1
+ locals {
2
+ deploy_image_scanning = var. deploy_image_scanning_ecr || var. deploy_image_scanning_ecs
3
+ deploy_scanning_infra = local. deploy_image_scanning && ! var. use_standalone_scanner
4
+ }
1
5
# -------------------------------------
2
6
# resources deployed always in management account
3
7
# with default provider
@@ -13,16 +17,16 @@ module "resource_group_secure_for_cloud_member" {
13
17
providers = {
14
18
aws = aws.member
15
19
}
16
- source = " ../../modules/infrastructure/resource-group"
17
- name = var. name
18
- tags = var. tags
20
+ source = " ../../modules/infrastructure/resource-group"
21
+ name = var. name
22
+ tags = var. tags
19
23
}
20
24
21
25
# -------------------------------------
22
26
# secure-for-cloud member account workload
23
27
# -------------------------------------
24
28
module "ssm" {
25
- providers = {
29
+ providers = {
26
30
aws = aws.member
27
31
}
28
32
source = " ../../modules/infrastructure/ssm"
@@ -36,16 +40,16 @@ module "ssm" {
36
40
# cloud-connector
37
41
# -------------------------------------
38
42
module "codebuild" {
39
- count = var . deploy_image_scanning_ecr || var . deploy_image_scanning_ecs ? 1 : 0
43
+ count = local . deploy_scanning_infra ? 1 : 0
40
44
41
- providers = {
45
+ providers = {
42
46
aws = aws.member
43
47
}
44
48
source = " ../../modules/infrastructure/codebuild"
45
49
name = var. name
46
50
secure_api_token_secret_name = module. ssm . secure_api_token_secret_name
47
51
48
- tags = var. tags
52
+ tags = var. tags
49
53
# note. this is required to avoid race conditions
50
54
depends_on = [module . ssm ]
51
55
}
@@ -62,8 +66,9 @@ module "cloud_connector" {
62
66
63
67
deploy_image_scanning_ecr = var. deploy_image_scanning_ecr
64
68
deploy_image_scanning_ecs = var. deploy_image_scanning_ecs
69
+ use_standalone_scanner = var. use_standalone_scanner
65
70
66
- is_organizational = true
71
+ is_organizational = true
67
72
organizational_config = {
68
73
sysdig_secure_for_cloud_role_arn = module.secure_for_cloud_role.sysdig_secure_for_cloud_role_arn
69
74
organizational_role_per_account = var.organizational_member_default_admin_role
0 commit comments