Skip to content

Commit cba6946

Browse files
author
iru
committed
chore(naming): /cloudvision/secure-for-cloud/
in all it's variants _ - Aa ...
1 parent f5f4d9b commit cba6946

File tree

44 files changed

+227
-319
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

44 files changed

+227
-319
lines changed

.github/git-chlog/config.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ style: github
22
template: CHANGELOG.tpl.md
33
info:
44
title: CHANGELOG
5-
repository_url: https://github.com/sysdiglabs/terraform-aws-cloudvision
5+
repository_url: https://github.com/sysdiglabs/terraform-aws-secure-for-cloud
66
options:
77
commits:
88
commit_groups:

.github/workflows/ci.yaml.disabled

Lines changed: 0 additions & 83 deletions
This file was deleted.

README.md

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -18,20 +18,20 @@ There are several ways to deploy this in you AWS infrastructure:
1818

1919
### · Single-Account
2020
Sysdig workload will be deployed in the same account where user's resources will be watched.<br/>
21-
More info in [`./examples/single-account`](https://github.com/sysdiglabs/terraform-aws-cloudvision/tree/master/examples/single-account)
21+
More info in [`./examples/single-account`](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/examples/single-account)
2222

23-
![single-account diagram](https://raw.githubusercontent.com/sysdiglabs/terraform-aws-cloudvision/225c88ce24339d4c8aa4e14a7ee5fd31a01c6cec/examples/single-account/diagram-single.png)
23+
![single-account diagram](https://raw.githubusercontent.com/sysdiglabs/terraform-aws-secure-for-cloud/225c88ce24339d4c8aa4e14a7ee5fd31a01c6cec/examples/single-account/diagram-single.png)
2424

2525
### · Organizational
2626

2727
Using an organizational configuration Cloudtrail.
28-
More info in [`./examples/organizational`](https://github.com/sysdiglabs/terraform-aws-cloudvision/tree/master/examples/organizational)
28+
More info in [`./examples/organizational`](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/examples/organizational)
2929

30-
![organizational diagram](https://raw.githubusercontent.com/sysdiglabs/terraform-aws-cloudvision/225c88ce24339d4c8aa4e14a7ee5fd31a01c6cec/examples/organizational/diagram-org.png)
30+
![organizational diagram](https://raw.githubusercontent.com/sysdiglabs/terraform-aws-secure-for-cloud/225c88ce24339d4c8aa4e14a7ee5fd31a01c6cec/examples/organizational/diagram-org.png)
3131

3232
### · Self-Baked
3333

34-
If no [examples](https://github.com/sysdiglabs/terraform-aws-cloudvision/tree/master/examples) fit your use-case, be free to call desired modules directly.
34+
If no [examples](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/examples) fit your use-case, be free to call desired modules directly.
3535

3636
In this use-case we will ONLY deploy cloud-bench, into the target account, calling modules directly
3737

@@ -45,12 +45,12 @@ provider "sysdig" {
4545
}
4646
4747
module "cloud_bench" {
48-
source = "sysdiglabs/cloudvision/aws//modules/cloud-bench"
48+
source = "sysdiglabs/secure-for-cloud/aws//modules/cloud-bench"
4949
account_id = "AWS-ACCOUNT-ID" # can also be fetched from `aws_caller_identity.me`
5050
}
5151
5252
```
53-
See [inputs summary](#inputs) or main [module `variables.tf`](https://github.com/sysdiglabs/terraform-aws-cloudvision/tree/master/variables.tf) file for more optional configuration.
53+
See [inputs summary](#inputs) or main [module `variables.tf`](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/variables.tf) file for more optional configuration.
5454

5555
To run this example you need have your [aws master-account profile configured in CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) and to execute:
5656
```terraform
@@ -61,7 +61,7 @@ $ terraform apply
6161

6262
Notice that:
6363
* This example will create resources that cost money.<br/>Run `terraform destroy` when you don't need them anymore
64-
* All created resources will be created within the tags `product:sysdig-cloudvision`, within the resource-group `sysdig-cloudvision`
64+
* All created resources will be created within the tags `product:sysdig-secure-for-cloud`, within the resource-group `sysdig-secure-for-cloud`
6565

6666

6767
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -103,48 +103,48 @@ Notice that:
103103
| <a name="input_sysdig_secure_api_token"></a> [sysdig\_secure\_api\_token](#input\_sysdig\_secure\_api\_token) | Sysdig Secure API token | `string` | n/a | yes |
104104
| <a name="input_cloudtrail_is_multi_region_trail"></a> [cloudtrail\_is\_multi\_region\_trail](#input\_cloudtrail\_is\_multi\_region\_trail) | testing/economization purpose. true/false whether cloudtrail will ingest multiregional events | `bool` | `true` | no |
105105
| <a name="input_cloudtrail_kms_enable"></a> [cloudtrail\_kms\_enable](#input\_cloudtrail\_kms\_enable) | testing/economization purpose. true/false whether s3 should be encrypted | `bool` | `true` | no |
106-
| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | whether cloudvision should be deployed in an organizational setup | `bool` | `false` | no |
107-
| <a name="input_name"></a> [name](#input\_name) | Name for the Cloud Vision deployment | `string` | `"sysdig-cloudvision"` | no |
108-
| <a name="input_organizational_config"></a> [organizational\_config](#input\_organizational\_config) | organizational\_config. following attributes must be given<br><ul><li>`cloudvision_member_account_id` to enable reading permission,</li><li>`cloudvision_role_arn` for cloud-connector assumeRole in order to read cloudtrail s3 events</li><li>and the `connector_ecs_task_role_name` which has been granted trusted-relationship over the cloudvision\_role</li></ul> | <pre>object({<br> cloudvision_member_account_id = string<br> cloudvision_role_arn = string<br> connector_ecs_task_role_name = string<br> })</pre> | <pre>{<br> "cloudvision_member_account_id": null,<br> "cloudvision_role_arn": null,<br> "connector_ecs_task_role_name": null<br>}</pre> | no |
106+
| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | whether secure-for-cloud should be deployed in an organizational setup | `bool` | `false` | no |
107+
| <a name="input_name"></a> [name](#input\_name) | Name for the Cloud Vision deployment | `string` | `"sysdig-secure-for-cloud"` | no |
108+
| <a name="input_organizational_config"></a> [organizational\_config](#input\_organizational\_config) | organizational\_config. following attributes must be given<br><ul><li>`sysdig_secure_for_cloud_member_account_id` to enable reading permission,</li><li>`sysdig_secure_for_cloud_role_arn` for cloud-connector assumeRole in order to read cloudtrail s3 events</li><li>and the `connector_ecs_task_role_name` which has been granted trusted-relationship over the secure-for-cloud\_role</li></ul> | <pre>object({<br> sysdig_secure_for_cloud_member_account_id = string<br> sysdig_secure_for_cloud_role_arn = string<br> connector_ecs_task_role_name = string<br> })</pre> | <pre>{<br> "sysdig_secure_for_cloud_member_account_id": null,<br> "sysdig_secure_for_cloud_role_arn": null,<br> "connector_ecs_task_role_name": null<br>}</pre> | no |
109109
| <a name="input_sysdig_secure_endpoint"></a> [sysdig\_secure\_endpoint](#input\_sysdig\_secure\_endpoint) | Sysdig Secure API endpoint | `string` | `"https://secure.sysdig.com"` | no |
110-
| <a name="input_tags"></a> [tags](#input\_tags) | sysdig cloudvision tags | `map(string)` | <pre>{<br> "product": "sysdig-cloudvision"<br>}</pre> | no |
110+
| <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags | `map(string)` | <pre>{<br> "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
111111

112112
## Outputs
113113

114114
| Name | Description |
115115
|------|-------------|
116-
| <a name="output_cloudtrail_s3_arn"></a> [cloudtrail\_s3\_arn](#output\_cloudtrail\_s3\_arn) | sydig-cloudvision cloudtrail s3 arn, required for organizational use case, in order to give proper permissions to cloudconnector role to assume |
116+
| <a name="output_cloudtrail_s3_arn"></a> [cloudtrail\_s3\_arn](#output\_cloudtrail\_s3\_arn) | sydig-secure-for-cloud cloudtrail s3 arn, required for organizational use case, in order to give proper permissions to cloudconnector role to assume |
117117
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
118118

119119

120120
## Troubleshooting
121121

122-
- Q: How to **validate cloudvision cloud-connector (thread-detection) provisioning** is working as expected?<br/>
122+
- Q: How to **validate secure-for-cloud cloud-connector (thread-detection) provisioning** is working as expected?<br/>
123123
A: Check each pipeline resource is working as expected (from high to low lvl)
124124
- select a rule to break manually, from the 'Sysdig AWS Best Practices' policies. for example, 'Delete Bucket Public Access Block'. can you see the event?
125125
- are there any errors in the ECS task logs? can also check cloudwatch logs
126126
for previous example we should see the event
127127
```
128-
{"level":"info","component":"console-notifier","time":"2021-07-26T12:45:25Z","message":"A pulic access block for a bucket has been deleted (requesting user=OrganizationAccountAccessRole, requesting IP=x.x.x.x, AWS region=eu-central-1, bucket=sysdig-cloudvision-nnnnnn-config)"}
128+
{"level":"info","component":"console-notifier","time":"2021-07-26T12:45:25Z","message":"A pulic access block for a bucket has been deleted (requesting user=OrganizationAccountAccessRole, requesting IP=x.x.x.x, AWS region=eu-central-1, bucket=sysdig-secure-for-cloud-nnnnnn-config)"}
129129
```
130130
- are events consumed in the sqs queue, or are they pending?
131131
- are events being sent to sns topic?
132132
133133
134134
- Q: How to iterate **cloud-connector modification testing**
135135
<br/>A: Build a custom docker image of cloud-connector `docker build . -t <DOCKER_IMAGE> -f ./build/cloud-connector/Dockerfile` and upload it to any registry (like dockerhub).
136-
Modify the [var.image](https://github.com/sysdiglabs/terraform-aws-cloudvision/tree/master/modules/services/cloud-connector/variables.tf) variable to point to your image and deploy
136+
Modify the [var.image](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/tree/master/modules/services/cloud-connector/variables.tf) variable to point to your image and deploy
137137
138138
139139
- Q: How can I iterate **ECS testing**
140140
<br/>A: After applying your modifications (vía terraform for example) restart the service
141141
```
142-
$ aws ecs update-service --force-new-deployment --cluster sysdig-cloudvision-ecscluster --service sysdig-cloudvision-cloudconnector --profile <AWS_PROFILE>
142+
$ aws ecs update-service --force-new-deployment --cluster sysdig-secure-for-cloud-ecscluster --service sysdig-secure-for-cloud-cloudconnector --profile <AWS_PROFILE>
143143
```
144144
145145
For the AWS_PROFILE, set your `~/.aws/config` to impersonate
146146
```
147-
[profile cloudvision]
147+
[profile secure-for-cloud]
148148
region=eu-central-1
149149
role_arn=arn:aws:iam::<AWS_MASTER_ORGANIZATION_ACCOUNT>:role/OrganizationAccountAccessRole
150150
source_profile=<AWS_MASTER_ACCOUNT_PROFILE>

examples-internal/single-account-benchmark/README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
## Usage
22

33
```terraform
4-
module "cloudvision_aws_single_account" {
5-
source = "github.com/sysdiglabs/terraform-aws-cloudvision//examples-internal/single-account-benchmark"
4+
module "secure_for_cloud_aws_single_account" {
5+
source = "github.com/sysdiglabs/terraform-aws-secure-for-cloud//examples-internal/single-account-benchmark"
66
sysdig_secure_api_token = "00000000-1111-2222-3333-444444444444"
77
}
88
```

examples-internal/single-account-benchmark/variables.tf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ variable "sysdig_secure_api_token" {
1515
variable "region" {
1616
type = string
1717
default = "eu-central-1"
18-
description = "Default region for resource creation in both organization master and cloudvision member account"
18+
description = "Default region for resource creation in both organization master and secure-for-cloud member account"
1919
}
2020

2121
variable "sysdig_secure_endpoint" {
@@ -26,8 +26,8 @@ variable "sysdig_secure_endpoint" {
2626

2727
variable "tags" {
2828
type = map(string)
29-
description = "sysdig cloudvision tags"
29+
description = "sysdig secure-for-cloud tags"
3030
default = {
31-
"product" = "sysdig-cloudvision"
31+
"product" = "sysdig-secure-for-cloud"
3232
}
3333
}

examples-internal/single-account-scanning/README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
## Usage
22

33
```terraform
4-
module "cloudvision_aws_single_account" {
5-
source = "github.com/sysdiglabs/terraform-aws-cloudvision//examples-internal/single-account-scanning"
4+
module "secure_for_cloud_aws_single_account" {
5+
source = "github.com/sysdiglabs/terraform-aws-secure-for-cloud//examples-internal/single-account-scanning"
66
sysdig_secure_api_token = "00000000-1111-2222-3333-444444444444"
77
}
88
```

examples-internal/single-account-scanning/variables.tf

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -33,14 +33,14 @@ variable "cloudtrail_kms_enable" {
3333
variable "name" {
3434
type = string
3535
description = "Name for the Cloud Vision deployment"
36-
default = "sysdig-cloudvision"
36+
default = "sysdig-secure-for-cloud"
3737
}
3838

3939

4040
variable "region" {
4141
type = string
4242
default = "eu-central-1"
43-
description = "Default region for resource creation in both organization master and cloudvision member account"
43+
description = "Default region for resource creation in both organization master and secure-for-cloud member account"
4444
}
4545

4646
variable "sysdig_secure_endpoint" {
@@ -51,8 +51,8 @@ variable "sysdig_secure_endpoint" {
5151

5252
variable "tags" {
5353
type = map(string)
54-
description = "sysdig cloudvision tags"
54+
description = "sysdig secure-for-cloud tags"
5555
default = {
56-
"product" = "sysdig-cloudvision"
56+
"product" = "sysdig-secure-for-cloud"
5757
}
5858
}

0 commit comments

Comments
 (0)