -P</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
+    <alias>netstat listening ports</alias>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>last -n 20</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <ruleset>
+    <!-- Default ruleset -->
+    <decoder_dir>ruleset/decoders</decoder_dir>
+    <rule_dir>ruleset/rules</rule_dir>
+    <rule_exclude>0215-policy_rules.xml</rule_exclude>
+    <list>etc/lists/audit-keys</list>
+    <list>etc/lists/amazon/aws-sources</list>
+    <list>etc/lists/amazon/aws-eventnames</list>
+
+    <!-- User-defined ruleset -->
+    <decoder_dir>etc/decoders</decoder_dir>
+    <rule_dir>etc/rules</rule_dir>
+  </ruleset>
+
+  <rule_test>
+	    <enabled>yes</enabled>
+	    <threads>1</threads>
+	    <max_sessions>64</max_sessions>
+	    <session_timeout>15m</session_timeout>
+  </rule_test>
+
+  <!-- Configuration for ossec-authd
+    To enable this service, run:
+    wazuh-control enable auth
+  -->
+  <auth>
+    <disabled>no</disabled>
+    <port>1515</port>
+    <use_source_ip>no</use_source_ip>
+    <force>
+      <enabled>yes</enabled>
+      <key_mismatch>yes</key_mismatch>
+      <disconnected_time enabled="yes">1h</disconnected_time>
+      <after_registration_time>1h</after_registration_time>
+    </force>
+    <purge>no</purge>
+    <use_password>yes</use_password>
+    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
+    <!-- <ssl_agent_ca></ssl_agent_ca> -->
+    <ssl_verify_host>no</ssl_verify_host>
+    <ssl_manager_cert>/var/ossec/etc/sslmanager.cert</ssl_manager_cert>
+    <ssl_manager_key>/var/ossec/etc/sslmanager.key</ssl_manager_key>
+    <ssl_auto_negotiate>no</ssl_auto_negotiate>
+  </auth>
+
+  <cluster>
+    <name>wazuh</name>
+    <node_name>wazuh-manager-master</node_name>
+    <node_type>master</node_type>
+    <key>to_be_replaced_by_cluster_key</key>
+    <port>1516</port>
+    <bind_addr>0.0.0.0</bind_addr>
+    <nodes>
+        <node>wazuh-manager-master-0.wazuh-cluster.wazuh</node>
+    </nodes>
+    <hidden>no</hidden>
+    <disabled>no</disabled>
+  </cluster>
+</ossec_config>
+
+<ossec_config>
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/ossec/logs/active-responses.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/syslog</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/dpkg.log</location>
+  </localfile>
+</ossec_config>
diff --git a/wazuh-eks/wazuh_managers/wazuh_conf/worker.conf b/wazuh-eks/wazuh_managers/wazuh_conf/worker.conf
new file mode 100644
index 00000000..9092b31d
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh_conf/worker.conf
@@ -0,0 +1,401 @@
+<!--
+  Wazuh - Manager - Default configuration for ubuntu 16.04
+  More info at: https://documentation.wazuh.com
+  Mailing list: https://groups.google.com/forum/#!forum/wazuh
+
+  Customization: TCP on port 1514
+  Customization: Cluster mode enabled, worker node
+-->
+<ossec_config>
+  <global>
+    <jsonout_output>yes</jsonout_output>
+    <alerts_log>yes</alerts_log>
+    <logall>no</logall>
+    <logall_json>no</logall_json>
+    <email_notification>no</email_notification>
+    <smtp_server>smtp.example.wazuh.com</smtp_server>
+    <email_from>ossecm@example.wazuh.com</email_from>
+    <email_to>recipient@example.wazuh.com</email_to>
+    <email_maxperhour>12</email_maxperhour>
+    <email_log_source>alerts.log</email_log_source>
+    <queue_size>131072</queue_size>
+    <agents_disconnection_time>20s</agents_disconnection_time>
+    <agents_disconnection_alert_time>100s</agents_disconnection_alert_time>
+  </global>
+
+  <alerts>
+    <log_alert_level>3</log_alert_level>
+    <email_alert_level>12</email_alert_level>
+  </alerts>
+
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>plain</log_format>
+  </logging>
+
+  <remote>
+    <connection>secure</connection>
+    <port>1514</port>
+    <protocol>tcp</protocol>
+    <queue_size>131072</queue_size>
+  </remote>
+
+  <!-- Policy monitoring -->
+  <rootcheck>
+    <disabled>no</disabled>
+    <check_unixaudit>yes</check_unixaudit>
+    <check_files>yes</check_files>
+    <check_trojans>yes</check_trojans>
+    <check_dev>yes</check_dev>
+    <check_sys>yes</check_sys>
+    <check_pids>yes</check_pids>
+    <check_ports>yes</check_ports>
+    <check_if>yes</check_if>
+
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>43200</frequency>
+
+    <rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
+
+    <system_audit>/var/ossec/etc/rootcheck/system_audit_rcl.txt</system_audit>
+    <system_audit>/var/ossec/etc/rootcheck/system_audit_ssh.txt</system_audit>
+
+    <skip_nfs>yes</skip_nfs>
+  </rootcheck>
+
+  <wodle name="open-scap">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+  </wodle>
+
+  <wodle name="cis-cat">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <java_path>wodles/java</java_path>
+    <ciscat_path>wodles/ciscat</ciscat_path>
+  </wodle>
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>yes</disabled>
+    <run_daemon>yes</run_daemon>
+    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
+    <config_path>/etc/osquery/osquery.conf</config_path>
+    <add_labels>yes</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>no</disabled>
+    <interval>1h</interval>
+    <scan_on_start>yes</scan_on_start>
+    <hardware>yes</hardware>
+    <os>yes</os>
+    <network>yes</network>
+    <packages>yes</packages>
+    <ports all="no">yes</ports>
+    <processes>yes</processes>
+  </wodle>
+
+  <vulnerability-detector>
+    <enabled>no</enabled>
+    <interval>5m</interval>
+    <min_full_scan_interval>6h</min_full_scan_interval>
+    <run_on_start>yes</run_on_start>
+
+    <!-- Ubuntu OS vulnerabilities -->
+    <provider name="canonical">
+      <enabled>no</enabled>
+      <os>trusty</os>
+      <os>xenial</os>
+      <os>bionic</os>
+      <os>focal</os>
+      <os>jammy</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Debian OS vulnerabilities -->
+    <provider name="debian">
+      <enabled>no</enabled>
+      <os>buster</os>
+      <os>bullseye</os>
+      <os>bookworm</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- RedHat OS vulnerabilities -->
+    <provider name="redhat">
+      <enabled>no</enabled>
+      <os>5</os>
+      <os>6</os>
+      <os>7</os>
+      <os>8</os>
+      <os>9</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Amazon Linux OS vulnerabilities -->
+    <provider name="alas">
+      <enabled>no</enabled>
+      <os>amazon-linux</os>
+      <os>amazon-linux-2</os>
+      <os>amazon-linux-2023</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- SUSE Linux Enterprise OS vulnerabilities -->
+    <provider name="suse">
+      <enabled>no</enabled>
+      <os>11-server</os>
+      <os>11-desktop</os>
+      <os>12-server</os>
+      <os>12-desktop</os>
+      <os>15-server</os>
+      <os>15-desktop</os>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Arch OS vulnerabilities -->
+    <provider name="arch">
+      <enabled>no</enabled>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Windows OS vulnerabilities -->
+    <provider name="msu">
+      <enabled>yes</enabled>
+      <update_interval>1h</update_interval>
+    </provider>
+
+    <!-- Aggregate vulnerabilities -->
+    <provider name="nvd">
+      <enabled>yes</enabled>
+      <update_from_year>2010</update_from_year>
+      <update_interval>1h</update_interval>
+    </provider>
+
+  </vulnerability-detector>
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+    <disabled>no</disabled>
+
+    <!-- Frequency that syscheck is executed default every 12 hours -->
+    <frequency>43200</frequency>
+
+    <scan_on_start>yes</scan_on_start>
+
+    <!-- Generate alert when new file detected -->
+    <alert_new_files>yes</alert_new_files>
+
+    <!-- Don't ignore files that change more than 'frequency' times -->
+    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
+    <directories check_all="yes">/bin,/sbin,/boot</directories>
+
+    <!-- Files/directories to ignore -->
+    <ignore>/etc/mtab</ignore>
+    <ignore>/etc/hosts.deny</ignore>
+    <ignore>/etc/mail/statistics</ignore>
+    <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
+    <ignore>/etc/adjtime</ignore>
+    <ignore>/etc/httpd/logs</ignore>
+    <ignore>/etc/utmpx</ignore>
+    <ignore>/etc/wtmpx</ignore>
+    <ignore>/etc/cups/certs</ignore>
+    <ignore>/etc/dumpdates</ignore>
+    <ignore>/etc/svc/volatile</ignore>
+    <ignore>/sys/kernel/security</ignore>
+    <ignore>/sys/kernel/debug</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
+
+    <skip_nfs>yes</skip_nfs>
+
+    <!-- Remove not monitored files -->
+    <remove_old_diff>yes</remove_old_diff>
+
+    <!-- Allow the system to restart Auditd after installing the plugin -->
+    <restart_audit>yes</restart_audit>
+  </syscheck>
+
+  <!-- Active response -->
+  <global>
+    <white_list>127.0.0.1</white_list>
+    <white_list>^localhost.localdomain$</white_list>
+    <white_list>10.66.0.2</white_list>
+  </global>
+
+  <command>
+    <name>disable-account</name>
+    <executable>disable-account.sh</executable>
+    <expect>user</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>restart-ossec</name>
+    <executable>restart-ossec.sh</executable>
+    <expect></expect>
+  </command>
+
+  <command>
+    <name>firewall-drop</name>
+    <executable>firewall-drop</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>host-deny</name>
+    <executable>host-deny.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>route-null</name>
+    <executable>route-null.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null</name>
+    <executable>route-null.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null-2012</name>
+    <executable>route-null-2012.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh</name>
+    <executable>netsh.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh-win-2016</name>
+    <executable>netsh-win-2016.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <!--
+  <active-response>
+    active-response options here
+  </active-response>
+  -->
+
+  <!-- Log analysis -->
+  <localfile>
+    <log_format>command</log_format>
+    <command>df -P</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
+    <alias>netstat listening ports</alias>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>last -n 20</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <ruleset>
+    <!-- Default ruleset -->
+    <decoder_dir>ruleset/decoders</decoder_dir>
+    <rule_dir>ruleset/rules</rule_dir>
+    <rule_exclude>0215-policy_rules.xml</rule_exclude>
+    <list>etc/lists/audit-keys</list>
+    <list>etc/lists/amazon/aws-sources</list>
+    <list>etc/lists/amazon/aws-eventnames</list>
+
+    <!-- User-defined ruleset -->
+    <decoder_dir>etc/decoders</decoder_dir>
+    <rule_dir>etc/rules</rule_dir>
+  </ruleset>
+
+  <rule_test>
+	    <enabled>yes</enabled>
+	    <threads>1</threads>
+	    <max_sessions>64</max_sessions>
+	    <session_timeout>15m</session_timeout>
+  </rule_test>
+
+  <!-- Configuration for ossec-authd
+    To enable this service, run:
+    wazuh-control enable auth
+  -->
+  <auth>
+    <disabled>no</disabled>
+    <port>1515</port>
+    <use_source_ip>no</use_source_ip>
+    <force>
+      <enabled>yes</enabled>
+      <key_mismatch>yes</key_mismatch>
+      <disconnected_time enabled="yes">1h</disconnected_time>
+      <after_registration_time>1h</after_registration_time>
+    </force>
+    <purge>no</purge>
+    <use_password>no</use_password>
+    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
+    <!-- <ssl_agent_ca></ssl_agent_ca> -->
+    <ssl_verify_host>no</ssl_verify_host>
+    <ssl_manager_cert>/var/ossec/etc/sslmanager.cert</ssl_manager_cert>
+    <ssl_manager_key>/var/ossec/etc/sslmanager.key</ssl_manager_key>
+    <ssl_auto_negotiate>no</ssl_auto_negotiate>
+  </auth>
+
+  <cluster>
+    <name>wazuh</name>
+    <node_name>to_be_replaced_by_hostname</node_name>
+    <node_type>worker</node_type>
+    <key>to_be_replaced_by_cluster_key</key>
+    <port>1516</port>
+    <bind_addr>0.0.0.0</bind_addr>
+    <nodes>
+        <node>wazuh-manager-master-0.wazuh-cluster.wazuh</node>
+    </nodes>
+    <hidden>no</hidden>
+    <disabled>no</disabled>
+  </cluster>
+</ossec_config>
+
+<ossec_config>
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/ossec/logs/active-responses.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/syslog</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/dpkg.log</location>
+  </localfile>
+</ossec_config>
diff --git a/wazuh/certs/indexer_cluster/generate_certs.sh b/wazuh/certs/indexer_cluster/generate_certs.sh
index cef0e2c4..84175ce5 100755
--- a/wazuh/certs/indexer_cluster/generate_certs.sh
+++ b/wazuh/certs/indexer_cluster/generate_certs.sh
@@ -40,7 +40,7 @@ openssl pkcs8 -inform PEM -outform PEM -in node-key-temp.pem -topk8 -nocrypt -v1
 
 echo "create: node.csr"
 
-openssl req -days 3650 -new -key node-key.pem -out node.csr -subj "/C=US/L=California/O=Company/CN=wazuh-internal-lb"
+openssl req -days 3650 -new -key node-key.pem -out node.csr -subj "/C=US/L=California/O=Company/CN=*.wazuh-indexer"
 
 echo "create: node.pem"
 
@@ -58,7 +58,7 @@ openssl pkcs8 -inform PEM -outform PEM -in dashboard-key-temp.pem -topk8 -nocryp
 
 echo "create: dashboard.csr"
 
-openssl req -days 3650 -new -key dashboard-key.pem -out dashboard.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"
+openssl req -days 3650 -new -key dashboard-key.pem -out dashboard.csr -subj "/C=US/L=California/O=Company/CN=dashboard"
 
 echo "create: dashboard.pem"
 
@@ -78,7 +78,7 @@ openssl pkcs8 -inform PEM -outform PEM -in filebeat-key-temp.pem -topk8 -nocrypt
 
 echo "create: filebeat.csr"
 
-openssl req -days 3650 -new -key filebeat-key.pem -out filebeat.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"
+openssl req -days 3650 -new -key filebeat-key.pem -out filebeat.csr -subj "/C=US/L=California/O=Company/CN=filebeat"
 
 echo "create: filebeat.pem"
 
diff --git a/wazuh/certs/indexer_cluster/root-ca.srl b/wazuh/certs/indexer_cluster/root-ca.srl
new file mode 100644
index 00000000..0b52d825
--- /dev/null
+++ b/wazuh/certs/indexer_cluster/root-ca.srl
@@ -0,0 +1 @@
+1023702284AF366AD5338FA7FA775C3F488F315A
diff --git a/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml b/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
index d6c5bcb2..bf0bfd1e 100644
--- a/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
+++ b/wazuh/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
@@ -17,12 +17,10 @@ spec:
   selector:
     matchLabels:
       app: wazuh-dashboard
-      lbtype: external
   template:
     metadata:
       labels:
         app: wazuh-dashboard
-        lbtype: external
       name: wazuh-dashboard
     spec:
       volumes:
@@ -58,10 +56,10 @@ spec:
               readOnly: true
           ports:
             - containerPort: 5601
-              name: dashboard-port
+              name: dashboard
           env:
             - name: INDEXER_URL
-              value: 'https://wazuh-internal-lb:9200'
+              value: 'https://wazuh-indexer-0.wazuh-indexer:9200'
             - name: INDEXER_USERNAME
               valueFrom:
                 secretKeyRef:
@@ -89,7 +87,7 @@ spec:
             - name: SERVER_SSL_KEY
               value: /usr/share/wazuh-dashboard/certs/key.pem
             - name: WAZUH_API_URL
-              value: https://wazuh-external-lb
+              value: https://wazuh-manager-master-0.wazuh-cluster
             - name: API_USERNAME
               valueFrom:
                 secretKeyRef:
diff --git a/wazuh/indexer_stack/wazuh-dashboard/dashboard-svc.yaml b/wazuh/indexer_stack/wazuh-dashboard/dashboard-svc.yaml
new file mode 100644
index 00000000..ee599990
--- /dev/null
+++ b/wazuh/indexer_stack/wazuh-dashboard/dashboard-svc.yaml
@@ -0,0 +1,30 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Dashboard service
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: dashboard
+  namespace: wazuh
+  labels:
+    app: wazuh-dashboard
+    # dns: route53
+  annotations:
+    # domainName: 'changeme'
+    # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: 'changeme'
+    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: '443'
+    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
+spec:
+  type: LoadBalancer
+  selector:
+    app: wazuh-dashboard
+  ports:
+    - name: dashboard
+      port: 443
+      targetPort: 5601
diff --git a/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml b/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
index 7e68266b..30a5d133 100644
--- a/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
+++ b/wazuh/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
@@ -1,7 +1,7 @@
 
 server.host: 0.0.0.0
 server.port: 5601
-opensearch.hosts: https://wazuh-internal-lb:9200
+opensearch.hosts: https://indexer:9200
 opensearch.ssl.verificationMode: none
 opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
 opensearch_security.multitenancy.enabled: false
diff --git a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml
new file mode 100644
index 00000000..7f25f61c
--- /dev/null
+++ b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Indexer service: API
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: indexer
+  namespace: wazuh
+  labels:
+    app: wazuh-indexer
+spec:
+  type: LoadBalancer
+  selector:
+    app: wazuh-indexer
+  ports:
+    - name: indexer-rest
+      port: 9200
+      targetPort: 9200
diff --git a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
index 9303a665..82a5e922 100644
--- a/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
+++ b/wazuh/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
@@ -17,13 +17,11 @@ spec:
   selector:
     matchLabels:
       app: wazuh-indexer
-      lbtype: internal
   serviceName: wazuh-indexer
   template:
     metadata:
       labels:
         app: wazuh-indexer
-        lbtype: internal
       name: wazuh-indexer
     spec:
       # Set the wazuh-indexer volume permissions so the wazuh-indexer user can use it
@@ -78,7 +76,7 @@ spec:
                 fieldRef:
                   fieldPath: metadata.name
             - name: DISCOVERY_SERVICE
-              value: wazuh-internal-lb
+              value: wazuh-indexer
             - name: KUBERNETES_NAMESPACE
               valueFrom:
                 fieldRef:
diff --git a/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml b/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
index c3027854..2685be22 100644
--- a/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
+++ b/wazuh/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
@@ -22,7 +22,7 @@ plugins.security.authcz.admin_dn:
 plugins.security.check_snapshot_restore_write_privileges: true
 plugins.security.enable_snapshot_restore_privilege: true
 plugins.security.nodes_dn:
-  - CN=wazuh-internal-lb,O=Company,L=California,C=US
+  - CN=*.wazuh-indexer,O=Company,L=California,C=US
 plugins.security.restapi.roles_enabled:
 - "all_access"
 - "security_rest_api_access"
diff --git a/wazuh/kustomization.yml b/wazuh/kustomization.yml
index 6e5b1406..27347c39 100644
--- a/wazuh/kustomization.yml
+++ b/wazuh/kustomization.yml
@@ -52,12 +52,15 @@ resources:
   - secrets/dashboard-cred-secret.yaml
   - secrets/indexer-cred-secret.yaml
 
+  - wazuh_managers/wazuh-cluster-svc.yaml
+  - wazuh_managers/wazuh-master-svc.yaml
+  - wazuh_managers/wazuh-workers-svc.yaml
   - wazuh_managers/wazuh-master-sts.yaml
   - wazuh_managers/wazuh-worker-sts.yaml
 
-  - indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
   - indexer_stack/wazuh-indexer/indexer-svc.yaml
+  - indexer_stack/wazuh-indexer/cluster/indexer-api-svc.yaml
+  - indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
 
-  - indexer_stack/wazuh-dashboard/lb-external.yaml
-  - indexer_stack/wazuh-dashboard/lb-internal.yaml
+  - indexer_stack/wazuh-dashboard/dashboard-svc.yaml
   - indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
diff --git a/wazuh/wazuh_managers/wazuh-cluster-svc.yaml b/wazuh/wazuh_managers/wazuh-cluster-svc.yaml
new file mode 100644
index 00000000..ce3c7c8e
--- /dev/null
+++ b/wazuh/wazuh_managers/wazuh-cluster-svc.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh cluster Service: Manager nodes communication
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh-cluster
+  namespace: wazuh
+  labels:
+    app: wazuh-manager
+spec:
+  selector:
+    app: wazuh-manager
+  ports:
+    - name: cluster
+      port: 1516
+      targetPort: 1516
+  clusterIP: None
diff --git a/wazuh/wazuh_managers/wazuh-master-sts.yaml b/wazuh/wazuh_managers/wazuh-master-sts.yaml
index 5938b7d1..7e4732f3 100644
--- a/wazuh/wazuh_managers/wazuh-master-sts.yaml
+++ b/wazuh/wazuh_managers/wazuh-master-sts.yaml
@@ -18,7 +18,6 @@ spec:
     matchLabels:
       app: wazuh-manager
       node-type: master
-      lbtype: external
   serviceName: wazuh-cluster
   podManagementPolicy: Parallel
   template:
@@ -26,7 +25,6 @@ spec:
       labels:
         app: wazuh-manager
         node-type: master
-        lbtype: external
       name: wazuh-manager-master
     spec:
       volumes:
@@ -109,12 +107,12 @@ spec:
             - containerPort: 1515
               name: registration
             - containerPort: 1516
-              name: cluster-port
+              name: cluster
             - containerPort: 55000
-              name: api-port
+              name: api
           env:
             - name: INDEXER_URL
-              value: 'https://wazuh-internal-lb:9200'
+              value: 'https://wazuh-indexer-0.wazuh-indexer:9200'
             - name: INDEXER_USERNAME
               valueFrom:
                 secretKeyRef:
diff --git a/wazuh/wazuh_managers/wazuh-master-svc.yaml b/wazuh/wazuh_managers/wazuh-master-svc.yaml
new file mode 100644
index 00000000..50f19767
--- /dev/null
+++ b/wazuh/wazuh_managers/wazuh-master-svc.yaml
@@ -0,0 +1,32 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh master Service: API and registration (authd)
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh  # Don't change, unless you update the Wazuh dashboard app config
+  namespace: wazuh
+  labels:
+    app: wazuh-manager
+    # dns: route53
+  annotations:
+    # domainName: 'changeme'
+    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
+spec:
+  type: LoadBalancer
+  selector:
+    app: wazuh-manager
+    node-type: master
+  ports:
+    - name: registration
+      port: 1515
+      targetPort: 1515
+    - name: api
+      port: 55000
+      targetPort: 55000
diff --git a/wazuh/wazuh_managers/wazuh-worker-sts.yaml b/wazuh/wazuh_managers/wazuh-worker-sts.yaml
index 012596b2..dcd7680c 100644
--- a/wazuh/wazuh_managers/wazuh-worker-sts.yaml
+++ b/wazuh/wazuh_managers/wazuh-worker-sts.yaml
@@ -18,7 +18,6 @@ spec:
     matchLabels:
       app: wazuh-manager
       node-type: worker
-      lbtype: external
   serviceName: wazuh-cluster
   podManagementPolicy: Parallel
   template:
@@ -26,7 +25,6 @@ spec:
       labels:
         app: wazuh-manager
         node-type: worker
-        lbtype: external
       name: wazuh-manager-worker
     spec:
       affinity:
@@ -108,10 +106,10 @@ spec:
             - containerPort: 1514
               name: agents-events
             - containerPort: 1516
-              name: cluster-port
+              name: cluster
           env:
             - name: INDEXER_URL
-              value: 'https://wazuh-internal-lb:9200'
+              value: 'https://wazuh-indexer-0.wazuh-indexer:9200'
             - name: INDEXER_USERNAME
               valueFrom:
                 secretKeyRef:
diff --git a/wazuh/wazuh_managers/wazuh-workers-svc.yaml b/wazuh/wazuh_managers/wazuh-workers-svc.yaml
new file mode 100644
index 00000000..5d2dae69
--- /dev/null
+++ b/wazuh/wazuh_managers/wazuh-workers-svc.yaml
@@ -0,0 +1,29 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh workers service: Agent reporting
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh-workers
+  namespace: wazuh
+  labels:
+    app: wazuh-manager
+    # dns: route53
+  annotations:
+    # domainName: 'wazuh-manager.some-domain.com'  # TODO: Change this for a Hosted Zone you configured in AWS Route 53
+    service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
+spec:
+  type: LoadBalancer
+  selector:
+    app: wazuh-manager
+    node-type: worker
+  ports:
+    - name: agents-events
+      port: 1514
+      targetPort: 1514

From 31dd36b94e7e75af0d9e67fde59cf6882a512aab Mon Sep 17 00:00:00 2001
From: vcerenu <victor.erenu@wazuh.com>
Date: Wed, 31 Jan 2024 08:21:31 -0300
Subject: [PATCH 4/6] add wazuh-eks deployment

---
 .gitignore                                    |  10 +
 envs/eks-nlb/dashboard-resources.yaml         |  24 ++
 envs/eks-nlb/indexer-resources.yaml           |  35 ++
 envs/eks-nlb/kustomization.yml                |  17 +
 envs/eks-nlb/storage-class.yaml               |  19 +
 envs/eks-nlb/wazuh-master-resources.yaml      |  35 ++
 envs/eks-nlb/wazuh-worker-resources.yaml      |  35 ++
 wazuh-eks/base/storage-class.yaml             |  14 +
 wazuh-eks/base/wazuh-ns.yaml                  |  13 +
 .../certs/dashboard_http/generate_certs.sh    |   6 +
 .../certs/indexer_cluster/generate_certs.sh   |  85 +++++
 .../wazuh-dashboard/dashboard-deploy.yaml     | 100 +++++
 .../dashboard_conf/opensearch_dashboards.yml  |  13 +
 .../wazuh-dashboard/lb-external.yaml          |  30 ++
 .../wazuh-dashboard/lb-internal.yaml          |  22 ++
 .../wazuh-indexer/cluster/indexer-sts.yaml    | 140 +++++++
 .../wazuh-indexer/indexer-svc.yaml            |  24 ++
 .../indexer_conf/internal_users.yml           |  56 +++
 .../wazuh-indexer/indexer_conf/opensearch.yml |  31 ++
 wazuh-eks/kustomization.yml                   |  64 ++++
 wazuh-eks/secrets/dashboard-cred-secret.yaml  |  16 +
 wazuh-eks/secrets/indexer-cred-secret.yaml    |  16 +
 wazuh-eks/secrets/wazuh-api-cred-secret.yaml  |  17 +
 .../secrets/wazuh-authd-pass-secret.yaml      |  16 +
 .../secrets/wazuh-cluster-key-secret.yaml     |  16 +
 .../wazuh_managers/wazuh-cluster-svc.yaml     |  24 ++
 .../wazuh_managers/wazuh-master-sts.yaml      | 159 ++++++++
 .../wazuh_managers/wazuh-worker-sts.yaml      | 146 ++++++++
 .../wazuh_managers/wazuh_conf/master.conf     | 344 ++++++++++++++++++
 .../wazuh_managers/wazuh_conf/worker.conf     | 344 ++++++++++++++++++
 30 files changed, 1871 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 envs/eks-nlb/dashboard-resources.yaml
 create mode 100644 envs/eks-nlb/indexer-resources.yaml
 create mode 100644 envs/eks-nlb/kustomization.yml
 create mode 100644 envs/eks-nlb/storage-class.yaml
 create mode 100644 envs/eks-nlb/wazuh-master-resources.yaml
 create mode 100644 envs/eks-nlb/wazuh-worker-resources.yaml
 create mode 100644 wazuh-eks/base/storage-class.yaml
 create mode 100644 wazuh-eks/base/wazuh-ns.yaml
 create mode 100755 wazuh-eks/certs/dashboard_http/generate_certs.sh
 create mode 100755 wazuh-eks/certs/indexer_cluster/generate_certs.sh
 create mode 100644 wazuh-eks/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
 create mode 100644 wazuh-eks/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
 create mode 100644 wazuh-eks/indexer_stack/wazuh-dashboard/lb-external.yaml
 create mode 100644 wazuh-eks/indexer_stack/wazuh-dashboard/lb-internal.yaml
 create mode 100644 wazuh-eks/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
 create mode 100644 wazuh-eks/indexer_stack/wazuh-indexer/indexer-svc.yaml
 create mode 100644 wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml
 create mode 100644 wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
 create mode 100644 wazuh-eks/kustomization.yml
 create mode 100644 wazuh-eks/secrets/dashboard-cred-secret.yaml
 create mode 100644 wazuh-eks/secrets/indexer-cred-secret.yaml
 create mode 100644 wazuh-eks/secrets/wazuh-api-cred-secret.yaml
 create mode 100644 wazuh-eks/secrets/wazuh-authd-pass-secret.yaml
 create mode 100644 wazuh-eks/secrets/wazuh-cluster-key-secret.yaml
 create mode 100644 wazuh-eks/wazuh_managers/wazuh-cluster-svc.yaml
 create mode 100644 wazuh-eks/wazuh_managers/wazuh-master-sts.yaml
 create mode 100644 wazuh-eks/wazuh_managers/wazuh-worker-sts.yaml
 create mode 100644 wazuh-eks/wazuh_managers/wazuh_conf/master.conf
 create mode 100644 wazuh-eks/wazuh_managers/wazuh_conf/worker.conf

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..9e2c0434
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,10 @@
+wazuh/certs/dashboard_http/*.pem
+wazuh/certs/dashboard_http/*.key
+wazuh/certs/indexer_cluster/*.pem
+wazuh/certs/indexer_cluster/*.key
+wazuh/certs/indexer_cluster/*.csr
+wazuh-eks/certs/dashboard_http/*.pem
+wazuh-eks/certs/dashboard_http/*.key
+wazuh-eks/certs/indexer_cluster/*.pem
+wazuh-eks/certs/indexer_cluster/*.key
+wazuh-eks/certs/indexer_cluster/*.csr
\ No newline at end of file
diff --git a/envs/eks-nlb/dashboard-resources.yaml b/envs/eks-nlb/dashboard-resources.yaml
new file mode 100644
index 00000000..afff95ae
--- /dev/null
+++ b/envs/eks-nlb/dashboard-resources.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wazuh-dashboard
+  namespace: wazuh
+spec:
+  template:
+    spec:
+      containers:
+        - name: wazuh-dashboard
+          resources:
+            requests:
+              cpu: 200m
+              memory: 512Mi
+            limits:
+              cpu: 400m
+              memory: 2Gi
diff --git a/envs/eks-nlb/indexer-resources.yaml b/envs/eks-nlb/indexer-resources.yaml
new file mode 100644
index 00000000..85ee2fde
--- /dev/null
+++ b/envs/eks-nlb/indexer-resources.yaml
@@ -0,0 +1,35 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-indexer
+  namespace: wazuh
+spec:
+  template:
+    spec:
+      containers:
+        - name: wazuh-indexer
+          resources:
+            requests:
+              cpu: 500m
+              memory: 1Gi
+            limits:
+              cpu: 1
+              memory: 2Gi
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-indexer
+        namespace: indexer-cluster
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 10Gi
diff --git a/envs/eks-nlb/kustomization.yml b/envs/eks-nlb/kustomization.yml
new file mode 100644
index 00000000..552338cd
--- /dev/null
+++ b/envs/eks-nlb/kustomization.yml
@@ -0,0 +1,17 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../wazuh-eks
+patches:
+- path: storage-class.yaml
+- path: indexer-resources.yaml
+- path: dashboard-resources.yaml
+- path: wazuh-master-resources.yaml
+- path: wazuh-worker-resources.yaml
diff --git a/envs/eks-nlb/storage-class.yaml b/envs/eks-nlb/storage-class.yaml
new file mode 100644
index 00000000..48422819
--- /dev/null
+++ b/envs/eks-nlb/storage-class.yaml
@@ -0,0 +1,19 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh StorageClass
+
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: wazuh-storage
+provisioner: kubernetes.io/aws-ebs
+parameters:
+  encrypted: 'true'
+  type: gp2
+volumeBindingMode: WaitForFirstConsumer
+reclaimPolicy: Retain  # Useful in case you delete the PersistentVolumeClaim
diff --git a/envs/eks-nlb/wazuh-master-resources.yaml b/envs/eks-nlb/wazuh-master-resources.yaml
new file mode 100644
index 00000000..54ac774f
--- /dev/null
+++ b/envs/eks-nlb/wazuh-master-resources.yaml
@@ -0,0 +1,35 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-manager-master
+  namespace: wazuh
+spec:
+  template:
+    spec:
+      containers:
+        - name: wazuh-manager
+          resources:
+            requests:
+              cpu: 1
+              memory: 1Gi
+            limits:
+              cpu: 2
+              memory: 2Gi
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-manager-master
+        namespace: wazuh
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 50Gi
diff --git a/envs/eks-nlb/wazuh-worker-resources.yaml b/envs/eks-nlb/wazuh-worker-resources.yaml
new file mode 100644
index 00000000..668c3ff5
--- /dev/null
+++ b/envs/eks-nlb/wazuh-worker-resources.yaml
@@ -0,0 +1,35 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-manager-worker
+  namespace: wazuh
+spec:
+  template:
+    spec:
+      containers:
+        - name: wazuh-manager
+          resources:
+            requests:
+              cpu: 1
+              memory: 1Gi
+            limits:
+              cpu: 2
+              memory: 2Gi
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-manager-worker
+        namespace: wazuh
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 50Gi
diff --git a/wazuh-eks/base/storage-class.yaml b/wazuh-eks/base/storage-class.yaml
new file mode 100644
index 00000000..9f675b0b
--- /dev/null
+++ b/wazuh-eks/base/storage-class.yaml
@@ -0,0 +1,14 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh StorageClass
+
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: wazuh-storage
+# provisioner: k8s.io/minikube-hostpath
\ No newline at end of file
diff --git a/wazuh-eks/base/wazuh-ns.yaml b/wazuh-eks/base/wazuh-ns.yaml
new file mode 100644
index 00000000..0063ab85
--- /dev/null
+++ b/wazuh-eks/base/wazuh-ns.yaml
@@ -0,0 +1,13 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh namespace
+
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: wazuh
diff --git a/wazuh-eks/certs/dashboard_http/generate_certs.sh b/wazuh-eks/certs/dashboard_http/generate_certs.sh
new file mode 100755
index 00000000..6e847249
--- /dev/null
+++ b/wazuh-eks/certs/dashboard_http/generate_certs.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd $DIR
+
+openssl req -x509 -batch -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
diff --git a/wazuh-eks/certs/indexer_cluster/generate_certs.sh b/wazuh-eks/certs/indexer_cluster/generate_certs.sh
new file mode 100755
index 00000000..8ddde492
--- /dev/null
+++ b/wazuh-eks/certs/indexer_cluster/generate_certs.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd $DIR
+
+echo "Root CA"
+
+openssl genrsa -out root-ca-key.pem 2048
+
+openssl req -days 3650 -new -x509 -sha256 -key root-ca-key.pem -out root-ca.pem -subj "/C=US/L=California/O=Company/CN=root-ca"
+
+echo "Admin cert"
+
+echo "create: admin-key-temp.pem"
+
+openssl genrsa -out admin-key-temp.pem 2048
+
+echo "create: admin-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in admin-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out admin-key.pem
+
+echo "create: admin.csr"
+
+openssl req -days 3650 -new -key admin-key.pem -out admin.csr -subj "/C=US/L=California/O=Company/CN=admin"
+
+echo "create: admin.pem"
+
+openssl x509 -req -days 3650 -in admin.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out admin.pem
+
+
+echo "* Node cert"
+
+echo "create: node-key-temp.pem"
+
+openssl genrsa -out node-key-temp.pem 2048
+
+echo "create: node-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in node-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out node-key.pem
+
+echo "create: node.csr"
+
+openssl req -days 3650 -new -key node-key.pem -out node.csr -subj "/C=US/L=California/O=Company/CN=wazuh-internal-lb"
+
+echo "create: node.pem"
+
+openssl x509 -req -days 3650 -in node.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out node.pem
+
+echo "* dashboard cert"
+
+echo "create: dashboard-key-temp.pem"
+
+openssl genrsa -out dashboard-key-temp.pem 2048
+
+echo "create: dashboard-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in dashboard-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out dashboard-key.pem
+
+echo "create: dashboard.csr"
+
+openssl req -days 3650 -new -key dashboard-key.pem -out dashboard.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"
+
+echo "create: dashboard.pem"
+
+openssl x509 -req -days 3650 -in dashboard.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out dashboard.pem
+
+
+
+echo "* Filebeat cert"
+
+echo "create: filebeat-key-temp.pem"
+
+openssl genrsa -out filebeat-key-temp.pem 2048
+
+echo "create: filebeat-key.pem"
+
+openssl pkcs8 -inform PEM -outform PEM -in filebeat-key-temp.pem -topk8 -nocrypt -v1 PBE-SHA1-3DES -out filebeat-key.pem
+
+echo "create: filebeat.csr"
+
+openssl req -days 3650 -new -key filebeat-key.pem -out filebeat.csr -subj "/C=US/L=California/O=Company/CN=wazuh-external-lb"
+
+echo "create: filebeat.pem"
+
+openssl x509 -req -days 3650 -in filebeat.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -sha256 -out filebeat.pem
\ No newline at end of file
diff --git a/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml b/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
new file mode 100644
index 00000000..f5093ef5
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
@@ -0,0 +1,100 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Dashboard Deployment
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: wazuh-dashboard
+  namespace: wazuh
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: wazuh-dashboard
+  template:
+    metadata:
+      labels:
+        app: wazuh-dashboard
+      name: wazuh-dashboard
+    spec:
+      volumes:
+        - name: config
+          configMap:
+            name: dashboard-conf
+        - name: dashboard-certs
+          secret:
+            secretName: dashboard-certs
+      containers:
+        - name: wazuh-dashboard
+          image: 'wazuh/wazuh-dashboard:4.9.0'
+          resources:
+            limits:
+              cpu: 500m
+              memory: 1Gi
+          volumeMounts:
+            - name: config
+              mountPath: /usr/share/wazuh-dashboard/config/opensearch_dashboards.yml
+              subPath: opensearch_dashboards.yml
+              readOnly: false
+            - name: dashboard-certs
+              mountPath: /usr/share/wazuh-dashboard/certs/cert.pem
+              readOnly: true
+              subPath: cert.pem
+            - name: dashboard-certs
+              mountPath: /usr/share/wazuh-dashboard/certs/key.pem
+              readOnly: true
+              subPath: key.pem
+            - name: dashboard-certs
+              mountPath: /usr/share/wazuh-dashboard/certs/root-ca.pem
+              subPath: root-ca.pem
+              readOnly: true
+          ports:
+            - containerPort: 5601
+              name: dashboard
+          env:
+            - name: INDEXER_URL
+              value: 'https://wazuh-indexer-0.wazuh-indexer:9200'
+            - name: INDEXER_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: indexer-cred
+                  key: username
+            - name: INDEXER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: indexer-cred
+                  key: password
+            - name: DASHBOARD_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: dashboard-cred
+                  key: username
+            - name: DASHBOARD_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: dashboard-cred
+                  key: password
+            - name: SERVER_SSL_ENABLED
+              value: "true"
+            - name: SERVER_SSL_CERTIFICATE
+              value: /usr/share/wazuh-dashboard/certs/cert.pem
+            - name: SERVER_SSL_KEY
+              value: /usr/share/wazuh-dashboard/certs/key.pem
+            - name: WAZUH_API_URL
+              value: https://wazuh-manager-master-0.wazuh-cluster
+            - name: API_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: wazuh-api-cred
+                  key: username
+            - name: API_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: wazuh-api-cred
+                  key: password
diff --git a/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml b/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
new file mode 100644
index 00000000..1757a9fc
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
@@ -0,0 +1,13 @@
+
+server.host: 0.0.0.0
+server.port: 5601
+opensearch.hosts: https://wazuh-internal-lb:9200
+opensearch.ssl.verificationMode: none
+opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]
+opensearch_security.multitenancy.enabled: false
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/usr/share/wazuh-dashboard/certs/key.pem"
+server.ssl.certificate: "/usr/share/wazuh-dashboard/certs/cert.pem"
+opensearch.ssl.certificateAuthorities: ["/usr/share/wazuh-dashboard/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wz-home
\ No newline at end of file
diff --git a/wazuh-eks/indexer_stack/wazuh-dashboard/lb-external.yaml b/wazuh-eks/indexer_stack/wazuh-dashboard/lb-external.yaml
new file mode 100644
index 00000000..8d6faf35
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-dashboard/lb-external.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh-external-lb
+  namespace: wazuh
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: external
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+    service.beta.kubernetes.io/aws-load-balancer-name: wazuh-external-lb
+spec:
+  type: LoadBalancer
+  ports:
+  - name: manager-worker-agents-events
+    port: 1514
+    targetPort: agents-events
+  - name: manager-cluster
+    port: 1516
+    targetPort: cluster-port
+  - name: manager-master-registration
+    port: 1515
+    targetPort: registration
+  - name: manager-master-api
+    port: 55000
+    targetPort: api-port
+  - name: dashboard
+    port: 443
+    targetPort: dashboard-port
+  selector:
+    lbtype: external
\ No newline at end of file
diff --git a/wazuh-eks/indexer_stack/wazuh-dashboard/lb-internal.yaml b/wazuh-eks/indexer_stack/wazuh-dashboard/lb-internal.yaml
new file mode 100644
index 00000000..e357ced0
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-dashboard/lb-internal.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh-internal-lb
+  namespace: wazuh
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: internal
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internal
+    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
+    service.beta.kubernetes.io/aws-load-balancer-name: wazuh-internal-lb
+spec:
+  type: LoadBalancer
+  ports:
+  - name: indexer-rest
+    port: 9200
+    targetPort: indexer-rest
+  - name: indexer-nodes
+    port: 9300
+    targetPort: indexer-nodes
+  selector:
+    lbtype: internal
+    app: wazuh-indexer
\ No newline at end of file
diff --git a/wazuh-eks/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml b/wazuh-eks/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
new file mode 100644
index 00000000..7ec0038f
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
@@ -0,0 +1,140 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Indexer StatefulSet: 3 master nodes.
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-indexer
+  namespace: wazuh
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: wazuh-indexer
+  serviceName: wazuh-indexer
+  template:
+    metadata:
+      labels:
+        app: wazuh-indexer
+      name: wazuh-indexer
+    spec:
+      # Set the wazuh-indexer volume permissions so the wazuh-indexer user can use it
+      volumes:
+        - name: indexer-certs
+          secret:
+            secretName: indexer-certs
+        - name: indexer-conf
+          configMap:
+            name: indexer-conf
+      initContainers:
+        - name: volume-mount-hack
+          image: busybox
+          resources:
+            requests:
+              cpu: 50m
+              memory: 128Mi
+            limits:
+              cpu: 100m
+              memory: 256Mi
+          command:
+            - sh
+            - '-c'
+            - 'chown -R 1000:1000 /var/lib/wazuh-indexer'
+          volumeMounts:
+            - name: wazuh-indexer
+              mountPath: /var/lib/wazuh-indexer
+        - name: increase-the-vm-max-map-count
+          image: busybox
+          command:
+            - sysctl
+            - -w
+            - vm.max_map_count=262144
+          securityContext:
+            privileged: true
+      containers:
+        - name: wazuh-indexer
+          image: 'wazuh/wazuh-indexer:4.9.0'
+          resources:
+            limits:
+              cpu: 500m
+              memory: 1564Mi
+          env:
+            - name: OPENSEARCH_JAVA_OPTS
+              value: '-Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true'
+            - name: CLUSTER_NAME
+              value: wazuh
+            - name: NETWORK_HOST
+              value: "0.0.0.0"
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: DISCOVERY_SERVICE
+              value: wazuh-indexer
+            - name: KUBERNETES_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: DISABLE_INSTALL_DEMO_CONFIG
+              value: 'true'
+            - name: INDEXER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: indexer-cred
+                  key: password
+          securityContext:
+            capabilities:
+              add: ["SYS_CHROOT"]
+          volumeMounts:
+            - name: wazuh-indexer
+              mountPath: /var/lib/wazuh-indexer
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/node-key.pem
+              subPath: node-key.pem
+              readOnly: true
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/node.pem
+              subPath: node.pem
+              readOnly: true
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/root-ca.pem
+              subPath: root-ca.pem
+              readOnly: true
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/admin.pem
+              subPath: admin.pem
+              readOnly: true
+            - name: indexer-certs
+              mountPath: /usr/share/wazuh-indexer/certs/admin-key.pem
+              subPath: admin-key.pem
+              readOnly: true
+            - name: indexer-conf
+              mountPath: /usr/share/wazuh-indexer/opensearch.yml
+              subPath: opensearch.yml
+              readOnly: true
+            - name: indexer-conf
+              mountPath: /usr/share/wazuh-indexer/opensearch-security/internal_users.yml
+              subPath: internal_users.yml
+              readOnly: true
+          ports:
+            - containerPort: 9200
+              name: indexer-rest
+            - containerPort: 9300
+              name: indexer-nodes
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-indexer
+        namespace: indexer-cluster
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 500Mi
diff --git a/wazuh-eks/indexer_stack/wazuh-indexer/indexer-svc.yaml b/wazuh-eks/indexer_stack/wazuh-indexer/indexer-svc.yaml
new file mode 100644
index 00000000..d9d0f191
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-indexer/indexer-svc.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Indexer service: Communications
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh-indexer
+  namespace: wazuh
+  labels:
+    app: wazuh-indexer
+spec:
+  selector:
+    app: wazuh-indexer
+  ports:
+    - name: indexer-nodes
+      port: 9300
+      targetPort: 9300
+  clusterIP: None
diff --git a/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml b/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml
new file mode 100644
index 00000000..d9f05b34
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml
@@ -0,0 +1,56 @@
+---
+# This is the internal user database
+# The hash value is a bcrypt hash and can be generated with plugin/tools/hash.sh
+
+_meta:
+  type: "internalusers"
+  config_version: 2
+
+# Define your internal users here
+
+## Demo users
+
+admin:
+  hash: "$2y$12$K/SpwjtB.wOHJ/Nc6GVRDuc1h0rM1DfvziFRNPtk27P.c4yDr9njO"
+  reserved: true
+  backend_roles:
+  - "admin"
+  description: "Demo admin user"
+
+kibanaserver:
+  hash: "$2a$12$4AcgAt3xwOWadA5s5blL6ev39OXDNhmOesEoo33eZtrq2N0YrU3H."
+  reserved: true
+  description: "Demo kibanaserver user"
+
+kibanaro:
+  hash: "$2a$12$JJSXNfTowz7Uu5ttXfeYpeYE0arACvcwlPBStB1F.MI7f0U9Z4DGC"
+  reserved: false
+  backend_roles:
+  - "kibanauser"
+  - "readall"
+  attributes:
+    attribute1: "value1"
+    attribute2: "value2"
+    attribute3: "value3"
+  description: "Demo kibanaro user"
+
+logstash:
+  hash: "$2a$12$u1ShR4l4uBS3Uv59Pa2y5.1uQuZBrZtmNfqB3iM/.jL0XoV9sghS2"
+  reserved: false
+  backend_roles:
+  - "logstash"
+  description: "Demo logstash user"
+
+readall:
+  hash: "$2a$12$ae4ycwzwvLtZxwZ82RmiEunBbIPiAmGZduBAjKN0TXdwQFtCwARz2"
+  reserved: false
+  backend_roles:
+  - "readall"
+  description: "Demo readall user"
+
+snapshotrestore:
+  hash: "$2y$12$DpwmetHKwgYnorbgdvORCenv4NAK8cPUg8AI6pxLCuWf/ALc0.v7W"
+  reserved: false
+  backend_roles:
+  - "snapshotrestore"
+  description: "Demo snapshotrestore user"
diff --git a/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml b/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
new file mode 100644
index 00000000..c3027854
--- /dev/null
+++ b/wazuh-eks/indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
@@ -0,0 +1,31 @@
+cluster.name: ${CLUSTER_NAME}
+node.name: ${NODE_NAME}
+network.host: ${NETWORK_HOST}
+discovery.seed_hosts: wazuh-indexer-0.wazuh-indexer
+cluster.initial_master_nodes:
+  - wazuh-indexer-0
+
+node.max_local_storage_nodes: "3"
+path.data: /var/lib/wazuh-indexer
+path.logs: /var/log/wazuh-indexer
+plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
+plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
+plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node.pem
+plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node-key.pem
+plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/root-ca.pem
+plugins.security.ssl.http.enabled: true
+plugins.security.ssl.transport.enforce_hostname_verification: false
+plugins.security.ssl.transport.resolve_hostname: false
+plugins.security.authcz.admin_dn:
+  - CN=admin,O=Company,L=California,C=US
+plugins.security.check_snapshot_restore_write_privileges: true
+plugins.security.enable_snapshot_restore_privilege: true
+plugins.security.nodes_dn:
+  - CN=wazuh-internal-lb,O=Company,L=California,C=US
+plugins.security.restapi.roles_enabled:
+- "all_access"
+- "security_rest_api_access"
+plugins.security.allow_default_init_securityindex: true
+cluster.routing.allocation.disk.threshold_enabled: false
+compatibility.override_main_response_version: true
\ No newline at end of file
diff --git a/wazuh-eks/kustomization.yml b/wazuh-eks/kustomization.yml
new file mode 100644
index 00000000..01f97627
--- /dev/null
+++ b/wazuh-eks/kustomization.yml
@@ -0,0 +1,64 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+# Adds wazuh namespace to all resources.
+namespace: wazuh
+
+secretGenerator:
+  - name: indexer-certs
+    files:
+      - certs/indexer_cluster/root-ca.pem
+      - certs/indexer_cluster/node.pem
+      - certs/indexer_cluster/node-key.pem
+      - certs/indexer_cluster/dashboard.pem
+      - certs/indexer_cluster/dashboard-key.pem
+      - certs/indexer_cluster/admin.pem
+      - certs/indexer_cluster/admin-key.pem
+      - certs/indexer_cluster/filebeat.pem
+      - certs/indexer_cluster/filebeat-key.pem
+  - name: dashboard-certs
+    files:
+      - certs/dashboard_http/cert.pem
+      - certs/dashboard_http/key.pem
+      - certs/indexer_cluster/root-ca.pem
+
+configMapGenerator:
+  - name: indexer-conf
+    files:
+      - indexer_stack/wazuh-indexer/indexer_conf/opensearch.yml
+      - indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml
+  - name: wazuh-conf
+    files:
+      - wazuh_managers/wazuh_conf/master.conf
+      - wazuh_managers/wazuh_conf/worker.conf
+  - name: dashboard-conf
+    files:
+      - indexer_stack/wazuh-dashboard/dashboard_conf/opensearch_dashboards.yml
+
+resources:
+  - base/wazuh-ns.yaml
+  - base/storage-class.yaml
+
+  - secrets/wazuh-api-cred-secret.yaml
+  - secrets/wazuh-authd-pass-secret.yaml
+  - secrets/wazuh-cluster-key-secret.yaml
+  - secrets/dashboard-cred-secret.yaml
+  - secrets/indexer-cred-secret.yaml
+
+  - wazuh_managers/wazuh-master-sts.yaml
+  - wazuh_managers/wazuh-worker-sts.yaml
+  - wazuh_managers/wazuh-cluster-svc.yaml
+
+  - indexer_stack/wazuh-indexer/cluster/indexer-sts.yaml
+  - indexer_stack/wazuh-indexer/indexer-svc.yaml
+
+  - indexer_stack/wazuh-dashboard/lb-external.yaml
+  - indexer_stack/wazuh-dashboard/lb-internal.yaml
+  - indexer_stack/wazuh-dashboard/dashboard-deploy.yaml
diff --git a/wazuh-eks/secrets/dashboard-cred-secret.yaml b/wazuh-eks/secrets/dashboard-cred-secret.yaml
new file mode 100644
index 00000000..078f8776
--- /dev/null
+++ b/wazuh-eks/secrets/dashboard-cred-secret.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2022 Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh dashboard API credentials secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dashboard-cred
+data:
+  username: a2liYW5hc2VydmVy  # string "kibanaserver" base64 encoded
+  password: a2liYW5hc2VydmVy  # string "kibanaserver" base64 encoded
diff --git a/wazuh-eks/secrets/indexer-cred-secret.yaml b/wazuh-eks/secrets/indexer-cred-secret.yaml
new file mode 100644
index 00000000..3f159c5a
--- /dev/null
+++ b/wazuh-eks/secrets/indexer-cred-secret.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh API credentials secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: indexer-cred
+data:
+  username: YWRtaW4=              # string "admin" base64 encoded
+  password: U2VjcmV0UGFzc3dvcmQ=  # string "SecretPassword" base64 encoded
diff --git a/wazuh-eks/secrets/wazuh-api-cred-secret.yaml b/wazuh-eks/secrets/wazuh-api-cred-secret.yaml
new file mode 100644
index 00000000..b6628f95
--- /dev/null
+++ b/wazuh-eks/secrets/wazuh-api-cred-secret.yaml
@@ -0,0 +1,17 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh API credentials secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wazuh-api-cred
+  namespace: wazuh
+data:
+  username: d2F6dWgtd3Vp          # string "wazuh-wui" base64 encoded
+  password: TXlTM2NyMzdQNDUwci4qLQ==  # string "MyS3cr37P450r.*-" base64 encoded
diff --git a/wazuh-eks/secrets/wazuh-authd-pass-secret.yaml b/wazuh-eks/secrets/wazuh-authd-pass-secret.yaml
new file mode 100644
index 00000000..03b4b6b8
--- /dev/null
+++ b/wazuh-eks/secrets/wazuh-authd-pass-secret.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh authd password secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wazuh-authd-pass
+  namespace: wazuh
+data:
+  authd.pass: cGFzc3dvcmQ= # string "password" base64 encoded
diff --git a/wazuh-eks/secrets/wazuh-cluster-key-secret.yaml b/wazuh-eks/secrets/wazuh-cluster-key-secret.yaml
new file mode 100644
index 00000000..cbe50253
--- /dev/null
+++ b/wazuh-eks/secrets/wazuh-cluster-key-secret.yaml
@@ -0,0 +1,16 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh cluster key secret
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wazuh-cluster-key
+  namespace: wazuh
+data:
+  key: MTIzYTQ1YmM2N2RlZjg5MWdoMjNpNDVqazY3bDhtbjk= # string "123a45bc67def891gh23i45jk67l8mn9" base64 encoded
diff --git a/wazuh-eks/wazuh_managers/wazuh-cluster-svc.yaml b/wazuh-eks/wazuh_managers/wazuh-cluster-svc.yaml
new file mode 100644
index 00000000..ce3c7c8e
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh-cluster-svc.yaml
@@ -0,0 +1,24 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh cluster Service: Manager nodes communication
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh-cluster
+  namespace: wazuh
+  labels:
+    app: wazuh-manager
+spec:
+  selector:
+    app: wazuh-manager
+  ports:
+    - name: cluster
+      port: 1516
+      targetPort: 1516
+  clusterIP: None
diff --git a/wazuh-eks/wazuh_managers/wazuh-master-sts.yaml b/wazuh-eks/wazuh_managers/wazuh-master-sts.yaml
new file mode 100644
index 00000000..f1b358c2
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh-master-sts.yaml
@@ -0,0 +1,159 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh master StatefulSet
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-manager-master
+  namespace: wazuh
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: wazuh-manager
+      node-type: master
+  serviceName: wazuh-cluster
+  podManagementPolicy: Parallel
+  template:
+    metadata:
+      labels:
+        app: wazuh-manager
+        node-type: master
+      name: wazuh-manager-master
+    spec:
+      volumes:
+        - name: config
+          configMap:
+            name: wazuh-conf
+        - name: filebeat-certs
+          secret:
+            secretName: indexer-certs
+        - name: wazuh-authd-pass
+          secret:
+            secretName: wazuh-authd-pass
+      securityContext:
+        fsGroup: 101
+      containers:
+        - name: wazuh-manager
+          image: 'wazuh/wazuh-manager:4.9.0'
+          resources:
+            limits:
+              cpu: 400m
+              memory: 512Mi
+          securityContext:
+            capabilities:
+              add: ["SYS_CHROOT"]
+          volumeMounts:
+            - name: config
+              mountPath: /wazuh-config-mount/etc/ossec.conf
+              subPath: master.conf
+              readOnly: true
+            - name: filebeat-certs
+              mountPath: /etc/ssl/root-ca.pem
+              readOnly: true
+              subPath: root-ca.pem
+            - name: filebeat-certs
+              mountPath: /etc/ssl/filebeat.pem
+              subPath: filebeat.pem
+              readOnly: true
+            - name: filebeat-certs
+              mountPath: /etc/ssl/filebeat.key
+              subPath: filebeat-key.pem
+              readOnly: true
+            - name: wazuh-authd-pass
+              mountPath: /wazuh-config-mount/etc/authd.pass
+              subPath: authd.pass
+              readOnly: true
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/api/configuration
+              subPath: wazuh/var/ossec/api/configuration
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/etc
+              subPath: wazuh/var/ossec/etc
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/logs
+              subPath: wazuh/var/ossec/logs
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/queue
+              subPath: wazuh/var/ossec/queue
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/var/multigroups
+              subPath: wazuh/var/ossec/var/multigroups
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/integrations
+              subPath: wazuh/var/ossec/integrations
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/active-response/bin
+              subPath: wazuh/var/ossec/active-response/bin
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/agentless
+              subPath: wazuh/var/ossec/agentless
+            - name: wazuh-manager-master
+              mountPath: /var/ossec/wodles
+              subPath: wazuh/var/ossec/wodles
+            - name: wazuh-manager-master
+              mountPath: /etc/filebeat
+              subPath: filebeat/etc/filebeat
+            - name: wazuh-manager-master
+              mountPath: /var/lib/filebeat
+              subPath: filebeat/var/lib/filebeat
+          ports:
+            - containerPort: 1515
+              name: registration
+            - containerPort: 1516
+              name: cluster
+            - containerPort: 55000
+              name: api
+          env:
+            - name: INDEXER_URL
+              value: 'https://wazuh-indexer-0.wazuh-indexer:9200'
+            - name: INDEXER_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: indexer-cred
+                  key: username
+            - name: INDEXER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: indexer-cred
+                  key: password
+            - name: FILEBEAT_SSL_VERIFICATION_MODE
+              value: 'full'
+            - name: SSL_CERTIFICATE_AUTHORITIES
+              value: /etc/ssl/root-ca.pem
+            - name: SSL_CERTIFICATE
+              value: /etc/ssl/filebeat.pem
+            - name: SSL_KEY
+              value: /etc/ssl/filebeat.key
+            - name: API_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: wazuh-api-cred
+                  key: username
+            - name: API_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: wazuh-api-cred
+                  key: password
+            - name: WAZUH_CLUSTER_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: wazuh-cluster-key
+                  key: key
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-manager-master
+        namespace: wazuh
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 500Mi
diff --git a/wazuh-eks/wazuh_managers/wazuh-worker-sts.yaml b/wazuh-eks/wazuh_managers/wazuh-worker-sts.yaml
new file mode 100644
index 00000000..f0785fab
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh-worker-sts.yaml
@@ -0,0 +1,146 @@
+# Copyright (C) 2019, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+# Wazuh workers StatefulSet
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: wazuh-manager-worker
+  namespace: wazuh
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: wazuh-manager
+      node-type: worker
+  serviceName: wazuh-cluster
+  podManagementPolicy: Parallel
+  template:
+    metadata:
+      labels:
+        app: wazuh-manager
+        node-type: worker
+      name: wazuh-manager-worker
+    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                topologyKey: kubernetes.io/hostname
+      volumes:
+        - name: config
+          configMap:
+            name: wazuh-conf
+        - name: filebeat-certs
+          secret:
+            secretName: indexer-certs
+      securityContext:
+        fsGroup: 101
+      containers:
+        - name: wazuh-manager
+          image: 'wazuh/wazuh-manager:4.9.0'
+          resources:
+            limits:
+              cpu: 400m
+              memory: 512Mi
+          securityContext:
+            capabilities:
+              add: ["SYS_CHROOT"]
+          volumeMounts:
+            - name: config
+              mountPath: /wazuh-config-mount/etc/ossec.conf
+              subPath: worker.conf
+              readOnly: true
+            - name: filebeat-certs
+              mountPath: /etc/ssl/root-ca.pem
+              readOnly: true
+              subPath: root-ca.pem
+            - name: filebeat-certs
+              mountPath: /etc/ssl/filebeat.pem
+              subPath: filebeat.pem
+              readOnly: true
+            - name: filebeat-certs
+              mountPath: /etc/ssl/filebeat.key
+              subPath: filebeat-key.pem
+              readOnly: true
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/api/configuration
+              subPath: wazuh/var/ossec/api/configuration
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/etc
+              subPath: wazuh/var/ossec/etc
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/logs
+              subPath: wazuh/var/ossec/logs
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/queue
+              subPath: wazuh/var/ossec/queue
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/var/multigroups
+              subPath: wazuh/var/ossec/var/multigroups
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/integrations
+              subPath: wazuh/var/ossec/integrations
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/active-response/bin
+              subPath: wazuh/var/ossec/active-response/bin
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/agentless
+              subPath: wazuh/var/ossec/agentless
+            - name: wazuh-manager-worker
+              mountPath: /var/ossec/wodles
+              subPath: wazuh/var/ossec/wodles
+            - name: wazuh-manager-worker
+              mountPath: /etc/filebeat
+              subPath: filebeat/etc/filebeat
+            - name: wazuh-manager-worker
+              mountPath: /var/lib/filebeat
+              subPath: filebeat/var/lib/filebeat
+          ports:
+            - containerPort: 1514
+              name: agents-events
+            - containerPort: 1516
+              name: cluster
+          env:
+            - name: INDEXER_URL
+              value: 'https://wazuh-indexer-0.wazuh-indexer:9200'
+            - name: INDEXER_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: indexer-cred
+                  key: username
+            - name: INDEXER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: indexer-cred
+                  key: password
+            - name: FILEBEAT_SSL_VERIFICATION_MODE
+              value: 'full'
+            - name: SSL_CERTIFICATE_AUTHORITIES
+              value: /etc/ssl/root-ca.pem
+            - name: SSL_CERTIFICATE
+              value: /etc/ssl/filebeat.pem
+            - name: SSL_KEY
+              value: /etc/ssl/filebeat.key
+            - name: WAZUH_CLUSTER_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: wazuh-cluster-key
+                  key: key
+  volumeClaimTemplates:
+    - metadata:
+        name: wazuh-manager-worker
+        namespace: wazuh
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        storageClassName: wazuh-storage
+        resources:
+          requests:
+            storage: 500Mi
diff --git a/wazuh-eks/wazuh_managers/wazuh_conf/master.conf b/wazuh-eks/wazuh_managers/wazuh_conf/master.conf
new file mode 100644
index 00000000..aba97f92
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh_conf/master.conf
@@ -0,0 +1,344 @@
+<!--
+  Wazuh - Manager - Default configuration for ubuntu 16.04
+  More info at: https://documentation.wazuh.com
+  Mailing list: https://groups.google.com/forum/#!forum/wazuh
+
+  Customization: TCP on port 1514
+  Customization: Cluster mode enabled, master node
+-->
+<ossec_config>
+  <global>
+    <jsonout_output>yes</jsonout_output>
+    <alerts_log>yes</alerts_log>
+    <logall>no</logall>
+    <logall_json>no</logall_json>
+    <email_notification>no</email_notification>
+    <smtp_server>smtp.example.wazuh.com</smtp_server>
+    <email_from>ossecm@example.wazuh.com</email_from>
+    <email_to>recipient@example.wazuh.com</email_to>
+    <email_maxperhour>12</email_maxperhour>
+    <email_log_source>alerts.log</email_log_source>
+    <queue_size>131072</queue_size>
+    <agents_disconnection_time>20s</agents_disconnection_time>
+    <agents_disconnection_alert_time>100s</agents_disconnection_alert_time>
+  </global>
+
+  <alerts>
+    <log_alert_level>3</log_alert_level>
+    <email_alert_level>12</email_alert_level>
+  </alerts>
+
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>plain</log_format>
+  </logging>
+
+  <remote>
+    <connection>secure</connection>
+    <port>1514</port>
+    <protocol>tcp</protocol>
+    <queue_size>131072</queue_size>
+  </remote>
+
+  <!-- Policy monitoring -->
+  <rootcheck>
+    <disabled>no</disabled>
+    <check_unixaudit>yes</check_unixaudit>
+    <check_files>yes</check_files>
+    <check_trojans>yes</check_trojans>
+    <check_dev>yes</check_dev>
+    <check_sys>yes</check_sys>
+    <check_pids>yes</check_pids>
+    <check_ports>yes</check_ports>
+    <check_if>yes</check_if>
+
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>43200</frequency>
+
+    <rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
+
+    <system_audit>/var/ossec/etc/rootcheck/system_audit_rcl.txt</system_audit>
+    <system_audit>/var/ossec/etc/rootcheck/system_audit_ssh.txt</system_audit>
+
+    <skip_nfs>yes</skip_nfs>
+  </rootcheck>
+
+  <wodle name="open-scap">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+  </wodle>
+
+  <wodle name="cis-cat">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <java_path>wodles/java</java_path>
+    <ciscat_path>wodles/ciscat</ciscat_path>
+  </wodle>
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>yes</disabled>
+    <run_daemon>yes</run_daemon>
+    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
+    <config_path>/etc/osquery/osquery.conf</config_path>
+    <add_labels>yes</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>no</disabled>
+    <interval>1h</interval>
+    <scan_on_start>yes</scan_on_start>
+    <hardware>yes</hardware>
+    <os>yes</os>
+    <network>yes</network>
+    <packages>yes</packages>
+    <ports all="no">yes</ports>
+    <processes>yes</processes>
+  </wodle>
+
+  <vulnerability-detection>
+    <enabled>yes</enabled>
+    <index-status>yes</index-status>
+    <feed-update-interval>60m</feed-update-interval>
+  </vulnerability-detection>
+
+  <indexer>
+    <enabled>yes</enabled>
+    <hosts>
+      <host>https://wazuh-indexer-0.wazuh-indexer:9200</host>
+    </hosts>
+    <username>admin</username>
+    <password>VDPass</password>
+    <ssl>
+      <certificate_authorities>
+        <ca>/etc/ssl/root-ca.pem</ca>
+      </certificate_authorities>
+      <certificate>/etc/ssl/filebeat.pem</certificate>
+      <key>/etc/ssl/filebeat.key</key>
+    </ssl>
+  </indexer>
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+    <disabled>no</disabled>
+
+    <!-- Frequency that syscheck is executed default every 12 hours -->
+    <frequency>43200</frequency>
+
+    <scan_on_start>yes</scan_on_start>
+
+    <!-- Generate alert when new file detected -->
+    <alert_new_files>yes</alert_new_files>
+
+    <!-- Don't ignore files that change more than 'frequency' times -->
+    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
+    <directories check_all="yes">/bin,/sbin,/boot</directories>
+
+    <!-- Files/directories to ignore -->
+    <ignore>/etc/mtab</ignore>
+    <ignore>/etc/hosts.deny</ignore>
+    <ignore>/etc/mail/statistics</ignore>
+    <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
+    <ignore>/etc/adjtime</ignore>
+    <ignore>/etc/httpd/logs</ignore>
+    <ignore>/etc/utmpx</ignore>
+    <ignore>/etc/wtmpx</ignore>
+    <ignore>/etc/cups/certs</ignore>
+    <ignore>/etc/dumpdates</ignore>
+    <ignore>/etc/svc/volatile</ignore>
+    <ignore>/sys/kernel/security</ignore>
+    <ignore>/sys/kernel/debug</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
+
+    <skip_nfs>yes</skip_nfs>
+
+    <!-- Remove not monitored files -->
+    <remove_old_diff>yes</remove_old_diff>
+
+    <!-- Allow the system to restart Auditd after installing the plugin -->
+    <restart_audit>yes</restart_audit>
+  </syscheck>
+
+  <!-- Active response -->
+  <global>
+    <white_list>127.0.0.1</white_list>
+    <white_list>^localhost.localdomain$</white_list>
+    <white_list>10.66.0.2</white_list>
+  </global>
+
+  <command>
+    <name>disable-account</name>
+    <executable>disable-account.sh</executable>
+    <expect>user</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>restart-ossec</name>
+    <executable>restart-ossec.sh</executable>
+    <expect></expect>
+  </command>
+
+  <command>
+    <name>firewall-drop</name>
+    <executable>firewall-drop</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>host-deny</name>
+    <executable>host-deny.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>route-null</name>
+    <executable>route-null.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null</name>
+    <executable>route-null.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null-2012</name>
+    <executable>route-null-2012.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh</name>
+    <executable>netsh.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh-win-2016</name>
+    <executable>netsh-win-2016.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <!--
+  <active-response>
+    active-response options here
+  </active-response>
+  -->
+
+  <!-- Log analysis -->
+  <localfile>
+    <log_format>command</log_format>
+    <command>df -P</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
+    <alias>netstat listening ports</alias>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>last -n 20</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <ruleset>
+    <!-- Default ruleset -->
+    <decoder_dir>ruleset/decoders</decoder_dir>
+    <rule_dir>ruleset/rules</rule_dir>
+    <rule_exclude>0215-policy_rules.xml</rule_exclude>
+    <list>etc/lists/audit-keys</list>
+    <list>etc/lists/amazon/aws-sources</list>
+    <list>etc/lists/amazon/aws-eventnames</list>
+
+    <!-- User-defined ruleset -->
+    <decoder_dir>etc/decoders</decoder_dir>
+    <rule_dir>etc/rules</rule_dir>
+  </ruleset>
+
+  <rule_test>
+	    <enabled>yes</enabled>
+	    <threads>1</threads>
+	    <max_sessions>64</max_sessions>
+	    <session_timeout>15m</session_timeout>
+  </rule_test>
+
+  <!-- Configuration for ossec-authd
+    To enable this service, run:
+    wazuh-control enable auth
+  -->
+  <auth>
+    <disabled>no</disabled>
+    <port>1515</port>
+    <use_source_ip>no</use_source_ip>
+    <force>
+      <enabled>yes</enabled>
+      <key_mismatch>yes</key_mismatch>
+      <disconnected_time enabled="yes">1h</disconnected_time>
+      <after_registration_time>1h</after_registration_time>
+    </force>
+    <purge>no</purge>
+    <use_password>yes</use_password>
+    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
+    <!-- <ssl_agent_ca></ssl_agent_ca> -->
+    <ssl_verify_host>no</ssl_verify_host>
+    <ssl_manager_cert>/var/ossec/etc/sslmanager.cert</ssl_manager_cert>
+    <ssl_manager_key>/var/ossec/etc/sslmanager.key</ssl_manager_key>
+    <ssl_auto_negotiate>no</ssl_auto_negotiate>
+  </auth>
+
+  <cluster>
+    <name>wazuh</name>
+    <node_name>wazuh-manager-master</node_name>
+    <node_type>master</node_type>
+    <key>to_be_replaced_by_cluster_key</key>
+    <port>1516</port>
+    <bind_addr>0.0.0.0</bind_addr>
+    <nodes>
+        <node>wazuh-manager-master-0.wazuh-cluster.wazuh</node>
+    </nodes>
+    <hidden>no</hidden>
+    <disabled>no</disabled>
+  </cluster>
+</ossec_config>
+
+<ossec_config>
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/ossec/logs/active-responses.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/syslog</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/dpkg.log</location>
+  </localfile>
+</ossec_config>
diff --git a/wazuh-eks/wazuh_managers/wazuh_conf/worker.conf b/wazuh-eks/wazuh_managers/wazuh_conf/worker.conf
new file mode 100644
index 00000000..c72df94b
--- /dev/null
+++ b/wazuh-eks/wazuh_managers/wazuh_conf/worker.conf
@@ -0,0 +1,344 @@
+<!--
+  Wazuh - Manager - Default configuration for ubuntu 16.04
+  More info at: https://documentation.wazuh.com
+  Mailing list: https://groups.google.com/forum/#!forum/wazuh
+
+  Customization: TCP on port 1514
+  Customization: Cluster mode enabled, worker node
+-->
+<ossec_config>
+  <global>
+    <jsonout_output>yes</jsonout_output>
+    <alerts_log>yes</alerts_log>
+    <logall>no</logall>
+    <logall_json>no</logall_json>
+    <email_notification>no</email_notification>
+    <smtp_server>smtp.example.wazuh.com</smtp_server>
+    <email_from>ossecm@example.wazuh.com</email_from>
+    <email_to>recipient@example.wazuh.com</email_to>
+    <email_maxperhour>12</email_maxperhour>
+    <email_log_source>alerts.log</email_log_source>
+    <queue_size>131072</queue_size>
+    <agents_disconnection_time>20s</agents_disconnection_time>
+    <agents_disconnection_alert_time>100s</agents_disconnection_alert_time>
+  </global>
+
+  <alerts>
+    <log_alert_level>3</log_alert_level>
+    <email_alert_level>12</email_alert_level>
+  </alerts>
+
+  <!-- Choose between "plain", "json", or "plain,json" for the format of internal logs -->
+  <logging>
+    <log_format>plain</log_format>
+  </logging>
+
+  <remote>
+    <connection>secure</connection>
+    <port>1514</port>
+    <protocol>tcp</protocol>
+    <queue_size>131072</queue_size>
+  </remote>
+
+  <!-- Policy monitoring -->
+  <rootcheck>
+    <disabled>no</disabled>
+    <check_unixaudit>yes</check_unixaudit>
+    <check_files>yes</check_files>
+    <check_trojans>yes</check_trojans>
+    <check_dev>yes</check_dev>
+    <check_sys>yes</check_sys>
+    <check_pids>yes</check_pids>
+    <check_ports>yes</check_ports>
+    <check_if>yes</check_if>
+
+    <!-- Frequency that rootcheck is executed - every 12 hours -->
+    <frequency>43200</frequency>
+
+    <rootkit_files>/var/ossec/etc/rootcheck/rootkit_files.txt</rootkit_files>
+    <rootkit_trojans>/var/ossec/etc/rootcheck/rootkit_trojans.txt</rootkit_trojans>
+
+    <system_audit>/var/ossec/etc/rootcheck/system_audit_rcl.txt</system_audit>
+    <system_audit>/var/ossec/etc/rootcheck/system_audit_ssh.txt</system_audit>
+
+    <skip_nfs>yes</skip_nfs>
+  </rootcheck>
+
+  <wodle name="open-scap">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+  </wodle>
+
+  <wodle name="cis-cat">
+    <disabled>yes</disabled>
+    <timeout>1800</timeout>
+    <interval>1d</interval>
+    <scan-on-start>yes</scan-on-start>
+
+    <java_path>wodles/java</java_path>
+    <ciscat_path>wodles/ciscat</ciscat_path>
+  </wodle>
+
+  <!-- Osquery integration -->
+  <wodle name="osquery">
+    <disabled>yes</disabled>
+    <run_daemon>yes</run_daemon>
+    <log_path>/var/log/osquery/osqueryd.results.log</log_path>
+    <config_path>/etc/osquery/osquery.conf</config_path>
+    <add_labels>yes</add_labels>
+  </wodle>
+
+  <!-- System inventory -->
+  <wodle name="syscollector">
+    <disabled>no</disabled>
+    <interval>1h</interval>
+    <scan_on_start>yes</scan_on_start>
+    <hardware>yes</hardware>
+    <os>yes</os>
+    <network>yes</network>
+    <packages>yes</packages>
+    <ports all="no">yes</ports>
+    <processes>yes</processes>
+  </wodle>
+
+  <vulnerability-detection>
+    <enabled>yes</enabled>
+    <index-status>yes</index-status>
+    <feed-update-interval>60m</feed-update-interval>
+  </vulnerability-detection>
+
+  <indexer>
+    <enabled>yes</enabled>
+    <hosts>
+      <host>https://wazuh-indexer-0.wazuh-indexer:9200</host>
+    </hosts>
+    <username>admin</username>
+    <password>VDPass</password>
+    <ssl>
+      <certificate_authorities>
+        <ca>/etc/ssl/root-ca.pem</ca>
+      </certificate_authorities>
+      <certificate>/etc/ssl/filebeat.pem</certificate>
+      <key>/etc/ssl/filebeat.key</key>
+    </ssl>
+  </indexer>
+
+  <!-- File integrity monitoring -->
+  <syscheck>
+    <disabled>no</disabled>
+
+    <!-- Frequency that syscheck is executed default every 12 hours -->
+    <frequency>43200</frequency>
+
+    <scan_on_start>yes</scan_on_start>
+
+    <!-- Generate alert when new file detected -->
+    <alert_new_files>yes</alert_new_files>
+
+    <!-- Don't ignore files that change more than 'frequency' times -->
+    <auto_ignore frequency="10" timeframe="3600">no</auto_ignore>
+
+    <!-- Directories to check  (perform all possible verifications) -->
+    <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
+    <directories check_all="yes">/bin,/sbin,/boot</directories>
+
+    <!-- Files/directories to ignore -->
+    <ignore>/etc/mtab</ignore>
+    <ignore>/etc/hosts.deny</ignore>
+    <ignore>/etc/mail/statistics</ignore>
+    <ignore>/etc/random-seed</ignore>
+    <ignore>/etc/random.seed</ignore>
+    <ignore>/etc/adjtime</ignore>
+    <ignore>/etc/httpd/logs</ignore>
+    <ignore>/etc/utmpx</ignore>
+    <ignore>/etc/wtmpx</ignore>
+    <ignore>/etc/cups/certs</ignore>
+    <ignore>/etc/dumpdates</ignore>
+    <ignore>/etc/svc/volatile</ignore>
+    <ignore>/sys/kernel/security</ignore>
+    <ignore>/sys/kernel/debug</ignore>
+
+    <!-- Check the file, but never compute the diff -->
+    <nodiff>/etc/ssl/private.key</nodiff>
+
+    <skip_nfs>yes</skip_nfs>
+
+    <!-- Remove not monitored files -->
+    <remove_old_diff>yes</remove_old_diff>
+
+    <!-- Allow the system to restart Auditd after installing the plugin -->
+    <restart_audit>yes</restart_audit>
+  </syscheck>
+
+  <!-- Active response -->
+  <global>
+    <white_list>127.0.0.1</white_list>
+    <white_list>^localhost.localdomain$</white_list>
+    <white_list>10.66.0.2</white_list>
+  </global>
+
+  <command>
+    <name>disable-account</name>
+    <executable>disable-account.sh</executable>
+    <expect>user</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>restart-ossec</name>
+    <executable>restart-ossec.sh</executable>
+    <expect></expect>
+  </command>
+
+  <command>
+    <name>firewall-drop</name>
+    <executable>firewall-drop</executable>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>host-deny</name>
+    <executable>host-deny.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>route-null</name>
+    <executable>route-null.sh</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null</name>
+    <executable>route-null.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>win_route-null-2012</name>
+    <executable>route-null-2012.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh</name>
+    <executable>netsh.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <command>
+    <name>netsh-win-2016</name>
+    <executable>netsh-win-2016.cmd</executable>
+    <expect>srcip</expect>
+    <timeout_allowed>yes</timeout_allowed>
+  </command>
+
+  <!--
+  <active-response>
+    active-response options here
+  </active-response>
+  -->
+
+  <!-- Log analysis -->
+  <localfile>
+    <log_format>command</log_format>
+    <command>df -P</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d</command>
+    <alias>netstat listening ports</alias>
+    <frequency>360</frequency>
+  </localfile>
+
+  <localfile>
+    <log_format>full_command</log_format>
+    <command>last -n 20</command>
+    <frequency>360</frequency>
+  </localfile>
+
+  <ruleset>
+    <!-- Default ruleset -->
+    <decoder_dir>ruleset/decoders</decoder_dir>
+    <rule_dir>ruleset/rules</rule_dir>
+    <rule_exclude>0215-policy_rules.xml</rule_exclude>
+    <list>etc/lists/audit-keys</list>
+    <list>etc/lists/amazon/aws-sources</list>
+    <list>etc/lists/amazon/aws-eventnames</list>
+
+    <!-- User-defined ruleset -->
+    <decoder_dir>etc/decoders</decoder_dir>
+    <rule_dir>etc/rules</rule_dir>
+  </ruleset>
+
+  <rule_test>
+	    <enabled>yes</enabled>
+	    <threads>1</threads>
+	    <max_sessions>64</max_sessions>
+	    <session_timeout>15m</session_timeout>
+  </rule_test>
+
+  <!-- Configuration for ossec-authd
+    To enable this service, run:
+    wazuh-control enable auth
+  -->
+  <auth>
+    <disabled>no</disabled>
+    <port>1515</port>
+    <use_source_ip>no</use_source_ip>
+    <force>
+      <enabled>yes</enabled>
+      <key_mismatch>yes</key_mismatch>
+      <disconnected_time enabled="yes">1h</disconnected_time>
+      <after_registration_time>1h</after_registration_time>
+    </force>
+    <purge>no</purge>
+    <use_password>no</use_password>
+    <ciphers>HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH</ciphers>
+    <!-- <ssl_agent_ca></ssl_agent_ca> -->
+    <ssl_verify_host>no</ssl_verify_host>
+    <ssl_manager_cert>/var/ossec/etc/sslmanager.cert</ssl_manager_cert>
+    <ssl_manager_key>/var/ossec/etc/sslmanager.key</ssl_manager_key>
+    <ssl_auto_negotiate>no</ssl_auto_negotiate>
+  </auth>
+
+  <cluster>
+    <name>wazuh</name>
+    <node_name>to_be_replaced_by_hostname</node_name>
+    <node_type>worker</node_type>
+    <key>to_be_replaced_by_cluster_key</key>
+    <port>1516</port>
+    <bind_addr>0.0.0.0</bind_addr>
+    <nodes>
+        <node>wazuh-manager-master-0.wazuh-cluster.wazuh</node>
+    </nodes>
+    <hidden>no</hidden>
+    <disabled>no</disabled>
+  </cluster>
+</ossec_config>
+
+<ossec_config>
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/ossec/logs/active-responses.log</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/syslog</location>
+  </localfile>
+
+  <localfile>
+    <log_format>syslog</log_format>
+    <location>/var/log/dpkg.log</location>
+  </localfile>
+</ossec_config>

From 5073d807757ced674333e67d073daa2e5310ad59 Mon Sep 17 00:00:00 2001
From: vcerenu <victor.erenu@wazuh.com>
Date: Wed, 31 Jan 2024 09:49:35 -0300
Subject: [PATCH 5/6] delete root-ca

---
 wazuh/certs/indexer_cluster/root-ca.srl | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 wazuh/certs/indexer_cluster/root-ca.srl

diff --git a/wazuh/certs/indexer_cluster/root-ca.srl b/wazuh/certs/indexer_cluster/root-ca.srl
deleted file mode 100644
index 0b52d825..00000000
--- a/wazuh/certs/indexer_cluster/root-ca.srl
+++ /dev/null
@@ -1 +0,0 @@
-1023702284AF366AD5338FA7FA775C3F488F315A

From fab771ede08ec51212da94d17ca65ccee6208fb9 Mon Sep 17 00:00:00 2001
From: vcerenu <victor.erenu@wazuh.com>
Date: Wed, 31 Jan 2024 09:50:38 -0300
Subject: [PATCH 6/6] add .slr files into gitignore

---
 .gitignore | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 9e2c0434..9af3a007 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,8 +3,10 @@ wazuh/certs/dashboard_http/*.key
 wazuh/certs/indexer_cluster/*.pem
 wazuh/certs/indexer_cluster/*.key
 wazuh/certs/indexer_cluster/*.csr
+wazuh/certs/indexer_cluster/*.slr
 wazuh-eks/certs/dashboard_http/*.pem
 wazuh-eks/certs/dashboard_http/*.key
 wazuh-eks/certs/indexer_cluster/*.pem
 wazuh-eks/certs/indexer_cluster/*.key
-wazuh-eks/certs/indexer_cluster/*.csr
\ No newline at end of file
+wazuh-eks/certs/indexer_cluster/*.csr
+wazuh-eks/certs/indexer_cluster/*.slr