Skip to content

Latest commit

 

History

History

single-account

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
cloudtrail.tf
cloudtrail.tf
 
 
main.tf
main.tf
 
 
outputs.tf
outputs.tf
 
 
sqs.tf
sqs.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

README.md

Connect Falco To Cloudtrail Resources in AWS
[ Example :: Single-Account ]

Deploy A Falco cloudtrail plugin input in a single AWS account.
All the required resources and workloads will be run under the same account.

Prerequisites

Minimum requirements:

  1. Configure Terraform AWS Provider

Notice

  • Resource creation inventory Find all the resources created by this example in the resource-group falcosecurity-for-cloud (AWS Resource Group & Tag Editor)

  • Deployment cost This example will create resources that cost money.
    Run terraform destroy when you don't need them anymore

Usage

For quick testing, use this snippet on your terraform files

terraform {
   required_providers {
   }
}

provider "aws" {
   region = "<AWS-REGION>; ex. us-east-1"
}

module "falcosecurity_for_cloud_aws_single_account" {
   source = "falcosecurity/falcosecurity-for-cloud/aws/examples/single-account"
}

See inputs summary or module variables.tf file for more optional configuration.

To run this example you need have your aws account profile configured in CLI and to execute:

$ terraform init
$ terraform plan
$ terraform apply

Requirements

Name Version
terraform >= 0.15.0
aws >= 4.0.0

Providers

Modules

Name Source Version
cloudtrail ../../modules/infrastructure/cloudtrail n/a
sqs_sns_subscription ../../modules/infrastructure/sqs-sns-subscription n/a
resource_group ../../modules/infrastructure/resource-group n/a

Resources

Inputs

Name Description Type Default Required
cloudtrail_is_multi_region_trail true/false whether cloudtrail will ingest multiregional events bool true no
cloudtrail_kms_enable true/false whether cloudtrail delivered events to S3 should persist encrypted bool true no
cloudtrail_sns_arn ARN of a pre-existing cloudtrail_sns. If defaulted, a new cloudtrail will be created string "create" no
name Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances string "ffc" no
tags falcosecurity-for-cloud tags map(string) 
{
  "product": "falcosecurity-for-cloud"
}
 no

Outputs

Name Description
cloudtrail_sns_subscribed_sqs_arn ARN of the cloudtrail-sns subscribed sqs
cloudtrail_sns_subscribed_sqs_url URL of the cloudtrail-sns subscribed sqs

Authors

This was originally based on the Terraform module for Sysdig Secure.

License

Apache 2 Licensed. See LICENSE for full details.