Agentless (CSPM Only)

This page contains instructions to onboard Sysdig Secure for cloud in an Agentless mode. This method of installation will only support CSPM.

The following features will not work:

To install the full Secure for Cloud, please follow full installation instructions here.

AWS

Single Account

  1. In a terminal window, ensure you are authenticated to the AWS account you would like to connect. If you have the AWS CLI installed, you can confirm which account you are targeting by running aws sts get-caller-identity

  2. Save the following to a file named main.tf on your local machine:

    terraform {
      required_providers {
        sysdig = {
          source = "sysdiglabs/sysdig"
        }
      }
    }
    
    provider "sysdig" {
      sysdig_secure_url       = "<SYSDIG_URL>"
      sysdig_secure_api_token = "<SYSDIG_API_TOKEN>"
    }
    
    provider "aws" {
      region = "<AWS_REGION>"
    }
    
    module "sysdig-sfc-agentless" {
      source = "sysdiglabs/secure-for-cloud/aws//modules/services/cloud-bench"
    }
    
  3. Replace the following placeholders in main.tf:

    • SYSDIG_URL: Use the endpoint for the region in which your Sysdig Secure platform is installed:
      • US East: https://secure.sysdig.com.
      • US West: https://us2.app.sysdig.com
      • European Union: https://eu1.app.sysdig.com
    • SYSDIG_API_TOKEN: See Retrieve the Sysdig API Token to find yours.
    • AWS_REGION: e.g. us-east-1 The region where resources will be created in your AWS account by default. All resources created by this module are global, so this region can be set to any value.
  4. Apply the Terraform by running

    $ terraform init
    

    When complete, run:

    $ terraform apply
    

Organization

  1. In a terminal window, ensure you are authenticated to the AWS management account of the organization you would like to connect. If you have the AWS CLI installed, you can confirm which account you are targeting by running aws sts get-caller-identity

  2. Save the following to a file named main.tf on your local machine:

    terraform {
      required_providers {
        sysdig = {
          source = "sysdiglabs/sysdig"
        }
      }
    }
    
    provider "sysdig" {
      sysdig_secure_url       = "<SYSDIG_URL>"
      sysdig_secure_api_token = "<SYSDIG_API_TOKEN>"
    }
    
    provider "aws" {
      region = "<AWS_REGION>"
    }
    
    module "sysdig-sfc-agentless" {
      source            = "sysdiglabs/secure-for-cloud/aws//modules/services/cloud-bench"
      is_organizational = true
    }
    
  3. Replace the following placeholders in main.tf:

    • SYSDIG_URL: Use the endpoint for the region in which your Sysdig Secure platform is installed:
      • US East: https://secure.sysdig.com.
      • US West: https://us2.app.sysdig.com
      • European Union: https://eu1.app.sysdig.com
    • SYSDIG_API_TOKEN: See Retrieve the Sysdig API Token to find yours.
    • AWS_REGION: e.g. us-east-1 The region where resources will be created in your AWS account by default. All resources created by this module are global, so this region can be set to any value.
  4. Apply the Terraform by running

    $ terraform init
    

    When complete, run:

    $ terraform apply
    

GCP

Single Project

  1. In a terminal window, ensure you are authenticated to the GCP project you would like to connect. You can authenticate using the GCP CLI by running gcloud auth application-default login

  2. Save the following to a file named main.tf on your local machine:

    terraform {
      required_providers {
        sysdig = {
          source = "sysdiglabs/sysdig"
        }
      }
    }
    
    provider "sysdig" {
      sysdig_secure_url       = "<SYSDIG_URL>"
      sysdig_secure_api_token = "<SYSDIG_API_TOKEN>"
    }
    
    
    provider "google" {
      project = "<GCP_PROJECT_ID>"
      region  = "<GCP_REGION>"
    }
    
    provider "google-beta" {
      project = "<GCP_PROJECT_ID>"
      region  = "<GCP_REGION>"
    }
    
    module "sysdig-sfc-agentless" {
      source     = "sysdiglabs/secure-for-cloud/google//modules/services/cloud-bench"
      project_id = "<GCP_PROJECT_ID>"
    }
    
  3. Replace the following placeholders in main.tf:

    • SYSDIG_URL: Use the endpoint for the region in which your Sysdig Secure platform is installed:
      • US East: https://secure.sysdig.com.
      • US West: https://us2.app.sysdig.com
      • European Union: https://eu1.app.sysdig.com
    • SYSDIG_API_TOKEN: See Retrieve the Sysdig API Token to find yours.
    • GCP_REGION: e.g. us-east1 The region where resources will be created in your GCP project by default.
    • GCP_PROJECT_ID: The GCP Project ID that you are onboarding.
  4. Apply the Terraform by running

    $ terraform init
    

    When complete, run:

    $ terraform apply
    

Organization

  1. In a terminal window, ensure you are authenticated to the GCP project in which you would like to set up Identity Federation. You can authenticate using the GCP CLI by running gcloud auth application-default login

  2. Save the following to a file named main.tf on your local machine:

    terraform {
      required_providers {
        sysdig = {
          source = "sysdiglabs/sysdig"
        }
      }
    }
    
    provider "sysdig" {
      sysdig_secure_url       = "<SYSDIG_URL>"
      sysdig_secure_api_token = "<SYSDIG_API_TOKEN>"
    }
    
    
    provider "google" {
      project = "<GCP_PROJECT_ID>"
      region  = "<GCP_REGION>"
    }
    
    provider "google-beta" {
      project = "<GCP_PROJECT_ID>"
      region  = "<GCP_REGION>"
    }
    
    module "sysdig-sfc-agentless" {
      source              = "sysdiglabs/secure-for-cloud/google//modules/services/cloud-bench-workload-identity"
      organization_domain = "<GCP_ORG_DOMAIN>"
      project_id          = "<GCP_PROJECT_ID>"
    }
    
  3. Replace the following placeholders in main.tf:

    • SYSDIG_URL: Use the endpoint for the region in which your Sysdig Secure platform is installed:
      • US East: https://secure.sysdig.com.
      • US West: https://us2.app.sysdig.com
      • European Union: https://eu1.app.sysdig.com
    • SYSDIG_API_TOKEN: See Retrieve the Sysdig API Token to find yours.
    • GCP_PROJECT_ID: The GCP Project ID where Identity Federation resources will be created.
    • GCP_REGION: e.g. us-east1 The region where resources will be created in your GCP project by default.
    • GCP_ORG_DOMAIN: The domain of the GCP organization you are onboarding.
  4. Apply the Terraform by running

    $ terraform init
    

    When complete, run:

    $ terraform apply
    

Azure

Single Subscription

  1. In a terminal window, ensure you are authenticated to the Azure subscription you would like to connect. You can authenticate using the Azure CLI by running az login

  2. Save the following to a file named main.tf on your local machine:

    terraform {
      required_providers {
        sysdig = {
          source = "sysdiglabs/sysdig"
        }
      }
    }
    
    provider "sysdig" {
      sysdig_secure_url       = "<SYSDIG_URL>"
      sysdig_secure_api_token = "<SYSDIG_API_TOKEN>"
    }
    
    provider "azurerm" {
      features { }
      subscription_id = "<AZURE_SUBSCRIPTION_ID>"
    }
    
    module "sysdig-sfc-agentless" {
      source          = "sysdiglabs/secure-for-cloud/azurerm//modules/services/cloud-bench"
      subscription_id = "<AZURE_SUBSCRIPTION_ID>"
    }
    
  3. Replace the following placeholders in main.tf:

    • SYSDIG_URL: Use the endpoint for the region in which your Sysdig Secure platform is installed:
      • US East: https://secure.sysdig.com.
      • US West: https://us2.app.sysdig.com
      • European Union: https://eu1.app.sysdig.com
    • SYSDIG_API_TOKEN: See Retrieve the Sysdig API Token to find yours.
    • AZURE_SUBSCRIPTION_ID: The Azure Subscription ID that you are onboarding.
  4. Apply the Terraform by running

    $ terraform init
    

    When complete, run:

    $ terraform apply
    

Tenant

  1. In a terminal window, ensure you are authenticated to the Azure tenant you would like to connect. You can authenticate using the Azure CLI by running az login --tenant <TENANT_ID>

  2. Save the following to a file named main.tf on your local machine:

    terraform {
      required_providers {
        sysdig = {
          source = "sysdiglabs/sysdig"
        }
      }
    }
    
    provider "sysdig" {
      sysdig_secure_url       = "<SYSDIG_URL>"
      sysdig_secure_api_token = "<SYSDIG_API_TOKEN>"
    }
    
    provider "azurerm" {
      features { }
    }
    
    module "sysdig-sfc-agentless" {
      source    = "sysdiglabs/secure-for-cloud/azurerm//modules/services/cloud-bench"
      is_tenant = true
    }
    
  3. Replace the following placeholders in main.tf:

    • SYSDIG_URL: Use the endpoint for the region in which your Sysdig Secure platform is installed:
      • US East: https://secure.sysdig.com.
      • US West: https://us2.app.sysdig.com
      • European Union: https://eu1.app.sysdig.com
    • SYSDIG_API_TOKEN: See Retrieve the Sysdig API Token to find yours.
  4. Apply the Terraform by running

    $ terraform init
    

    When complete, run:

    $ terraform apply