Fix for sandbox vuln processing (#12763)

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

- [ ] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or
docs/Contributing/API-for-contributors.md)
- [ ] Documented any permissions changes
- [ ] Input data is properly validated, `SELECT *` is avoided, SQL
injection is prevented (using placeholders for values in statements)
- [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [ ] Added/updated tests
- [ ] Manual QA for all new/changed functionality
  - For Orbit and Fleet Desktop changes:
- [ ] Manual QA must be performed in the three main OSs, macOS, Windows
and Linux.
- [ ] Auto-update manual QA, from released version of component to new
version (see [tools/tuf/test](../tools/tuf/test/README.md)).

infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/fleet/templates/cronjobs.yaml

@@ -35,10 +35,10 @@ spec:
             resources:
               limits:
                 cpu: {{ .Values.resources.limits.cpu }}
-                memory: {{ .Values.resources.limits.memory }}
+                memory: "2Gi"
               requests:
                 cpu: {{ .Values.resources.requests.cpu }}
-                memory: {{ .Values.resources.requests.memory }}
+                memory: "2Gi"
             env:
               ## BEGIN FLEET SECTION
               - name: FLEET_SERVER_SANDBOX_ENABLED

infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/fleet/templates/deployment.yaml

@@ -62,7 +62,7 @@ spec:
             value: elasticapm
           - name: FLEET_LOGGING_TRACING_ENABLED
             value: "true"
-          - name: FLEET_VULNERABILITIES_EXTERNAL_SCHEDULED
+          - name: FLEET_VULNERABILITIES_DISABLE_SCHEDULE
             value: "true"
           - name: FLEET_SESSION_DURATION
             value: "1y"

infrastructure/sandbox/PreProvisioner/lambda/deploy_terraform/main.tf

@@ -212,6 +212,16 @@ resource "helm_release" "main" {
     name  = "apm.token"
     value = var.apm_token
   }
+
+  set {
+    name  = "resources.limits.memory"
+    value = "512Mi"
+  }
+
+  set {
+    name  = "resources.requests.memory"
+    value = "512Mi"
+  }
 }
 
 data "aws_iam_policy_document" "main" {