chore: Make cloud-connector image configurable (#156)

Author: tembleking

examples/single-account-ecs/README.md

@@ -98,6 +98,7 @@ $ terraform apply
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_benchmark_regions"></a> [benchmark\_regions](#input\_benchmark\_regions) | List of regions in which to run the benchmark. If empty, the task will contain all aws regions by default. | `list(string)` | `[]` | no |
+| <a name="input_cloud_connector_image"></a> [cloud\_connector\_image](#input\_cloud\_connector\_image) | Image to use for the cloud connector. If empty, the default image will be used. | `string` | `"quay.io/sysdig/cloud-connector:latest"` | no |
 | <a name="input_cloudtrail_is_multi_region_trail"></a> [cloudtrail\_is\_multi\_region\_trail](#input\_cloudtrail\_is\_multi\_region\_trail) | true/false whether cloudtrail will ingest multiregional events | `bool` | `true` | no |
 | <a name="input_cloudtrail_kms_enable"></a> [cloudtrail\_kms\_enable](#input\_cloudtrail\_kms\_enable) | true/false whether cloudtrail delivered events to S3 should persist encrypted | `bool` | `true` | no |
 | <a name="input_cloudtrail_s3_bucket_expiration_days"></a> [cloudtrail\_s3\_bucket\_expiration\_days](#input\_cloudtrail\_s3\_bucket\_expiration\_days) | Number of days that the logs will persist in the bucket | `number` | `5` | no |

examples/single-account-ecs/main.tf

@@ -62,6 +62,7 @@ module "cloud_connector" {
   ecs_vpc_subnets_private_ids = local.ecs_vpc_subnets_private_ids
   ecs_task_cpu                = var.ecs_task_cpu
   ecs_task_memory             = var.ecs_task_memory
+  image                       = var.cloud_connector_image
 
   tags       = var.tags
   depends_on = [local.cloudtrail_sns_arn, module.ssm]

examples/single-account-ecs/variables.tf

@@ -1,5 +1,3 @@
-
-
 #---------------------------------
 # optionals - with defaults
 #---------------------------------
@@ -112,6 +110,14 @@ variable "benchmark_regions" {
   default     = []
 }
 
+#
+# cloud connector connector configuration
+#
+variable "cloud_connector_image" {
+  type        = string
+  description = "Image to use for the cloud connector. If empty, the default image will be used."
+  default     = "quay.io/sysdig/cloud-connector:latest"
+}
 
 #
 # general

modules/services/cloud-connector-ecs/ecs-service.tf

@@ -11,10 +11,11 @@ resource "aws_ecs_service" "service" {
     security_groups = [aws_security_group.sg.id]
   }
 
-  desired_count   = 1
-  launch_type     = "FARGATE"
-  task_definition = aws_ecs_task_definition.task_definition.arn
-  tags            = var.tags
+  desired_count         = 1
+  launch_type           = "FARGATE"
+  task_definition       = aws_ecs_task_definition.task_definition.arn
+  wait_for_steady_state = true
+  tags                  = var.tags
 }
 
 

use-cases/README.md

@@ -63,8 +63,8 @@ With both examples `single` and `org`, you can customize the desired features to
 
 ### unified-compliance only
 
-If you just want [CIS Unified Compliance Benchmarks](https://docs.sysdig.com/en/docs/sysdig-secure/posture/compliance/compliance-unified-/) 
-you can make use of 
+If you just want [CIS Unified Compliance Benchmarks](https://docs.sysdig.com/en/docs/sysdig-secure/posture/compliance/compliance-unified-/)
+you can make use of
 
 - [Single-Account Compliance Role Setup](./compliance-role-single-account.md)
 - [Organizational Compliance Role setup](./compliance-role-organizational.md)

use-cases/compliance-role-organizational.md

@@ -27,7 +27,7 @@ provider "aws" {
 module "sysdig-sfc" {
   source = "sysdiglabs/secure-for-cloud/aws//modules/services/cloud-bench"
   name    = "sysdig-compliance-role"  # optional
-  
+
   is_organizational=true
 }
 ```