Skip to content

Latest commit

 

History

History
 
 

cloud-bench

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

Cloud Bench deploy in AWS Module

Deployed on the target AWS account(s):

  • The required IAM Role and IAM Policies (arn:aws:iam::aws:policy/SecurityAudit) to allow Sysdig to run AWS Benchmarks on your behalf.
    • A Sysdig provided ExternalId will be used.
    • This is done using aws_cloudformation_stack_set.

Deployed on Sysdig Backend

  • The required provisioning on Sysdig Backend to use the ExternalId-basedIAM Role with an AssumeRole.
  • An aws_foundations_bench-1.3.0 benchmak task schedule on a random hour of the day rand rand * * *

This module will be deployed as a StackSet and it will take into account newly member accounts added to the Organization.

Requirements

Name Version
terraform >= 1.0.0
aws >= 3.62.0
random >= 3.1.0
sysdig >= 0.5.29

Providers

Name Version
aws 4.26.0
random 3.3.2
sysdig 0.5.39

Modules

No modules.

Resources

Name Type
aws_cloudformation_stack_set.stackset resource
aws_cloudformation_stack_set_instance.stackset_instance resource
aws_iam_role.cloudbench_role resource
aws_iam_role_policy_attachment.cloudbench_security_audit resource
random_integer.hour resource
random_integer.minute resource
sysdig_secure_benchmark_task.benchmark_task resource
sysdig_secure_cloud_account.cloud_account resource
aws_caller_identity.me data source
aws_iam_policy.security_audit data source
aws_iam_policy_document.trust_relationship data source
aws_organizations_organization.org data source
sysdig_secure_trusted_cloud_identity.trusted_identity data source

Inputs

Name Description Type Default Required
benchmark_regions List of regions in which to run the benchmark. If empty, the task will contain all aws regions by default. list(string) [] no
is_organizational whether secure-for-cloud should be deployed in an organizational setup bool false no
name The name of the IAM Role that will be created. string "sfc-cloudbench" no
provision_in_management_account Whether to deploy the stack in the management account bool true no
region Default region for resource creation in organization mode string "eu-central-1" no
tags sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning map(string) 
{
  "product": "sysdig-secure-for-cloud"
}
 no

Outputs

No outputs.

Authors

Module is maintained by Sysdig.

License

Apache 2 Licensed. See LICENSE for full details.