You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: use-cases/_questionnaire.md
+9-15Lines changed: 9 additions & 15 deletions
Original file line number
Diff line number
Diff line change
@@ -15,23 +15,17 @@ modules, and we also offer [AWS Cloudformation templates](https://github.com/sys
15
15
16
16
## Client Infrastructure
17
17
18
-
- does your company work under an organization (AWS/GCP) or tenant (Azure)?
18
+
- does your company work under an **organization** (AWS/GCP) or tenant (Azure)?
19
19
- if so, how many member accounts (aws) /projects (gcp) /subscriptions (azure) does it have?
20
+
- sysdig secure for cloud is presented in different **compute workload** flavors; ecs on aws, cloudrun on gcp or azure container instances on azure, plus a K8s deployment an all three clouds, plus apprunner on aws (less resource-demaing than ecs, but region limited)
21
+
- in case of ECS or K8S, do you have an existing cluster you would like to re-use?
22
+
- (aws-only) do you have ** existing aws cloudtrail**, is it an organizational cloudtrail?
23
+
- does the cloudtrail report to an SNS?
24
+
- if it's not organizational, does each trail report to the same s3 bucket?
20
25
- how do you handle permissions? any restriction we may be aware of? do you want us to set them up for you or would you just require a guidance and you will set them yourself?
21
-
22
26
- deployment type
23
27
- are you familiar with the installation stack? Terraform, Cloudformation, AWS CDK, ...?
24
-
- if you want to use Kubernetes workload for Sysdig deployment, what's your current way of deploying helm charts?
25
-
26
-
27
-
28
-
### AWS
29
-
- do you have an existing cloudtrail?
30
-
- if yes, is it an organizational cloudtrail?
31
-
- does the cloudtrail report to an SNS?
32
-
- if it's not organizational, does each trail report to the same s3 bucket?
33
-
- sysdig secure for cloud is presented in different workload flavor; ECS, K8S or Apprunner, would you have any preference?
34
-
- in case of ECS or K8S, do you have an existing cluster you would like to re-use?
28
+
- if you want to use Kubernetes compute for Sysdig deployment, what's your current way of deploying helm charts?
35
29
36
30
37
31
## Sysdig Features
@@ -52,8 +46,8 @@ In what [Sysdig For Cloud Features](https://docs.sysdig.com/en/docs/sysdig-secur
52
46
53
47
|| Single | Organizational |
54
48
| --| -- | -- |
55
-
| Deployment Type | All Sysdig resources will be deployed within the selected account | Most Sysdig resources will be deployed within the selected account, but some require to be deployed on member-accounts (for Compliance and Image Scanning)
49
+
| Deployment Type | All Sysdig resources will be deployed within the selected account | Most Sysdig resources will be deployed within the selected account, but some require to be deployed on member-accounts (for Compliance and Image Scanning) and one role is needed on the management account for cloudtrail event access |
56
50
| Benefits | Will only analyse current account | Handles all accounts (managed and member)
57
-
| Drawbacks | Cannot re-use another account Cloudtrail data (unless its deployed on the same account where the sns/s3 bucket is) | --
51
+
| Drawbacks | Cannot re-use another account Cloudtrail data (unless its deployed on the same account where the sns/s3 bucket is) | for scanning, a per-member-account access role is required
58
52
59
53
With both examples `single` and `org`, you can customize the desired features to de deployed with the `deploy_*` input vars to avoid deploying more than wanted
0 commit comments