1
1
locals {
2
- deploy_image_scanning = var. deploy_image_scanning_ecr || var. deploy_image_scanning_ecs
2
+ deploy_image_scanning = var. deploy_image_scanning_ecr || var. deploy_image_scanning_ecs
3
+ deploy_scanning_infra = local. deploy_image_scanning && ! var. use_standalone_scanner
4
+ ecr_standalone_scanning = var. deploy_image_scanning_ecr && var. use_standalone_scanner
5
+ ecs_standalone_scanning = var. deploy_image_scanning_ecs && var. use_standalone_scanner
6
+ ecr_scanning_with_infra = var. deploy_image_scanning_ecr && ! var. use_standalone_scanner
7
+ ecs_scanning_with_infra = var. deploy_image_scanning_ecs && ! var. use_standalone_scanner
3
8
}
4
9
5
10
# -------------------------------------
@@ -14,13 +19,13 @@ module "cloud_connector_sqs" {
14
19
}
15
20
16
21
module "codebuild" {
17
- count = local. deploy_image_scanning ? 1 : 0
22
+ count = local. deploy_scanning_infra ? 1 : 0
18
23
source = " ../../modules/infrastructure/codebuild"
19
24
20
25
name = var. name
21
26
secure_api_token_secret_name = module. ssm . secure_api_token_secret_name
22
27
23
- tags = var. tags
28
+ tags = var. tags
24
29
# note. this is required to avoid race conditions
25
30
depends_on = [module . ssm ]
26
31
}
@@ -66,29 +71,39 @@ resource "helm_release" "cloud_connector" {
66
71
value = " terraform_aws_k8s_single"
67
72
}
68
73
69
- values = [
74
+ values = [
70
75
yamlencode ({
76
+ logging = " info"
77
+ rules = []
71
78
ingestors = [
72
79
{
73
80
cloudtrail-sns-sqs = {
74
81
queueURL = module.cloud_connector_sqs.cloudtrail_sns_subscribed_sqs_url
75
82
}
76
83
}
77
84
]
78
- scanners = local.deploy_image_scanning ? [
79
- merge (var. deploy_image_scanning_ecr ? {
85
+ scanners = [
86
+ merge (
87
+ local. ecr_scanning_with_infra ? {
80
88
aws-ecr = {
81
89
codeBuildProject = module.codebuild[0 ].project_name
82
90
secureAPITokenSecretName = module.ssm.secure_api_token_secret_name
83
91
}
84
- } : {},
85
- var. deploy_image_scanning_ecs ? {
86
- aws-ecs = {
87
- codeBuildProject = module.codebuild[0 ].project_name
88
- secureAPITokenSecretName = module.ssm.secure_api_token_secret_name
89
- }
90
- } : {})
91
- ] : []
92
+ } : {},
93
+ local. ecs_scanning_with_infra ? {
94
+ aws-ecs = {
95
+ codeBuildProject = module.codebuild[0 ].project_name
96
+ secureAPITokenSecretName = module.ssm.secure_api_token_secret_name
97
+ }
98
+ } : {},
99
+ local. ecr_standalone_scanning ? {
100
+ aws-ecr-inline = {},
101
+ } : {},
102
+ local. ecs_standalone_scanning ? {
103
+ aws-ecs-inline = {}
104
+ } : {},
105
+ )
106
+ ]
92
107
})
93
108
]
94
109
depends_on = [module . iam_user ]
0 commit comments