add vuln processing module to dogfood (#16742)

infrastructure/dogfood/terraform/aws-tf-module/.terraform.lock.hcl

@@ -154,6 +154,7 @@ provider "registry.terraform.io/kreuzwerker/docker" {
   constraints = "3.0.2"
   hashes = [
     "h1:XjdpVL61KtTsuPE8swok3GY8A+Bu3TZs8T2DOEpyiXo=",
+    "h1:cT2ccWOtlfKYBUE60/v2/4Q6Stk1KYTNnhxSck+VPlU=",
     "zh:15b0a2b2b563d8d40f62f83057d91acb02cd0096f207488d8b4298a59203d64f",
     "zh:23d919de139f7cd5ebfd2ff1b94e6d9913f0977fcfc2ca02e1573be53e269f95",
     "zh:38081b3fe317c7e9555b2aaad325ad3fa516a886d2dfa8605ae6a809c1072138",

infrastructure/dogfood/terraform/aws-tf-module/free.tf

@@ -15,7 +15,7 @@ locals {
 }
 
 module "free" {
-  source = "github.com/fleetdm/fleet//terraform/byo-vpc?ref=tf-mod-byo-vpc-v1.8.0"
+  source = "github.com/fleetdm/fleet//terraform/byo-vpc?ref=tf-mod-byo-vpc-v1.8.1"
   vpc_config = {
     name   = local.customer_free
     vpc_id = module.main.vpc.vpc_id

infrastructure/dogfood/terraform/aws-tf-module/main.tf

@@ -63,7 +63,7 @@ locals {
 }
 
 module "main" {
-  source          = "github.com/fleetdm/fleet//terraform?ref=tf-mod-root-v1.7.0"
+  source          = "github.com/fleetdm/fleet//terraform?ref=tf-mod-root-v1.7.1"
   certificate_arn = module.acm.acm_certificate_arn
   vpc = {
     name = local.customer
@@ -93,6 +93,8 @@ module "main" {
   fleet_config = {
     image  = local.geolite2_image
     family = local.customer
+    cpu    = 256
+    mem    = 512
     autoscaling = {
       min_capacity = 2
       max_capacity = 5
@@ -113,7 +115,15 @@ module "main" {
     }
     extra_iam_policies           = concat(module.firehose-logging.fleet_extra_iam_policies, module.osquery-carve.fleet_extra_iam_policies, module.ses.fleet_extra_iam_policies)
     extra_execution_iam_policies = concat(module.mdm.extra_execution_iam_policies, [aws_iam_policy.sentry.arn]) #, module.saml_auth_proxy.fleet_extra_execution_policies)
-    extra_environment_variables  = merge(module.mdm.extra_environment_variables, module.firehose-logging.fleet_extra_environment_variables, module.osquery-carve.fleet_extra_environment_variables, module.ses.fleet_extra_environment_variables, local.extra_environment_variables, module.geolite2.extra_environment_variables)
+    extra_environment_variables  = merge(
+      module.mdm.extra_environment_variables,
+      module.firehose-logging.fleet_extra_environment_variables,
+      module.osquery-carve.fleet_extra_environment_variables,
+      module.ses.fleet_extra_environment_variables,
+      local.extra_environment_variables,
+      module.geolite2.extra_environment_variables,
+      module.vuln-processing.extra_environment_variables
+    )
     extra_secrets                = merge(module.mdm.extra_secrets, local.sentry_secrets)
     # extra_load_balancers         = [{
     #   target_group_arn = module.saml_auth_proxy.lb_target_group_arn
@@ -440,3 +450,18 @@ module "geolite2" {
   destination_image = local.geolite2_image
   license_key       = var.geolite2_license
 }
+
+module "vuln-processing" {
+  source                 = "github.com/fleetdm/fleet//terraform/addons/external-vuln-scans?ref=tf-mod-addon-external-vuln-scans-v2.0.0"
+  ecs_cluster            = module.main.byo-vpc.byo-db.byo-ecs.service.cluster
+  execution_iam_role_arn = module.main.byo-vpc.byo-db.byo-ecs.execution_iam_role_arn
+  subnets                = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].subnets
+  security_groups        = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].security_groups
+  fleet_config           = module.main.byo-vpc.byo-db.byo-ecs.fleet_config
+  task_role_arn          = module.main.byo-vpc.byo-db.byo-ecs.iam_role_arn
+  awslogs_config = {
+    group  = module.main.byo-vpc.byo-db.byo-ecs.fleet_config.awslogs.name
+    region = module.main.byo-vpc.byo-db.byo-ecs.fleet_config.awslogs.region
+    prefix = module.main.byo-vpc.byo-db.byo-ecs.fleet_config.awslogs.prefix
+  }
+}