This page contains instructions to onboard Sysdig Secure for cloud in an Agentless mode. This method of installation will only support CSPM.
- Compliance (newest module)
The following features will not work:
To install the full Secure for Cloud, please follow full installation instructions here.
AWS
Single Account
In a terminal window, ensure you are authenticated to the AWS account you would like to connect. If you have the AWS CLI installed, you can confirm which account you are targeting by running
aws sts get-caller-identitySave the following to a file named
main.tfon your local machine:terraform { required_providers { sysdig = { source = "sysdiglabs/sysdig" } } } provider "sysdig" { sysdig_secure_url = "<SYSDIG_URL>" sysdig_secure_api_token = "<SYSDIG_API_TOKEN>" } provider "aws" { region = "<AWS_REGION>" } module "sysdig-sfc-agentless" { source = "sysdiglabs/secure-for-cloud/aws//modules/services/cloud-bench" }Replace the following placeholders in
main.tf:SYSDIG_URL: Use the endpoint for the region in which your Sysdig Secure platform is installed:- US East:
https://secure.sysdig.com. - US West:
https://us2.app.sysdig.com - European Union:
https://eu1.app.sysdig.com
- US East:
SYSDIG_API_TOKEN: See Retrieve the Sysdig API Token to find yours.AWS_REGION: e.g.us-east-1The region where resources will be created in your AWS account by default. All resources created by this module are global, so this region can be set to any value.
Apply the Terraform by running
$ terraform initWhen complete, run:
$ terraform apply
Organization
In a terminal window, ensure you are authenticated to the AWS management account of the organization you would like to connect. If you have the AWS CLI installed, you can confirm which account you are targeting by running
aws sts get-caller-identitySave the following to a file named
main.tfon your local machine:terraform { required_providers { sysdig = { source = "sysdiglabs/sysdig" } } } provider "sysdig" { sysdig_secure_url = "<SYSDIG_URL>" sysdig_secure_api_token = "<SYSDIG_API_TOKEN>" } provider "aws" { region = "<AWS_REGION>" } module "sysdig-sfc-agentless" { source = "sysdiglabs/secure-for-cloud/aws//modules/services/cloud-bench" is_organizational = true }Replace the following placeholders in
main.tf:SYSDIG_URL: Use the endpoint for the region in which your Sysdig Secure platform is installed:- US East:
https://secure.sysdig.com. - US West:
https://us2.app.sysdig.com - European Union:
https://eu1.app.sysdig.com
- US East:
SYSDIG_API_TOKEN: See Retrieve the Sysdig API Token to find yours.AWS_REGION: e.g.us-east-1The region where resources will be created in your AWS account by default. All resources created by this module are global, so this region can be set to any value.
Apply the Terraform by running
$ terraform initWhen complete, run:
$ terraform apply
GCP
Single Project
In a terminal window, ensure you are authenticated to the GCP project you would like to connect. You can authenticate using the GCP CLI by running
gcloud auth application-default loginSave the following to a file named
main.tfon your local machine:terraform { required_providers { sysdig = { source = "sysdiglabs/sysdig" } } } provider "sysdig" { sysdig_secure_url = "<SYSDIG_URL>" sysdig_secure_api_token = "<SYSDIG_API_TOKEN>" } provider "google" { project = "<GCP_PROJECT_ID>" region = "<GCP_REGION>" } provider "google-beta" { project = "<GCP_PROJECT_ID>" region = "<GCP_REGION>" } module "sysdig-sfc-agentless" { source = "sysdiglabs/secure-for-cloud/google//modules/services/cloud-bench" project_id = "<GCP_PROJECT_ID>" }Replace the following placeholders in
main.tf:SYSDIG_URL: Use the endpoint for the region in which your Sysdig Secure platform is installed:- US East:
https://secure.sysdig.com. - US West:
https://us2.app.sysdig.com - European Union:
https://eu1.app.sysdig.com
- US East:
SYSDIG_API_TOKEN: See Retrieve the Sysdig API Token to find yours.GCP_REGION: e.g.us-east1The region where resources will be created in your GCP project by default.GCP_PROJECT_ID: The GCP Project ID that you are onboarding.
Apply the Terraform by running
$ terraform initWhen complete, run:
$ terraform apply
Organization
In a terminal window, ensure you are authenticated to the GCP project in which you would like to set up Identity Federation. You can authenticate using the GCP CLI by running
gcloud auth application-default loginSave the following to a file named
main.tfon your local machine:terraform { required_providers { sysdig = { source = "sysdiglabs/sysdig" } } } provider "sysdig" { sysdig_secure_url = "<SYSDIG_URL>" sysdig_secure_api_token = "<SYSDIG_API_TOKEN>" } provider "google" { project = "<GCP_PROJECT_ID>" region = "<GCP_REGION>" } provider "google-beta" { project = "<GCP_PROJECT_ID>" region = "<GCP_REGION>" } module "sysdig-sfc-agentless" { source = "sysdiglabs/secure-for-cloud/google//modules/services/cloud-bench-workload-identity" organization_domain = "<GCP_ORG_DOMAIN>" project_id = "<GCP_PROJECT_ID>" }Replace the following placeholders in
main.tf:SYSDIG_URL: Use the endpoint for the region in which your Sysdig Secure platform is installed:- US East:
https://secure.sysdig.com. - US West:
https://us2.app.sysdig.com - European Union:
https://eu1.app.sysdig.com
- US East:
SYSDIG_API_TOKEN: See Retrieve the Sysdig API Token to find yours.GCP_PROJECT_ID: The GCP Project ID where Identity Federation resources will be created.GCP_REGION: e.g.us-east1The region where resources will be created in your GCP project by default.GCP_ORG_DOMAIN: The domain of the GCP organization you are onboarding.
Apply the Terraform by running
$ terraform initWhen complete, run:
$ terraform apply
Azure
Single Subscription
In a terminal window, ensure you are authenticated to the Azure subscription you would like to connect. You can authenticate using the Azure CLI by running
az loginSave the following to a file named
main.tfon your local machine:terraform { required_providers { sysdig = { source = "sysdiglabs/sysdig" } } } provider "sysdig" { sysdig_secure_url = "<SYSDIG_URL>" sysdig_secure_api_token = "<SYSDIG_API_TOKEN>" } provider "azurerm" { features { } subscription_id = "<AZURE_SUBSCRIPTION_ID>" } module "sysdig-sfc-agentless" { source = "sysdiglabs/secure-for-cloud/azurerm//modules/services/cloud-bench" subscription_id = "<AZURE_SUBSCRIPTION_ID>" }Replace the following placeholders in
main.tf:SYSDIG_URL: Use the endpoint for the region in which your Sysdig Secure platform is installed:- US East:
https://secure.sysdig.com. - US West:
https://us2.app.sysdig.com - European Union:
https://eu1.app.sysdig.com
- US East:
SYSDIG_API_TOKEN: See Retrieve the Sysdig API Token to find yours.AZURE_SUBSCRIPTION_ID: The Azure Subscription ID that you are onboarding.
Apply the Terraform by running
$ terraform initWhen complete, run:
$ terraform apply
Tenant
In a terminal window, ensure you are authenticated to the Azure tenant you would like to connect. You can authenticate using the Azure CLI by running
az login --tenant <TENANT_ID>Save the following to a file named
main.tfon your local machine:terraform { required_providers { sysdig = { source = "sysdiglabs/sysdig" } } } provider "sysdig" { sysdig_secure_url = "<SYSDIG_URL>" sysdig_secure_api_token = "<SYSDIG_API_TOKEN>" } provider "azurerm" { features { } } module "sysdig-sfc-agentless" { source = "sysdiglabs/secure-for-cloud/azurerm//modules/services/cloud-bench" is_tenant = true }Replace the following placeholders in
main.tf:SYSDIG_URL: Use the endpoint for the region in which your Sysdig Secure platform is installed:- US East:
https://secure.sysdig.com. - US West:
https://us2.app.sysdig.com - European Union:
https://eu1.app.sysdig.com
- US East:
SYSDIG_API_TOKEN: See Retrieve the Sysdig API Token to find yours.
Apply the Terraform by running
$ terraform initWhen complete, run:
$ terraform apply