mirror of
https://github.com/fleetdm/fleet
synced 2026-04-27 00:17:21 +00:00
e952ef06c0
# Github Actions (New)
- New workflow to deploy/destroy loadtest infrastructure with one-click
(Needs to be tested)
- Common inputs drive configuration and deployment of loadtest
infrastructure
- tag
- fleet_task_count
- fleet_task_memory
- fleet_task_cpu
- fleet_database_instance_size
- fleet_database_instance_count
- fleet_redis_instance_size
- fleet_redis_instance_count
- terraform_workspace
- terraform_action
- New workflow to deploy/destroy osquery-perf to loadtest infrastructure
with one-click (Needs to be tested)
- Common inputs drive configuration and deployment of osquery-perf
resources
- tag
- git_branch
- loadtest_containers
- extra_flags
- terraform_workspace
- terraform_action
- New workflow to deploy shared loadtest resources with one-click (Needs
to be tested)
# Loadtest Infrastructure (New)
- New directory (`infrastructure/loadtesting/terraform/infra`) for
one-click deployment
- Loadtest environment updated to use [fleet-terraform
modules](https://github.com/fleetdm/fleet-terraform)
- [Deployment documentation
updated](0c254bca40/infrastructure/loadtesting/terraform/infra/README.md)
to reflect new steps
# Osquery-perf deployment (New)
- New directory (`infrastructure/loadtesting/terraform/osquery-perf`)
for the deployment of osquery-perf
- osquery-perf updated to use [fleet-terraform
modules](https://github.com/fleetdm/fleet-terraform)
- [Deployment documentation
updated](0c254bca40/infrastructure/loadtesting/terraform/osquery_perf)
to reflect new steps
39 lines
No EOL
996 B
HCL
39 lines
No EOL
996 B
HCL
data "aws_iam_policy_document" "license" {
|
|
statement {
|
|
effect = "Allow"
|
|
actions = ["secretsmanager:GetSecretValue"]
|
|
resources = [
|
|
data.aws_secretsmanager_secret.license.arn
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "aws_iam_policy" "license" {
|
|
name = "${local.customer}-license-iam-policy"
|
|
policy = data.aws_iam_policy_document.license.json
|
|
}
|
|
|
|
data "aws_iam_policy_document" "enroll" {
|
|
statement {
|
|
effect = "Allow"
|
|
actions = ["secretsmanager:GetSecretValue"]
|
|
resources = [
|
|
data.aws_secretsmanager_secret_version.enroll_secret.arn
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "aws_iam_policy" "enroll" {
|
|
name = "${local.customer}-enroll-policy"
|
|
description = "IAM policy that Fleet application uses to define access to AWS resources"
|
|
policy = data.aws_iam_policy_document.enroll.json
|
|
}
|
|
|
|
resource "aws_iam_role_policy_attachment" "enroll" {
|
|
policy_arn = aws_iam_policy.enroll.arn
|
|
role = "${local.customer}-execution-role"
|
|
|
|
depends_on = [
|
|
module.loadtest
|
|
]
|
|
} |