Legacy Agent-Based with CIEM
This script-based legacy installation option deploys agentless CSPM, plus agent-based Threat Detection and CIEM, for either a single account or an organizational account. If you want to add host scanning for Vulnerability Management, it is done in a seaparate step.
Install CSPM and Threat Detection with CIEM
Prerequisites
- Terraform installed
Gather the following:
- Sysdig Secure endpoint (by region)
- Sysdig API token
AWS Region
for example,us-east-1
The region where resources will be created in your AWS account by default. All resources created by this module are global, so this region can be set to any value.AWS Account ID
of the account in which compute resources will be deployed.
Single Account
Create a file called
sysdig.tf
with the following contents:terraform { required_providers { sysdig = { source = "sysdiglabs/sysdig" } } } provider "sysdig" { sysdig_secure_url = "<SYSDIG_SECURE_URL>" sysdig_secure_api_token = "<SYSDIG_SECURE_API_TOKEN>" } provider "aws" { region = "<AWS-REGION>; ex. us-east-1" } module "secure_for_cloud_aws_single_account_ecs" { source = "sysdiglabs/secure-for-cloud/aws//examples/single-account-ecs" }
Run
terraform init
.Run
terraform apply
After deploying, perform any necessary configuration steps and confirm the services are working.
Organizational Account
Create a file called
sysdig.tf
with the following contents:terraform { required_providers { sysdig = { source = "sysdiglabs/sysdig" } } } provider "sysdig" { sysdig_secure_url = "<SYSDIG_SECURE_URL>" sysdig_secure_api_token = "<SYSDIG_SECURE_API_TOKEN>" } provider "aws" { region = "<AWS_REGION> # same region in both providers. ex. us-east-1" } provider "aws" { alias = "member" region = "<AWS_REGION> # same region in both providers. ex. us-east-1" assume_role { role_arn = "arn:aws:iam::${ORG_MEMBER_SFC_ACCOUNT_ID}:role/OrganizationAccountAccessRole" } } module "secure_for_cloud_organizational" { providers = { aws.member = aws.member } source = "sysdiglabs/secure-for-cloud/aws//examples/organizational" sysdig_secure_for_cloud_member_account_id = "<ORG_MEMBER_SFC_ACCOUNT_ID>" }
Run
terraform init
.Run
terraform apply
Features and Resources on AWS
Agentless CSPM
Available as a stand-alone manual install or as part of the full install.
Resources Created
aws_cloudformation_stack_set
aws_cloudformation_stack_set_instance
aws_iam_role
aws_iam_role_policy_attachment
Threat Detection and CIEM
Resources Created
aws_apprunner_service
aws_cloudtrail
aws_cloudwatch_log_group
aws_cloudwatch_log_stream
aws_ecs_cluster
aws_ecs_service
aws_ecs_task_definition
aws_iam_access_key
aws_iam_role
aws_iam_role_policy
aws_iam_user
aws_iam_user_policy
aws_kms_alias
aws_kms_key
aws_resourcegroups_group
aws_s3_bucket
aws_s3_bucket_acl
aws_s3_bucket_lifecycle_configuration
aws_s3_bucket_policy
aws_s3_bucket_public_access_block
aws_security_group
aws_sns_topic
aws_sns_topic_policy
aws_sns_topic_subscription
aws_sqs_queue
aws_sqs_queue_policy
aws_ssm_parameter
Next Steps
Perform any necessary configuration steps.
Validate the services are working: go to Integrations > Data Sources |Cloud Accounts > AWS and review the status and details.
If desired, add vulnerability management agentless host scanning.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.