This repository contains terraform files to deploy a k3s cluster on an ARM64 instance with a defender agent on AWS and GCP. This is intended for demonstration purposes of Prisma Cloud's support of the ARM architecture.
AWS
- VPC (1)
- Security Group (1)
- Subnet (1)
- Internet Gateway (1)
- Default Route Table (1)
- EC2 Instance (1)
- EC2 Launch Template (1)
GCP
- GCE Instance (1)
- Prisma Cloud Compute Edition (version 22.06 or later) or Prisma Cloud Enterprise Edition
- Access Keys (Enterprise Edition) or User Credentials (Compute Edition)
- AWS Account / GCP Account
- Terraform Cloud Account
- Clone this repository.
git clone https://github.com/amckenzie7/Workload-Protection-on-ARM.git
cd Workload-Protection-on-ARM
- Change directory to the folder of the cloud provider you'll be using.
cd aws
or
cd gcp
- Open the
terraform.auto.tfvarsfile and replace the following variables. Do not include the braces.
AWS
key_pair = "[KEY_PAIR]" # EC2 Instance Key Pair
pcc_username = "[COMPUTE_USER]" # Access ID for SaaS users
pcc_password = "[COMPUTE_PASS]" # Secret Key for SaaS users
pcc_domain_name = "[CONSOLE_DOMAIN_NAME]" # Domain name loacted in Compute > Manage > System > Utilities Path to Console for SaaS Users
GCP
project_id = "[PROJECT_ID]" # GCP Project ID
pcc_username = "[COMPUTE_USER]" # Access ID for SaaS users
pcc_password = "[COMPUTE_PASS]" # Secret Key for SaaS users
pcc_domain_name = "[CONSOLE_DOMAIN_NAME]" # Domain name loacted in Compute > Manage > System > Utilities Path to Console for SaaS Users
- Navigate to the
provider.tffile and modify the terrraform block to organization and workspace this project will be executed within Terraform Cloud.
terraform {
cloud {
organization = "[ORGANIZATION_NAME]"
workspaces {
name = "[WORKSPACE_NAME]"
}
}
}
- Initialize the project
terraform init
- Validate the project
terraform validate
- Apply the project
terraform apply
- Custom networking resources for GCP