chore: fix precommit errors

Author: hayk99

modules/infrastructure/cloudtrail/README.md

@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
 
 ## Modules
 

modules/infrastructure/cloudtrail_s3-sns-sqs/README.md

@@ -46,7 +46,7 @@ EVENT FILTER/fine-tunning, regarding what we want to send to Sysdig Cloud-Connec
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
 
 ## Modules
 

modules/infrastructure/codebuild/README.md

@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
 
 ## Modules
 

modules/infrastructure/ecs-vpc/README.md

@@ -13,7 +13,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
 
 ## Modules
 

modules/infrastructure/permissions/cloud-connector/README.md

@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
 
 ## Modules
 

modules/infrastructure/permissions/cloud-scanning/README.md

@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
 
 ## Modules
 
@@ -34,6 +34,7 @@ No modules.
 | <a name="input_scanning_codebuild_project_arn"></a> [scanning\_codebuild\_project\_arn](#input\_scanning\_codebuild\_project\_arn) | ARN of codebuild to launch the image scanning process | `string` | n/a | yes |
 | <a name="input_sfc_user_name"></a> [sfc\_user\_name](#input\_sfc\_user\_name) | Name of the IAM user to provision permissions | `string` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
+| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 
 ## Outputs
 

modules/infrastructure/permissions/general/README.md

@@ -15,7 +15,7 @@ General permissions that apply to both cloud-connector and cloud-scanning module
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
 
 ## Modules
 

modules/infrastructure/permissions/iam-user/README.md

@@ -45,7 +45,7 @@ Note: Contact us if this authentication system does not match your requirement.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
 
 ## Modules
 
@@ -72,6 +72,7 @@ Note: Contact us if this authentication system does not match your requirement.
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
 | <a name="input_scanning_codebuild_project_arn"></a> [scanning\_codebuild\_project\_arn](#input\_scanning\_codebuild\_project\_arn) | ARN of codebuild to launch the image scanning process | `string` | `"*"` | no |
 | <a name="input_ssm_secure_api_token_arn"></a> [ssm\_secure\_api\_token\_arn](#input\_ssm\_secure\_api\_token\_arn) | ARN of the security credentials for the secure\_api\_token | `string` | `"*"` | no |
+| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 
 ## Outputs
 

modules/infrastructure/permissions/org-role-ecs/README.md

@@ -31,8 +31,8 @@ The aim of this module is to manage the organizational **managed account** requi
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
-| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | 4.19.0 |
 
 ## Modules
 

modules/infrastructure/permissions/org-role-eks/README.md

@@ -29,7 +29,7 @@ The aim of this module is to manage the organizational **managed account** requi
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
 
 ## Modules
 

modules/infrastructure/resource-group/README.md

@@ -13,7 +13,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
 
 ## Modules
 

modules/infrastructure/sqs-sns-subscription/README.md

@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
 
 ## Modules
 

modules/infrastructure/ssm/README.md

@@ -16,7 +16,7 @@ and pass it, in a safe way, to all the modules that require it.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
 
 ## Modules
 

modules/services/cloud-bench/README.md

@@ -26,7 +26,7 @@ Deployed on **Sysdig Backend**
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | 3.3.1 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
 

modules/services/cloud-connector-apprunner/cloudconnector-config.tf

@@ -1,39 +1,39 @@
 locals {
   default_config = yamlencode(merge({
-    logging   = "info"
-    rules     = []
+    logging = "info"
+    rules   = []
     ingestors = [
       {
         cloudtrail-sns-sqs = merge(
-        {
-          queueURL = module.cloud_connector_sqs.cloudtrail_sns_subscribed_sqs_url
-        }
+          {
+            queueURL = module.cloud_connector_sqs.cloudtrail_sns_subscribed_sqs_url
+          }
         )
       }
     ]
-  },
-  {
-    scanners = local.deploy_image_scanning ? [
-      merge(
-      local.ecr_scanning_with_infra ? {
-        aws-ecr = {
-          codeBuildProject         = var.build_project_name
-          secureAPITokenSecretName = var.secure_api_token_secret_name
-        }
-      } : {},
-      local.ecs_scanning_with_infra ? {
-        aws-ecs = {
-          codeBuildProject         = var.build_project_name
-          secureAPITokenSecretName = var.secure_api_token_secret_name
-        }
-      } : {}),
-      local.ecs_standalone_scanning ? {
-        aws-ecs-inline = {}
-      } : {},
-      local.ecr_standalone_scanning ? {
-        aws-ecr-inline = {},
-      } : {}
-    ] : []
-  }
+    },
+    {
+      scanners = local.deploy_image_scanning ? [
+        merge(
+          local.ecr_scanning_with_infra ? {
+            aws-ecr = {
+              codeBuildProject         = var.build_project_name
+              secureAPITokenSecretName = var.secure_api_token_secret_name
+            }
+          } : {},
+          local.ecs_scanning_with_infra ? {
+            aws-ecs = {
+              codeBuildProject         = var.build_project_name
+              secureAPITokenSecretName = var.secure_api_token_secret_name
+            }
+        } : {}),
+        local.ecs_standalone_scanning ? {
+          aws-ecs-inline = {}
+        } : {},
+        local.ecr_standalone_scanning ? {
+          aws-ecr-inline = {},
+        } : {}
+      ] : []
+    }
   ))
 }

modules/services/cloud-connector-apprunner/main.tf

@@ -1,6 +1,6 @@
 locals {
-  verify_ssl            = var.verify_ssl == "auto" ? length(regexall("https://.*?\\.sysdig(cloud)?.com/?", data.sysdig_secure_connection.current.secure_url)) == 1 : var.verify_ssl == "true"
-  deploy_image_scanning = var.deploy_image_scanning_ecs || var.deploy_image_scanning_ecr
+  verify_ssl              = var.verify_ssl == "auto" ? length(regexall("https://.*?\\.sysdig(cloud)?.com/?", data.sysdig_secure_connection.current.secure_url)) == 1 : var.verify_ssl == "true"
+  deploy_image_scanning   = var.deploy_image_scanning_ecs || var.deploy_image_scanning_ecr
   deploy_scanning_infra   = local.deploy_image_scanning && !var.use_standalone_scanner
   ecr_standalone_scanning = var.deploy_image_scanning_ecr && var.use_standalone_scanner
   ecs_standalone_scanning = var.deploy_image_scanning_ecs && var.use_standalone_scanner

modules/services/cloud-connector-ecs/README.md

@@ -15,7 +15,7 @@ A task deployed on an **ECS deployment** will detect events in your infrastructu
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.18.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
 
 ## Modules
@@ -71,13 +71,14 @@ A task deployed on an **ECS deployment** will detect events in your infrastructu
 | <a name="input_deploy_image_scanning_ecr"></a> [deploy\_image\_scanning\_ecr](#input\_deploy\_image\_scanning\_ecr) | true/false whether to deploy the image scanning on ECR pushed images | `bool` | `false` | no |
 | <a name="input_deploy_image_scanning_ecs"></a> [deploy\_image\_scanning\_ecs](#input\_deploy\_image\_scanning\_ecs) | true/false whether to deploy the image scanning on ECS running images | `bool` | `false` | no |
 | <a name="input_ecs_task_cpu"></a> [ecs\_task\_cpu](#input\_ecs\_task\_cpu) | Amount of CPU (in CPU units) to reserve for cloud-connector task | `string` | `"256"` | no |
-| <a name="input_ecs_task_memory"></a> [ecs\_task\_memory](#input\_ecs\_task\_memory) | Amount of memory (in megabytes) to reserve for cloud-connector task | `string` | `"512"` | no |
+| <a name="input_ecs_task_memory"></a> [ecs\_task\_memory](#input\_ecs\_task\_memory) | Amount of memory (in megabytes) to reserve for cloud-connector task | `string` | `"2000"` | no |
 | <a name="input_extra_env_vars"></a> [extra\_env\_vars](#input\_extra\_env\_vars) | Extra environment variables for the Cloud Connector deployment | `map(string)` | `{}` | no |
 | <a name="input_image"></a> [image](#input\_image) | Image of the cloud connector to deploy | `string` | `"quay.io/sysdig/cloud-connector:latest"` | no |
 | <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | whether secure-for-cloud should be deployed in an organizational setup | `bool` | `false` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc-cloudconnector"` | no |
 | <a name="input_organizational_config"></a> [organizational\_config](#input\_organizational\_config) | organizational\_config. following attributes must be given<br><ul><br>  <li>`sysdig_secure_for_cloud_role_arn` for cloud-connector assumeRole in order to read cloudtrail s3 events</li><br>  <li>`connector_ecs_task_role_name` which has been granted trusted-relationship over the secure\_for\_cloud\_role</li><br>  <li>`organizational_role_per_account` is the name of the organizational role deployed by AWS in each account of the organization. used for image-scanning only</li><br></ul> | <pre>object({<br>    sysdig_secure_for_cloud_role_arn = string<br>    organizational_role_per_account  = string<br>    connector_ecs_task_role_name     = string<br>  })</pre> | <pre>{<br>  "connector_ecs_task_role_name": null,<br>  "organizational_role_per_account": null,<br>  "sysdig_secure_for_cloud_role_arn": null<br>}</pre> | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
+| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 | <a name="input_verify_ssl"></a> [verify\_ssl](#input\_verify\_ssl) | true/false to determine ssl verification for sysdig\_secure\_url | `bool` | `true` | no |
 
 ## Outputs

modules/services/cloud-connector-ecs/cloudconnector-config.tf

@@ -1,50 +1,50 @@
 locals {
   default_config = yamlencode(merge({
-    logging   = "info"
-    rules     = []
+    logging = "info"
+    rules   = []
     ingestors = [
       {
         cloudtrail-sns-sqs = merge(
-        {
-          queueURL = module.cloud_connector_sqs.cloudtrail_sns_subscribed_sqs_url
-        },
-        var.is_organizational ? {
-          assumeRole = var.organizational_config.sysdig_secure_for_cloud_role_arn
-        } : {}
+          {
+            queueURL = module.cloud_connector_sqs.cloudtrail_sns_subscribed_sqs_url
+          },
+          var.is_organizational ? {
+            assumeRole = var.organizational_config.sysdig_secure_for_cloud_role_arn
+          } : {}
         )
       }
     ]
-  },
-  {
-    scanners = local.deploy_image_scanning ? [
-      merge(
-      local.ecs_scanning_with_infra ? {
-        aws-ecr = merge({
-          codeBuildProject         = var.build_project_name
-          secureAPITokenSecretName = var.secure_api_token_secret_name
-        },
-        var.is_organizational ? {
-          masterOrganizationRole       = var.organizational_config.sysdig_secure_for_cloud_role_arn
-          organizationalRolePerAccount = var.organizational_config.organizational_role_per_account
-        } : {})
-      } : {},
-      local.ecs_scanning_with_infra ? {
-        aws-ecs = merge({
-          codeBuildProject         = var.build_project_name
-          secureAPITokenSecretName = var.secure_api_token_secret_name
-        },
-        var.is_organizational ? {
-          masterOrganizationRole       = var.organizational_config.sysdig_secure_for_cloud_role_arn
-          organizationalRolePerAccount = var.organizational_config.organizational_role_per_account
-        } : {})
-      } : {}),
-      local.ecr_standalone_scanning ? {
-        aws-ecr-inline = {},
-      } : {},
-      local.ecs_standalone_scanning ? {
-        aws-ecs-inline = {},
-      } : {}
-    ] : []
-  }
+    },
+    {
+      scanners = local.deploy_image_scanning ? [
+        merge(
+          local.ecs_scanning_with_infra ? {
+            aws-ecr = merge({
+              codeBuildProject         = var.build_project_name
+              secureAPITokenSecretName = var.secure_api_token_secret_name
+              },
+              var.is_organizational ? {
+                masterOrganizationRole       = var.organizational_config.sysdig_secure_for_cloud_role_arn
+                organizationalRolePerAccount = var.organizational_config.organizational_role_per_account
+            } : {})
+          } : {},
+          local.ecs_scanning_with_infra ? {
+            aws-ecs = merge({
+              codeBuildProject         = var.build_project_name
+              secureAPITokenSecretName = var.secure_api_token_secret_name
+              },
+              var.is_organizational ? {
+                masterOrganizationRole       = var.organizational_config.sysdig_secure_for_cloud_role_arn
+                organizationalRolePerAccount = var.organizational_config.organizational_role_per_account
+            } : {})
+        } : {}),
+        local.ecr_standalone_scanning ? {
+          aws-ecr-inline = {},
+        } : {},
+        local.ecs_standalone_scanning ? {
+          aws-ecs-inline = {},
+        } : {}
+      ] : []
+    }
   ))
 }

modules/services/cloud-connector-ecs/locals.tf

@@ -1,5 +1,5 @@
 locals {
-  deploy_image_scanning = var.deploy_image_scanning_ecs || var.deploy_image_scanning_ecr
+  deploy_image_scanning   = var.deploy_image_scanning_ecs || var.deploy_image_scanning_ecr
   deploy_scanning_infra   = local.deploy_image_scanning && !var.use_standalone_scanner
   ecr_standalone_scanning = var.deploy_image_scanning_ecr && var.use_standalone_scanner
   ecs_standalone_scanning = var.deploy_image_scanning_ecs && var.use_standalone_scanner

out/test/terraform-aws-secure-for-cloud/fixtures/organizational-k8s/backend.tf

@@ -0,0 +1,9 @@
+# Terraform state storage backend
+terraform {
+  backend "s3" {
+    bucket         = "secure-cloud-terraform-tests-org" # need to append '-org' to avoid conflict
+    key            = "aws-organizational-k8s-reuse_cloudtrail/terraform.tfstate"
+    dynamodb_table = "secure-cloud-terraform-tests"
+    region         = "eu-west-3"
+  }
+}