diff --git a/examples/organizational/README.md b/examples/organizational/README.md
index 12305325..51e4d44e 100644
--- a/examples/organizational/README.md
+++ b/examples/organizational/README.md
@@ -187,7 +187,6 @@ $ terraform apply
|------|-------------|------|---------|:--------:|
| [sysdig\_secure\_for\_cloud\_member\_account\_id](#input\_sysdig\_secure\_for\_cloud\_member\_account\_id) | organizational member account where the secure-for-cloud workload is going to be deployed | `string` | n/a | yes |
| [autoscaling\_config](#input\_autoscaling\_config) | if enable\_autoscaliing is enabled, ECS autoscaling configuration. for more insight check source code | object({
min_replicas = number
max_replicas = number
upscale_threshold = number
downscale_threshold = number
}) | {
"downscale_threshold": 30,
"max_replicas": 15,
"min_replicas": 2,
"upscale_threshold": 60
} | no |
-| [benchmark\_regions](#input\_benchmark\_regions) | List of regions in which to run the benchmark. If empty, the task will contain all aws regions by default. | `list(string)` | `[]` | no |
| [cloudtrail\_is\_multi\_region\_trail](#input\_cloudtrail\_is\_multi\_region\_trail) | true/false whether the created cloudtrail will ingest multi-regional events. testing/economization purpose. | `bool` | `true` | no |
| [cloudtrail\_kms\_enable](#input\_cloudtrail\_kms\_enable) | true/false whether the created cloudtrail should deliver encrypted events to s3 | `bool` | `true` | no |
| [cloudtrail\_s3\_bucket\_expiration\_days](#input\_cloudtrail\_s3\_bucket\_expiration\_days) | Number of days that the logs will persist in the bucket | `number` | `5` | no |
diff --git a/examples/organizational/cloud-bench.tf b/examples/organizational/cloud-bench.tf
index eabaa559..bdd6c887 100644
--- a/examples/organizational/cloud-bench.tf
+++ b/examples/organizational/cloud-bench.tf
@@ -9,7 +9,6 @@ module "cloud_bench_org" {
name = "${var.name}-cloudbench"
is_organizational = true
region = data.aws_region.current.name
- benchmark_regions = var.benchmark_regions
tags = var.tags
}
@@ -25,7 +24,6 @@ module "cloud_bench_single" {
name = "${var.name}-cloudbench"
is_organizational = false
region = data.aws_region.current.name
- benchmark_regions = var.benchmark_regions
tags = var.tags
}
diff --git a/examples/organizational/variables.tf b/examples/organizational/variables.tf
index 446cddb7..55043c5b 100644
--- a/examples/organizational/variables.tf
+++ b/examples/organizational/variables.tf
@@ -126,12 +126,6 @@ variable "deploy_benchmark_organizational" {
description = "true/false whether benchmark module should be deployed on organizational or single-account mode (1 role per org accounts if true, 1 role in default aws provider account if false)"
}
-variable "benchmark_regions" {
- type = list(string)
- description = "List of regions in which to run the benchmark. If empty, the task will contain all aws regions by default."
- default = []
-}
-
#---------------------------------
# ecs, security group, vpc
diff --git a/examples/single-account-apprunner/README.md b/examples/single-account-apprunner/README.md
index 3f0ddcbb..ead476fd 100644
--- a/examples/single-account-apprunner/README.md
+++ b/examples/single-account-apprunner/README.md
@@ -96,7 +96,6 @@ $ terraform apply
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [benchmark\_regions](#input\_benchmark\_regions) | List of regions in which to run the benchmark. If empty, the task will contain all aws regions by default. | `list(string)` | `[]` | no |
| [cloudconnector\_ecr\_image\_uri](#input\_cloudconnector\_ecr\_image\_uri) | URI to cloudconnectors image on ECR | `string` | `"public.ecr.aws/o5x4u2t4/cloud-connector:latest"` | no |
| [cloudtrail\_is\_multi\_region\_trail](#input\_cloudtrail\_is\_multi\_region\_trail) | true/false whether cloudtrail will ingest multiregional events | `bool` | `true` | no |
| [cloudtrail\_kms\_enable](#input\_cloudtrail\_kms\_enable) | true/false whether cloudtrail delivered events to S3 should persist encrypted | `bool` | `true` | no |
diff --git a/examples/single-account-apprunner/benchmark.tf b/examples/single-account-apprunner/benchmark.tf
index b793a5fa..91577a08 100644
--- a/examples/single-account-apprunner/benchmark.tf
+++ b/examples/single-account-apprunner/benchmark.tf
@@ -2,8 +2,6 @@ module "cloud_bench" {
source = "../../modules/services/cloud-bench"
count = var.deploy_benchmark ? 1 : 0
- name = "${var.name}-cloudbench"
- benchmark_regions = var.benchmark_regions
-
+ name = "${var.name}-cloudbench"
tags = var.tags
}
diff --git a/examples/single-account-apprunner/variables.tf b/examples/single-account-apprunner/variables.tf
index 9e1635a6..37a5b4ee 100644
--- a/examples/single-account-apprunner/variables.tf
+++ b/examples/single-account-apprunner/variables.tf
@@ -58,12 +58,6 @@ variable "deploy_benchmark" {
default = true
}
-variable "benchmark_regions" {
- type = list(string)
- description = "List of regions in which to run the benchmark. If empty, the task will contain all aws regions by default."
- default = []
-}
-
#
# general
#
diff --git a/examples/single-account-ecs/README.md b/examples/single-account-ecs/README.md
index 9c01c7eb..60124922 100644
--- a/examples/single-account-ecs/README.md
+++ b/examples/single-account-ecs/README.md
@@ -98,7 +98,6 @@ $ terraform apply
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [autoscaling\_config](#input\_autoscaling\_config) | if enable\_autoscaliing is enabled, ECS autoscaling configuration. for more insight check source code | object({
min_replicas = number
max_replicas = number
upscale_threshold = number
downscale_threshold = number
}) | {
"downscale_threshold": 30,
"max_replicas": 10,
"min_replicas": 1,
"upscale_threshold": 60
} | no |
-| [benchmark\_regions](#input\_benchmark\_regions) | List of regions in which to run the benchmark. If empty, the task will contain all aws regions by default. | `list(string)` | `[]` | no |
| [cloud\_connector\_image](#input\_cloud\_connector\_image) | Image to use for the cloud connector. If empty, the default image will be used. | `string` | `"quay.io/sysdig/cloud-connector:latest"` | no |
| [cloudtrail\_is\_multi\_region\_trail](#input\_cloudtrail\_is\_multi\_region\_trail) | true/false whether cloudtrail will ingest multiregional events | `bool` | `true` | no |
| [cloudtrail\_kms\_enable](#input\_cloudtrail\_kms\_enable) | true/false whether cloudtrail delivered events to S3 should persist encrypted | `bool` | `true` | no |
diff --git a/examples/single-account-ecs/benchmark.tf b/examples/single-account-ecs/benchmark.tf
index b793a5fa..91577a08 100644
--- a/examples/single-account-ecs/benchmark.tf
+++ b/examples/single-account-ecs/benchmark.tf
@@ -2,8 +2,6 @@ module "cloud_bench" {
source = "../../modules/services/cloud-bench"
count = var.deploy_benchmark ? 1 : 0
- name = "${var.name}-cloudbench"
- benchmark_regions = var.benchmark_regions
-
+ name = "${var.name}-cloudbench"
tags = var.tags
}
diff --git a/examples/single-account-ecs/variables.tf b/examples/single-account-ecs/variables.tf
index 4c35ecb8..6c2ee3d7 100644
--- a/examples/single-account-ecs/variables.tf
+++ b/examples/single-account-ecs/variables.tf
@@ -110,12 +110,6 @@ variable "deploy_benchmark" {
default = true
}
-variable "benchmark_regions" {
- type = list(string)
- description = "List of regions in which to run the benchmark. If empty, the task will contain all aws regions by default."
- default = []
-}
-
#
# cloud connector connector configuration
#
diff --git a/examples/single-account-k8s/README.md b/examples/single-account-k8s/README.md
index fea2d12b..101dff7f 100644
--- a/examples/single-account-k8s/README.md
+++ b/examples/single-account-k8s/README.md
@@ -114,7 +114,6 @@ $ terraform apply
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [benchmark\_regions](#input\_benchmark\_regions) | List of regions in which to run the benchmark. If empty, the task will contain all aws regions by default. | `list(string)` | `[]` | no |
| [cloudtrail\_is\_multi\_region\_trail](#input\_cloudtrail\_is\_multi\_region\_trail) | true/false whether cloudtrail will ingest multiregional events. testing/economization purpose. | `bool` | `true` | no |
| [cloudtrail\_kms\_enable](#input\_cloudtrail\_kms\_enable) | true/false whether s3 should be encrypted. testing/economization purpose. | `bool` | `true` | no |
| [cloudtrail\_sns\_arn](#input\_cloudtrail\_sns\_arn) | ARN of a pre-existing cloudtrail\_sns. If defaulted, a new cloudtrail will be created. If specified, deployment region must match Cloudtrail S3 bucket region | `string` | `"create"` | no |
diff --git a/examples/single-account-k8s/benchmark.tf b/examples/single-account-k8s/benchmark.tf
index b793a5fa..91577a08 100644
--- a/examples/single-account-k8s/benchmark.tf
+++ b/examples/single-account-k8s/benchmark.tf
@@ -2,8 +2,6 @@ module "cloud_bench" {
source = "../../modules/services/cloud-bench"
count = var.deploy_benchmark ? 1 : 0
- name = "${var.name}-cloudbench"
- benchmark_regions = var.benchmark_regions
-
+ name = "${var.name}-cloudbench"
tags = var.tags
}
diff --git a/examples/single-account-k8s/variables.tf b/examples/single-account-k8s/variables.tf
index ce0d8403..2509bc56 100644
--- a/examples/single-account-k8s/variables.tf
+++ b/examples/single-account-k8s/variables.tf
@@ -69,11 +69,6 @@ variable "deploy_benchmark" {
description = "Whether to deploy or not the cloud benchmarking"
default = true
}
-variable "benchmark_regions" {
- type = list(string)
- description = "List of regions in which to run the benchmark. If empty, the task will contain all aws regions by default."
- default = []
-}
#
# aws iam user configuration
diff --git a/modules/services/cloud-bench/README.md b/modules/services/cloud-bench/README.md
index 3e7ce25b..0733cdc8 100644
--- a/modules/services/cloud-bench/README.md
+++ b/modules/services/cloud-bench/README.md
@@ -21,7 +21,6 @@ This module will be deployed as a StackSet and it will take into account newly m
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
| [aws](#requirement\_aws) | >= 3.62.0 |
-| [random](#requirement\_random) | >= 3.1.0 |
| [sysdig](#requirement\_sysdig) | >= 0.5.29 |
## Providers
@@ -29,7 +28,6 @@ This module will be deployed as a StackSet and it will take into account newly m
| Name | Version |
|------|---------|
| [aws](#provider\_aws) | >= 3.62.0 |
-| [random](#provider\_random) | >= 3.1.0 |
| [sysdig](#provider\_sysdig) | >= 0.5.29 |
## Modules
@@ -44,9 +42,6 @@ No modules.
| [aws_cloudformation_stack_set_instance.stackset_instance](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack_set_instance) | resource |
| [aws_iam_role.cloudbench_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.cloudbench_security_audit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
-| [random_integer.hour](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource |
-| [random_integer.minute](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource |
-| [sysdig_secure_benchmark_task.benchmark_task](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/resources/secure_benchmark_task) | resource |
| [sysdig_secure_cloud_account.cloud_account](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/resources/secure_cloud_account) | resource |
| [aws_caller_identity.me](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy.security_audit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
@@ -58,7 +53,6 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [benchmark\_regions](#input\_benchmark\_regions) | List of regions in which to run the benchmark. If empty, the task will contain all aws regions by default. | `list(string)` | `[]` | no |
| [is\_organizational](#input\_is\_organizational) | true/false whether secure-for-cloud should be deployed in an organizational setup (all accounts of org) or not (only on default aws provider account) | `bool` | `false` | no |
| [name](#input\_name) | The name of the IAM Role that will be created. | `string` | `"sfc-cloudbench"` | no |
| [provision\_caller\_account](#input\_provision\_caller\_account) | true/false whether to provision the aws provider account (if is\_organizational=true management account, if is\_organizational=false it will depend on the provider setup on the caller module | `bool` | `true` | no |
diff --git a/modules/services/cloud-bench/main.tf b/modules/services/cloud-bench/main.tf
index 91677409..6f962e66 100644
--- a/modules/services/cloud-bench/main.tf
+++ b/modules/services/cloud-bench/main.tf
@@ -16,10 +16,6 @@ locals {
caller_account = data.aws_caller_identity.me.account_id
member_account_ids = var.is_organizational ? [for a in data.aws_organizations_organization.org[0].non_master_accounts : a.id] : []
account_ids_to_deploy = var.is_organizational && var.provision_caller_account ? concat(local.member_account_ids, [data.aws_organizations_organization.org[0].master_account_id]) : local.member_account_ids
-
- benchmark_task_name = var.is_organizational ? "Organization: ${data.aws_organizations_organization.org[0].id}" : local.caller_account
- accounts_scope_clause = var.is_organizational ? "aws.accountId in (\"${join("\", \"", local.account_ids_to_deploy)}\")" : "aws.accountId = \"${local.caller_account}\""
- regions_scope_clause = length(var.benchmark_regions) == 0 ? "" : " and aws.region in (\"${join("\", \"", var.benchmark_regions)}\")"
}
#----------------------------------------------------------
@@ -46,31 +42,6 @@ locals {
)
}
-resource "random_integer" "minute" {
- max = 59
- min = 0
-}
-
-resource "random_integer" "hour" {
- max = 23
- min = 0
-}
-
-resource "sysdig_secure_benchmark_task" "benchmark_task" {
- name = "Sysdig Secure for Cloud (AWS) - ${local.benchmark_task_name} - ${var.name}"
- schedule = "${random_integer.minute.result} ${random_integer.hour.result} * * *"
- schema = "aws_foundations_bench-1.3.0"
- scope = "${local.accounts_scope_clause}${local.regions_scope_clause}"
-
- # Creation of a task requires that the Cloud Account already exists in the backend, and has `role_enabled = true`
- # We only want to create the task once the rust relationship is established, otherwise running the task will fail.
- depends_on = [
- sysdig_secure_cloud_account.cloud_account,
- aws_iam_role_policy_attachment.cloudbench_security_audit, # Depends on cloudbench_role implicitly
- ]
-}
-
-
#----------------------------------------------------------
# If this is not an Organizational deploy, create role/polices directly
#----------------------------------------------------------
diff --git a/modules/services/cloud-bench/variables.tf b/modules/services/cloud-bench/variables.tf
index e1cbdd9e..cd1e98fa 100644
--- a/modules/services/cloud-bench/variables.tf
+++ b/modules/services/cloud-bench/variables.tf
@@ -20,12 +20,6 @@ variable "region" {
description = "Default region for resource creation in organization mode"
}
-variable "benchmark_regions" {
- type = list(string)
- description = "List of regions in which to run the benchmark. If empty, the task will contain all aws regions by default."
- default = []
-}
-
variable "provision_caller_account" {
type = bool
default = true
diff --git a/modules/services/cloud-bench/versions.tf b/modules/services/cloud-bench/versions.tf
index 31eb7aad..34321d35 100644
--- a/modules/services/cloud-bench/versions.tf
+++ b/modules/services/cloud-bench/versions.tf
@@ -1,11 +1,6 @@
terraform {
required_version = ">= 1.0.0"
required_providers {
- random = {
- source = "hashicorp/random"
- version = ">= 3.1.0"
- }
-
aws = {
version = ">= 3.62.0"
}