Skip to content

Commit 6e1d6e9

Browse files
author
iru
committed
doc: use-case for org-three-account setup
1 parent ccc3c35 commit 6e1d6e9

File tree

3 files changed

+9
-23
lines changed

3 files changed

+9
-23
lines changed

use-cases/org-existing-cloudtrail-ecs-vpc-subnet.md

Lines changed: 6 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@ module "utils_ecs-vpc" {
8686

8787
- General
8888
- `AWS_REGION` Same region is to be used for both organizational managed account and Sysdig workload member account resources.
89-
- `SYSDIG_SECURE_FOR_CLOUD_MEMBER_ACCOUNT_ID` where Sysdig Workoad is to be deployed under the pre-existing ECS
89+
- `SYSDIG_SECURE_FOR_CLOUD_MEMBER_ACCOUNT_ID` where Sysdig Workload is to be deployed under the pre-existing ECS
9090

9191
- Existing Organizational Cloudtrail Setup
9292
- `CLOUDTRAIL_SNS_ARN`
@@ -95,15 +95,6 @@ module "utils_ecs-vpc" {
9595
- This will be required for the CloudConnector SQS Topic subscription.
9696
- Use [`./modules/infrastructure/cloudtrail/sns_permissions.tf`](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/blob/master/modules/infrastructure/cloudtrail/sns_permissions.tf#L22) as guideline
9797

98-
99-
- Existing ECS Cluster Workload Setup
100-
- `ECS_CLUSTER_NAME` ex.: "sfc"
101-
102-
- Existing Networking Setup
103-
- `ECS_VPC_ID` ex.: "vpc-0e91bfef6693f296b"
104-
- `ECS_VPC_SUBNET_PRIVATE_ID_X` Two subnets for the VPC. ex.: "subnet-0c7d803ecdc88437b"
105-
106-
10798
### Terraform Manifest Snippet
10899

109100
```terraform
@@ -122,36 +113,31 @@ provider "sysdig" {
122113
}
123114
124115
provider "aws" {
125-
region = "<AWS_REGION>"
116+
region = "<AWS_REGION>" # must match s3 AND sns region
126117
}
127118
119+
# you can setup this provider as desired, just giving an example
128120
provider "aws" {
129121
alias = "member"
130-
region = "<AWS_REGION>"
122+
region = "<AWS_REGION>" # must match s3 AND sns region
131123
assume_role {
132124
# 'OrganizationAccountAccessRole' is the default role created by AWS for management-account users to be able to admin member accounts.
133-
# if this is changed, please change to the `examples/organizational` input var `organizational_member_default_admin_role` too
134125
# <br/>https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html
135126
role_arn = "arn:aws:iam::<SYSDIG_SECURE_FOR_CLOUD_MEMBER_ACCOUNT_ID>:role/OrganizationAccountAccessRole"
136127
}
137128
}
138129
139-
module "sysdig-s4c" {
130+
module "sysdig-sfc" {
140131
providers = {
141132
aws.member = aws.member
142133
}
143134
144135
source = "sysdiglabs/secure-for-cloud/aws//examples/organizational"
145-
name = "sysdig-s4c"
136+
name = "sysdig-sfc"
146137
147138
sysdig_secure_for_cloud_member_account_id="<SYSDIG_SECURE_FOR_CLOUD_MEMBER_ACCOUNT_ID>"
148139
149140
cloudtrail_sns_arn = "<CLOUDTRAIL_SNS_ARN>"
150141
cloudtrail_s3_arn = "<CLOUDTRAIL_S3_ARN>"
151-
152-
ecs_cluster_name = "<ECS_CLUSTER_NAME>"
153-
ecs_vpc_id = "<ECS_VPC_ID>"
154-
ecs_vpc_subnets_private_ids = ["<ECS_VPC_SUBNET_PRIVATE_ID_1>","<ECS_VPC_SUBNET_PRIVATE_ID_2>"]
155-
156142
}
157143
```

use-cases/single-benchmark.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ provider "aws" {
3333
region = "<AWS_REGION>"
3434
}
3535
36-
module "sysdig-s4c" {
36+
module "sysdig-sfc" {
3737
source = "sysdiglabs/secure-for-cloud/aws//module/services/cloud-bench"
3838
name = "TEST-NAME-cloudbench"
3939
}

use-cases/single-existing-cloudtrail.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -85,9 +85,9 @@ provider "aws" {
8585
region = "<AWS_REGION>"
8686
}
8787
88-
module "sysdig-s4c" {
88+
module "sysdig-sfc" {
8989
source = "sysdiglabs/secure-for-cloud/aws//examples/single-account-ecs"
90-
name = "sysdig-s4c"
90+
name = "sysdig-sfc"
9191
9292
cloudtrail_sns_arn = "<CLOUDRAIL_SNS_TOPIC_ARN>"
9393
}

0 commit comments

Comments
 (0)