You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+11-15Lines changed: 11 additions & 15 deletions
Original file line number
Diff line number
Diff line change
@@ -137,21 +137,19 @@ $ terraform apply
137
137
Terraform provider credentials/token, requires `Administrative` permissions in order to be able to create the
138
138
resources specified in the per-example diagram.
139
139
140
-
Some components may vary, and you can check full resources on each module "Resources" section in their README's, but this would be an overall schema of the **created resources**:
140
+
Some components may vary, or may be deployed on different accounts (depending on the example). You can check full resources on each module "Resources" section in their README's. You can also check our source code and suggest changes.
141
141
142
-
- SSM Parameter for Sysdig API Token Storage
143
-
- Cloudtrail / SNS / S3 / SQS
142
+
This would be an overall schema of the **created resources**, for the default setup.
144
143
144
+
- Cloudtrail / SNS / S3 / SQS
145
+
- SSM Parameter for Sysdig API Token Storage
145
146
- Sysdig Workload: ECS / AppRunner creation (EKS is pre-required, not created)
146
147
- each compute solution require a role to assume for execution
147
-
148
148
- CodeBuild for on-demand image scanning
149
-
-Role for Sysdig [Benchmarks](./modules/services/cloud-bench)
149
+
-Sysdig role for [Compliance](./modules/services/cloud-bench)
150
150
151
151
### Runtime Permissions
152
152
153
-
Modules create several roles to be able to manage the following permissions.
154
-
155
153
**General Permissions**
156
154
157
155
```shell
@@ -183,14 +181,12 @@ ecr: ListTagsForResource
183
181
ecr: DescribeImageScanFindings
184
182
185
183
ecs:DescribeTaskDefinition
186
-
187
-
```
188
-
189
-
Notes:
190
-
- only Sysdig workload related permissions are specified above; infrastructure internal resource permissions (such as Cloudtrail permissions to publish on SNS, or SNS-SQS Subscription)
191
-
are not detailed.
192
-
- For a better security, permissions are resource pinned, instead of `*`
193
-
- Check [Organizational Use Case - Role Summary](./examples/organizational/README.md#role-summary) for more details
184
+
```
185
+
- Other Notes:
186
+
- only Sysdig workload related permissions are specified above; infrastructure internal resource permissions (such as Cloudtrail permissions to publish on SNS, or SNS-SQS Subscription)
187
+
are not detailed.
188
+
- For a better security, permissions are resource pinned, instead of `*`
189
+
- Check [Organizational Use Case - Role Summary](./examples/organizational/README.md#role-summary) for more details
0 commit comments