You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: use-cases/README.md
+13-7Lines changed: 13 additions & 7 deletions
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,6 @@
1
-
# Secure for Cloud Use Cases for AWS Environments
2
-
3
-
Secure for cloud is installed in AWS either by using [terraform](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud) or by using a [Cloudformation](https://github.com/sysdiglabs/aws-templates-secure-for-cloud) template.
1
+
# Secure for Cloud Use Cases
4
2
3
+
## General; AWS, GCP and Azure
5
4
6
5
### Feature Summary
7
6
@@ -13,13 +12,13 @@ Secure for cloud is installed in AWS either by using [terraform](https://github.
13
12
14
13
15
14
16
-
## Which Compute Deployment Should I Choose?
15
+
####Which Compute Deployment Should I Choose?
17
16
18
17
There are no preffered way, just take a technology you're familiar with. Otherwise, prefer non-K8S, as it will be harder to maintain.
19
18
For AWS, beware of [AppRunner region limitations](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/blob/master/examples/single-account-apprunner/README.md#prerequisites).
20
19
21
20
22
-
##Available Options
21
+
### Pre-Existing Resource Usage
23
22
24
23
Make use of optionals to reuse pre-existing resources and prevent incurring in more costs.
25
24
@@ -32,14 +31,21 @@ Make use of optionals to reuse pre-existing resources and prevent incurring in m
| * | Compute Workload | - | All clouds allow Sysdig Secure for cloud to be deployed on a pre-existing K8S cluster|
34
33
35
-
## Overview
34
+
###Overview
36
35
37
36
Current examples were developed for simple scenarios.
38
37
As new use cases emerge, we will establish a standard scenario and create new examples to accommodate additional requirements.
39
38
Check the current list of use cases or use the [questionnaire](./_questionnaire.md) to let us know your needs.
40
39
41
40
If Terraform or Cloudformation suits your purpose, take a look at the `manual-*` prefixed use cases.
42
41
42
+
43
+
<br/><br/>
44
+
## AWS-Specific
45
+
46
+
Secure for cloud is installed in AWS either by using [terraform](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud) or by using a [Cloudformation](https://github.com/sysdiglabs/aws-templates-secure-for-cloud) template.
47
+
48
+
43
49
### Features
44
50
45
51
For [complete feature installation](https://docs.sysdig.com/en/docs/sysdig-secure/sysdig-secure-for-cloud/#features), check
@@ -50,7 +56,7 @@ For [complete feature installation](https://docs.sysdig.com/en/docs/sysdig-secur
50
56
| Deployment Type | all Sysdig resources will be deployed within the selected account | Most Sysdig resources will be deployed within the selected account (just one), but some features, require resources to be deployed on all of the member-accounts (for Compliance and Image Scanning) . <br />One role is needed on the management account for cloudtrail-s3 event access |
51
57
| Target | will only analyse current account | handles all accounts (managed and member) + dynamically created new member accounts|
52
58
| Drawbacks | cannot re-use another account Cloudtrail data (unless its deployed on the same account where the sns/s3 bucket is) | for scanning, a per-member-account access role is required |
53
-
| Optional resources usage limitations | - | For organizational example, Cloudtrail resources cloudtrail-s3 and cloudtrail-sns, must exist in the management account. For other setups check other alternative use-cases</br><ul><li>[AWS manual deployment; cloudtrail-s3 bucket in another member account](./manual-org-three-way.md)</li><li>[AWS terraform-based deployment; cloudtrail with cloudtrail-s3 bucket in another member account. k8s flavor](./org-three-way-k8s.md)</li><li>[terraform-based deployment; cloudtrail with cloudtrail-s3 bucket in another member account. ecs flavor](./org-three-way-ecs.md)</li></ul>|
59
+
| Optional resources usage limitations | - | For organizational example, Cloudtrail resources cloudtrail-s3 and cloudtrail-sns, must exist in the management account. For other setups check other alternative use-cases</br><ul><li>[manual deployment; cloudtrail-s3 bucket in another member account](./manual-org-three-way.md)</li><li>[terraform-based deployment; cloudtrail with cloudtrail-s3 bucket in another member account. k8s flavor](./org-three-way-k8s.md)</li><li>[terraform-based deployment; cloudtrail with cloudtrail-s3 bucket in another member account. ecs flavor](./org-three-way-ecs.md)</li><li>[terraform-based; re-use ecs/vpc/subnet](./org-existing-cloudtrail-ecs-vpc-subnet.md)</li></ul>|
54
60
| More Info |[AWS single-ecs](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/examples/single-account-ecs), [AWS single-apprunner](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/examples/single-account-apprunner), [AWS single-k8s](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/examples/single-account-k8s)|[AWS organizational](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/examples/organizational)|
55
61
56
62
With both examples `single` and `org`, you can customize the desired features to de deployed with the `deploy_*` input vars to avoid deploying more than wanted.
0 commit comments