Merge branch 'master' of github.com:sysdiglabs/terraform-aws-cloudvision

Author: iru

README.md

@@ -50,6 +50,8 @@ For other Cloud providers check: [GCP](https://github.com/sysdiglabs/terraform-g
 
 ## Usage
 
+If you're unsure about what/how to use this module, please fill the [questionnaire](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/blob/master/use-cases/_questionnaire.md) report as an issue and let us know your context, we will be happy to help and improve our module.
+
   - There are several ways to deploy this in you AWS infrastructure, gathered under **[`/examples`](./examples)**
     - [Single Account on ECS](#--single-account-on-ecs)
     - [Single Account on AppRunner](#--single-account-on-apprunner)
@@ -58,7 +60,6 @@ For other Cloud providers check: [GCP](https://github.com/sysdiglabs/terraform-g
   - Many module,examples and use-cases provide ways to **re-use existing resources (as optionals)** in your infrastructure (cloudtrail, ecs, vpc, k8s cluster,...)
   - Find some real self-baked **use-case scenarios** under [`/use-cases`](./use-cases)
 
-If you're unsure about what/how to use this module, please fill the [questionnaire](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/blob/master/use-cases/_questionnaire.md) report as an issue and let us know your context, we will be happy to help and improve our module.
 
 ### - Single-Account on ECS
 

examples/single-account-apprunner/README.md

@@ -78,6 +78,7 @@ $ terraform apply
 
 | Name | Source | Version |
 |------|--------|---------|
+| <a name="module_cloud_bench"></a> [cloud\_bench](#module\_cloud\_bench) | ../../modules/services/cloud-bench | n/a |
 | <a name="module_cloud_connector"></a> [cloud\_connector](#module\_cloud\_connector) | ../../modules/services/cloud-connector-apprunner | n/a |
 | <a name="module_cloudtrail"></a> [cloudtrail](#module\_cloudtrail) | ../../modules/infrastructure/cloudtrail | n/a |
 | <a name="module_codebuild"></a> [codebuild](#module\_codebuild) | ../../modules/infrastructure/codebuild | n/a |
@@ -94,10 +95,12 @@ $ terraform apply
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_benchmark_regions"></a> [benchmark\_regions](#input\_benchmark\_regions) | List of regions in which to run the benchmark. If empty, the task will contain all aws regions by default. | `list(string)` | `[]` | no |
 | <a name="input_cloudconnector_ecr_image_uri"></a> [cloudconnector\_ecr\_image\_uri](#input\_cloudconnector\_ecr\_image\_uri) | URI to cloudconnectors image on ECR | `string` | `"public.ecr.aws/o5x4u2t4/cloud-connector:latest"` | no |
 | <a name="input_cloudtrail_is_multi_region_trail"></a> [cloudtrail\_is\_multi\_region\_trail](#input\_cloudtrail\_is\_multi\_region\_trail) | true/false whether cloudtrail will ingest multiregional events | `bool` | `true` | no |
 | <a name="input_cloudtrail_kms_enable"></a> [cloudtrail\_kms\_enable](#input\_cloudtrail\_kms\_enable) | true/false whether cloudtrail delivered events to S3 should persist encrypted | `bool` | `true` | no |
 | <a name="input_cloudtrail_sns_arn"></a> [cloudtrail\_sns\_arn](#input\_cloudtrail\_sns\_arn) | ARN of a pre-existing cloudtrail\_sns. If defaulted, a new cloudtrail will be created. ARN of a pre-existing cloudtrail\_sns. If defaulted, a new cloudtrail will be created. If specified, sysdig deployment account and region must match with the specified SNS | `string` | `"create"` | no |
+| <a name="input_deploy_benchmark"></a> [deploy\_benchmark](#input\_deploy\_benchmark) | Whether to deploy or not the cloud benchmarking | `bool` | `true` | no |
 | <a name="input_deploy_image_scanning_ecr"></a> [deploy\_image\_scanning\_ecr](#input\_deploy\_image\_scanning\_ecr) | true/false whether to deploy the image scanning on ECR pushed images | `bool` | `false` | no |
 | <a name="input_deploy_image_scanning_ecs"></a> [deploy\_image\_scanning\_ecs](#input\_deploy\_image\_scanning\_ecs) | true/false whether to deploy the image scanning on ECS running images | `bool` | `false` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |

examples/single-account-apprunner/benchmark.tf

@@ -0,0 +1,9 @@
+module "cloud_bench" {
+  source = "../../modules/services/cloud-bench"
+  count  = var.deploy_benchmark ? 1 : 0
+
+  name              = "${var.name}-cloudbench"
+  benchmark_regions = var.benchmark_regions
+
+  tags = var.tags
+}

examples/single-account-apprunner/variables.tf

@@ -42,6 +42,22 @@ variable "deploy_image_scanning_ecs" {
   default     = false
 }
 
+#
+# benchmark configuration
+#
+
+variable "deploy_benchmark" {
+  type        = bool
+  description = "Whether to deploy or not the cloud benchmarking"
+  default     = true
+}
+
+variable "benchmark_regions" {
+  type        = list(string)
+  description = "List of regions in which to run the benchmark. If empty, the task will contain all aws regions by default."
+  default     = []
+}
+
 #
 # general
 #

use-cases/_questionnaire.md

@@ -41,6 +41,7 @@ modules, and we also offer [AWS Cloudformation templates](https://github.com/sys
 ## Terraform Example Selection
 
 |                   | Single                                                            |  Organizational |
+| --| -- | -- |
 | Deployment Type   | All Sysdig resources will be deployed within the selected account |  Most Sysdig resources will be deployed within the selected account, but some require to be deployed on member-accounts (for Compliance and Image Scanning)
 | Benefits          | Will only analyse current account                                 |  Handles all accounts (managed and member)
 | Drawbacks         | Cannot re-use another account Cloudtrail data (unless its deployed on the same account where the sns/s3 bucket is) | --