Skip to content

Commit

Permalink
add vuln processing module to dogfood (#16742)
Browse files Browse the repository at this point in the history
  • Loading branch information
edwardsb authored Feb 15, 2024
1 parent e1e1139 commit d5a9e8f
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 3 deletions.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion infrastructure/dogfood/terraform/aws-tf-module/free.tf
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ locals {
}

module "free" {
source = "github.com/fleetdm/fleet//terraform/byo-vpc?ref=tf-mod-byo-vpc-v1.8.0"
source = "github.com/fleetdm/fleet//terraform/byo-vpc?ref=tf-mod-byo-vpc-v1.8.1"
vpc_config = {
name = local.customer_free
vpc_id = module.main.vpc.vpc_id
Expand Down
29 changes: 27 additions & 2 deletions infrastructure/dogfood/terraform/aws-tf-module/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ locals {
}

module "main" {
source = "github.com/fleetdm/fleet//terraform?ref=tf-mod-root-v1.7.0"
source = "github.com/fleetdm/fleet//terraform?ref=tf-mod-root-v1.7.1"
certificate_arn = module.acm.acm_certificate_arn
vpc = {
name = local.customer
Expand Down Expand Up @@ -93,6 +93,8 @@ module "main" {
fleet_config = {
image = local.geolite2_image
family = local.customer
cpu = 256
mem = 512
autoscaling = {
min_capacity = 2
max_capacity = 5
Expand All @@ -113,7 +115,15 @@ module "main" {
}
extra_iam_policies = concat(module.firehose-logging.fleet_extra_iam_policies, module.osquery-carve.fleet_extra_iam_policies, module.ses.fleet_extra_iam_policies)
extra_execution_iam_policies = concat(module.mdm.extra_execution_iam_policies, [aws_iam_policy.sentry.arn]) #, module.saml_auth_proxy.fleet_extra_execution_policies)
extra_environment_variables = merge(module.mdm.extra_environment_variables, module.firehose-logging.fleet_extra_environment_variables, module.osquery-carve.fleet_extra_environment_variables, module.ses.fleet_extra_environment_variables, local.extra_environment_variables, module.geolite2.extra_environment_variables)
extra_environment_variables = merge(
module.mdm.extra_environment_variables,
module.firehose-logging.fleet_extra_environment_variables,
module.osquery-carve.fleet_extra_environment_variables,
module.ses.fleet_extra_environment_variables,
local.extra_environment_variables,
module.geolite2.extra_environment_variables,
module.vuln-processing.extra_environment_variables
)
extra_secrets = merge(module.mdm.extra_secrets, local.sentry_secrets)
# extra_load_balancers = [{
# target_group_arn = module.saml_auth_proxy.lb_target_group_arn
Expand Down Expand Up @@ -440,3 +450,18 @@ module "geolite2" {
destination_image = local.geolite2_image
license_key = var.geolite2_license
}

module "vuln-processing" {
source = "github.com/fleetdm/fleet//terraform/addons/external-vuln-scans?ref=tf-mod-addon-external-vuln-scans-v2.0.0"
ecs_cluster = module.main.byo-vpc.byo-db.byo-ecs.service.cluster
execution_iam_role_arn = module.main.byo-vpc.byo-db.byo-ecs.execution_iam_role_arn
subnets = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].subnets
security_groups = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].security_groups
fleet_config = module.main.byo-vpc.byo-db.byo-ecs.fleet_config
task_role_arn = module.main.byo-vpc.byo-db.byo-ecs.iam_role_arn
awslogs_config = {
group = module.main.byo-vpc.byo-db.byo-ecs.fleet_config.awslogs.name
region = module.main.byo-vpc.byo-db.byo-ecs.fleet_config.awslogs.region
prefix = module.main.byo-vpc.byo-db.byo-ecs.fleet_config.awslogs.prefix
}
}

0 comments on commit d5a9e8f

Please sign in to comment.