Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-04-21 13:37:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 91
fleet/terraform/addons/vuln-processing
History
George Karr 5af2f9751a
Adding changes for Fleet v4.51.1 (#19649) 
Co-authored-by: Luke Heath <luke@fleetdm.com>
2024-06-12 16:27:18 -05:00
..
efs.tf create vuln processing addon (#10526) 2023-03-29 08:57:10 -04:00
iam.tf create vuln processing addon (#10526) 2023-03-29 08:57:10 -04:00
main.tf create vuln processing addon (#10526) 2023-03-29 08:57:10 -04:00
outputs.tf create vuln processing addon (#10526) 2023-03-29 08:57:10 -04:00
README.md update deploying on terraform guide to be module based, update terraf… (#11847) 2023-05-30 20:11:06 -04:00
variables.tf Adding changes for Fleet v4.51.1 (#19649) 2024-06-12 16:27:18 -05:00

README.md

vulnerability processing addon

This addon adds external vulnerability processing to the Fleet deployment.

Be sure to set FLEET_VULNERABILITIES_DISABLE_SCHEDULE = "true" or use this modules' fleet_extra_environment_variables output to configure your Fleet server deployment.

Below is an example implementation of the module:

module "vulnerability_processing" {
  source                     = "github.com/fleetdm/fleet//terraform/addons/vuln-processing?ref=main"
  customer_prefix = "fleet"
  ecs_cluster     = module.main.byo-vpc.byo-db.byo-ecs.cluster.cluster_arn
  vpc_id          = module.main.vpc.vpc_id
  fleet_config = {
    image = "fleetdm/fleet:v4.31.1"
    database = {
      password_secret_arn = module.main.byo-vpc.secrets.secret_arns["${var.rds_config.name}-database-password"]
      user                = module.main.byo-vpc.rds.db_instance_username
      address             = "${module.main.byo-vpc.rds.db_instance_endpoint}:${module.main.byo-vpc.rds.db_instance_port}"
      database            = module.main.byo-vpc.rds.db_instance_name
    }
    extra_environment_variables = {
      FLEET_LOGGING_DEBUG = "true"
      FLEET_LOGGING_JSON  = "true"
    }
    extra_secrets = {
      // FLEET_LICENSE_KEY: "secret_manager_license_key_arn" // note needed for some feature of vuln processing
    }
    networking = {
      subnets         = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].subnets
      security_groups = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].security_groups
    }
  }
}

Requirements

VPC DNS Hostnames must be enabled for proper communication to EFS mounted volumes.

Providers

Name Version
aws n/a

Modules

No modules.

Resources

Name Type
aws_ecs_task_definition.vuln-data-stream resource
aws_ecs_task_definition.vuln-processing resource
aws_efs_file_system.vuln resource
aws_efs_mount_target.vuln resource
aws_cloudwatch_event_rule.vuln_processing resource
aws_cloudwatch_event_target.vuln_processing resource
aws_security_group.efs_security_group resource
aws_iam_role.main resource
aws_iam_role_policy_attachment.main resource
aws_iam_role.main resource

Inputs

Name Description Type Default Required
customer_prefix customer prefix to use to namespace all resources string "fleet" no
ecs_cluster ECS cluster ARN string n/a yes
vpc_id n/a string n/a yes
fleet_config The configuration object for Fleet itself. Fields that default to null will have their respective resources created if not specified. object no yes

Outputs

No outputs.