Skip to content

Commit 57ae617

Browse files
author
iru
authored
Update _questionnaire.md
1 parent e1b18e8 commit 57ae617

File tree

1 file changed

+9
-15
lines changed

1 file changed

+9
-15
lines changed

use-cases/_questionnaire.md

Lines changed: 9 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -15,23 +15,17 @@ modules, and we also offer [AWS Cloudformation templates](https://github.com/sys
1515

1616
## Client Infrastructure
1717

18-
- does your company work under an organization (AWS/GCP) or tenant (Azure)?
18+
- does your company work under an **organization** (AWS/GCP) or tenant (Azure)?
1919
- if so, how many member accounts (aws) /projects (gcp) /subscriptions (azure) does it have?
20+
- sysdig secure for cloud is presented in different **compute workload** flavors; ecs on aws, cloudrun on gcp or azure container instances on azure, plus a K8s deployment an all three clouds, plus apprunner on aws (less resource-demaing than ecs, but region limited)
21+
- in case of ECS or K8S, do you have an existing cluster you would like to re-use?
22+
- (aws-only) do you have ** existing aws cloudtrail**, is it an organizational cloudtrail?
23+
- does the cloudtrail report to an SNS?
24+
- if it's not organizational, does each trail report to the same s3 bucket?
2025
- how do you handle permissions? any restriction we may be aware of? do you want us to set them up for you or would you just require a guidance and you will set them yourself?
21-
2226
- deployment type
2327
- are you familiar with the installation stack? Terraform, Cloudformation, AWS CDK, ...?
24-
- if you want to use Kubernetes workload for Sysdig deployment, what's your current way of deploying helm charts?
25-
26-
27-
28-
### AWS
29-
- do you have an existing cloudtrail?
30-
- if yes, is it an organizational cloudtrail?
31-
- does the cloudtrail report to an SNS?
32-
- if it's not organizational, does each trail report to the same s3 bucket?
33-
- sysdig secure for cloud is presented in different workload flavor; ECS, K8S or Apprunner, would you have any preference?
34-
- in case of ECS or K8S, do you have an existing cluster you would like to re-use?
28+
- if you want to use Kubernetes compute for Sysdig deployment, what's your current way of deploying helm charts?
3529

3630

3731
## Sysdig Features
@@ -52,8 +46,8 @@ In what [Sysdig For Cloud Features](https://docs.sysdig.com/en/docs/sysdig-secur
5246

5347
| | Single | Organizational |
5448
| --| -- | -- |
55-
| Deployment Type | All Sysdig resources will be deployed within the selected account | Most Sysdig resources will be deployed within the selected account, but some require to be deployed on member-accounts (for Compliance and Image Scanning)
49+
| Deployment Type | All Sysdig resources will be deployed within the selected account | Most Sysdig resources will be deployed within the selected account, but some require to be deployed on member-accounts (for Compliance and Image Scanning) and one role is needed on the management account for cloudtrail event access |
5650
| Benefits | Will only analyse current account | Handles all accounts (managed and member)
57-
| Drawbacks | Cannot re-use another account Cloudtrail data (unless its deployed on the same account where the sns/s3 bucket is) | --
51+
| Drawbacks | Cannot re-use another account Cloudtrail data (unless its deployed on the same account where the sns/s3 bucket is) | for scanning, a per-member-account access role is required
5852

5953
With both examples `single` and `org`, you can customize the desired features to de deployed with the `deploy_*` input vars to avoid deploying more than wanted

0 commit comments

Comments
 (0)