@@ -19,8 +19,9 @@ This is the scenario we're going to recreate
19
19
3 . Workload/Security Member Account
20
20
- Sysdig Secure for cloud deployment
21
21
- Optionally, we can re-use an existing VPC/subnet network setup.
22
+ - 2 and 3 account points may be same account, we will cover both options.
22
23
23
- ** Sysdig Secure For Cloud [ Features ] ( https://docs.sysdig.com/en/docs/installation /sysdig-secure-for-cloud/ ) ** covered
24
+ This use-case cover following ** [ Sysdig Secure For CloudFeatures ] ( https://docs.sysdig.com/en/docs/sysdig-secure /sysdig-secure-for-cloud/#features ) **
24
25
- Threat-Detection
25
26
- Posture; Compliance + Identity Access Management
26
27
- :warning : Cloud image scanning is not available for this use-case
@@ -105,7 +106,7 @@ This accountID will be required in the `SYSDIG_SECURE_FOR_CLOUD_MEMBER_ACCOUNT_I
105
106
106
107
#### 3.2 (Optional) S3 and Sysdig Workload are in different accounts
107
108
108
- If ` SYSDIG_SECURE_FOR_CLOUD_MEMBER_ACCOUNT_ID ` is differnt to the account where the S3 is located, we need to allow
109
+ If ` SYSDIG_SECURE_FOR_CLOUD_MEMBER_ACCOUNT_ID ` is different to the account where the S3 is located, we need to allow
109
110
cross-account access through a role.
110
111
111
112
Permission setup for SysdigSecureForCloud-S3AccessRole
@@ -144,17 +145,17 @@ be used.
144
145
#### 4. Launch Terraform Manifest
145
146
146
147
Let's create the Terraform manifest module parametrization, based on ` examples/organizational ` .
147
- Get detailed explanation of each variable bellow.
148
+ < br /> Get detailed explanation of each variable bellow.
148
149
149
150
``` terraform
150
151
151
152
152
- # --------------------------------------------------
153
- # Optional. for Cloudtrail S3-SNS-SQS creation
154
- # --------------------------------------------------
153
+ # ----------------------------------------------------------
154
+ # Optional. for Cloudtrail S3-SNS-SQS event-forwarder creation
155
+ # ----------------------------------------------------------
155
156
156
157
# provider for S3 account
157
- # this is a sample authentication, can adapt it as long as alias is maintaned
158
+ # this is a sample authentication, can adapt it as long as alias is maintained
158
159
provider "aws"{
159
160
alias = "s3"
160
161
region = "<AWS_REGION>"
0 commit comments