This image shows how organizations can enhance the security of their data on cloud by setting up PCI compliant web application using PCI-DSS compliant Chef cookbooks and Terraform modules.

• All the resources are in a single VCN, but are attached to separate subnets.
• A bastion host and load balancer are included.
• Management traffic goes through the Internet Gateway, Bastion host, app, database, and Wazuh subnets.
• Customer traffic goes through the OCI WAF, Internet Gateway, DMZ, and application subnets.
• A NAT gateway enables one-way access from Wazuh and App subnets to the internet.
• Database and App subnet are connected to OCI Vault and object storage.
• Wazuh server is connected to object storage.