chore(example): add single-account-scanning

Author: iru

examples/single-account-scanning/main.tf

@@ -0,0 +1,69 @@
+provider "aws" {
+  region = var.region
+}
+
+#-------------------------------------
+# general resources
+#-------------------------------------
+
+module "resource_group_master" {
+  source = "../../modules/infrastructure/resource-group"
+  name   = var.name
+  tags   = var.tags
+}
+
+module "cloudtrail" {
+  source                = "../../modules/infrastructure/cloudtrail"
+  name                  = var.name
+  is_organizational     = false
+  is_multi_region_trail = var.cloudtrail_is_multi_region_trail
+  cloudtrail_kms_enable = var.cloudtrail_kms_enable
+
+  tags = var.tags
+}
+
+module "ecs_fargate_cluster" {
+  source = "../../modules/infrastructure/ecs-fargate-cluster"
+  name   = var.name
+  tags   = var.tags
+}
+
+
+module "ssm" {
+  source                  = "../../modules/infrastructure/ssm"
+  name                    = var.name
+  sysdig_secure_api_token = var.sysdig_secure_api_token
+}
+
+
+module "codebuild" {
+  source                       = "../../modules/infrastructure/codebuild"
+  name                         = var.name
+  secure_api_token_secret_name = module.ssm.secure_api_token_secret_name
+
+  tags = var.tags
+  # note. this is required to avoid racing conditions
+  depends_on = [module.ssm]
+}
+
+
+module "cloud_scanning" {
+  source = "../../modules/services/cloud-scanning"
+  name   = "${var.name}-cloudscanning"
+
+  sysdig_secure_endpoint       = var.sysdig_secure_endpoint
+  secure_api_token_secret_name = module.ssm.secure_api_token_secret_name
+
+  build_project_arn  = module.codebuild.project_arn
+  build_project_name = module.codebuild.project_name
+
+  sns_topic_arn = module.cloudtrail.sns_topic_arn
+
+  ecs_cluster = module.ecs_fargate_cluster.id
+  vpc_id      = module.ecs_fargate_cluster.vpc_id
+  vpc_subnets = module.ecs_fargate_cluster.vpc_subnets
+
+  tags = var.tags
+  # note. this is required to avoid racing conditions
+  depends_on = [module.cloudtrail, module.ecs_fargate_cluster, module.codebuild, module.ssm]
+}

examples/single-account-scanning/outputs.tf

@@ -0,0 +1,58 @@
+variable "sysdig_secure_api_token" {
+  sensitive   = true
+  type        = string
+  description = "Sysdig Secure API token"
+}
+
+
+#---------------------------------
+# optionals - with defaults
+#---------------------------------
+
+#
+# cloudtrail configuration
+#
+
+variable "cloudtrail_is_multi_region_trail" {
+  type        = bool
+  default     = true
+  description = "testing/economization purpose. true/false whether cloudtrail will ingest multiregional events"
+}
+
+variable "cloudtrail_kms_enable" {
+  type        = bool
+  default     = true
+  description = "testing/economization purpose. true/false whether s3 should be encrypted"
+}
+
+
+#
+# general
+#
+
+variable "name" {
+  type        = string
+  description = "Name for the Cloud Vision deployment"
+  default     = "sysdig-cloudvision"
+}
+
+
+variable "region" {
+  type        = string
+  default     = "eu-central-1"
+  description = "Default region for resource creation in both organization master and cloudvision member account"
+}
+
+variable "sysdig_secure_endpoint" {
+  type        = string
+  default     = "https://secure.sysdig.com"
+  description = "Sysdig Secure API endpoint"
+}
+
+variable "tags" {
+  type        = map(string)
+  description = "sysdig cloudvision tags"
+  default = {
+    "product" = "sysdig-cloudvision"
+  }
+}

examples/single-account-scanning/variables.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_version = ">= 0.15.0"
+  required_providers {
+    aws = {
+      version = ">= 3.50.0"
+    }
+  }
+}