Skip to content

Levetty/terraform-aws-cloudbase

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

50 Commits
module/vm_scan
module/vm_scan
 
 
policies
policies
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

terraform-aws-cloudbase

Terraform aws module for Cloudbase

Usage

Allow only CPSM read actions

module "cloudbase" {
  source  = "Levetty/cloudbase/aws"

  external_id        = "xxx" # required
  role_name          = "Cloudbase" # optional: default value is "Cloudbase"
  cspm_policy_prefix = "CloudbaseCSPMPolicy_" # optional: default value is "CloudbaseCSPMPolicy_"

  allow_container_scan_permissions  = false # optional: if true, allow actions needed to scan container images. e.g) ecr:BatchGetImage
  allow_vm_scan_permissions         = false # optional: if true, allow actions needed to scan virtual machines. e.g) ec2:CreateSnapshots
  allow_function_scan_permissions   = false # optional: if true, allow actions needed to scan lambda functions. e.g) lambda:GetFunction
  allow_cloudtrail_read_permissions = false # optional: if true, allow managed policy AWSCloudTrail_ReadOnlyAccess
}

output cloudbase_role_arn {
  value       = module.cloudbase.role_arn
  description = "For input Cloudbase console."
}

Allow CPSM read actions and container scan actions

module "cloudbase" {
  source  = "Levetty/cloudbase/aws"

  external_id        = "xxx" # required
  role_name          = "Cloudbase" # optional: default value is "Cloudbase"
  cspm_policy_prefix = "CloudbaseCSPMPolicy_" # optional: default value is "CloudbaseCSPMPolicy_"

  allow_container_scan_permissions  = true  # optional: if true, allow actions needed to scan container images. e.g) ecr:BatchGetImage
  allow_vm_scan_permissions         = false # optional: if true, allow actions needed to scan virtual machines. e.g) ec2:CreateSnapshots
  allow_function_scan_permissions   = false # optional: if true, allow actions needed to scan lambda functions. e.g) lambda:GetFunction
  allow_cloudtrail_read_permissions = false # optional: if true, allow managed policy AWSCloudTrail_ReadOnlyAccess
}

output cloudbase_role_arn {
  value       = module.cloudbase.role_arn
  description = "For input Cloudbase console."
}

Allow all scan actions

module "cloudbase" {
  source  = "Levetty/cloudbase/aws"

  external_id        = "xxx" # required
  role_name          = "Cloudbase" # optional: default value is "Cloudbase"
  cspm_policy_prefix = "CloudbaseCSPMPolicy_" # optional: default value is "CloudbaseCSPMPolicy_"

  allow_container_scan_permissions  = true # optional: if true, allow actions needed to scan container images. e.g) ecr:BatchGetImage
  allow_vm_scan_permissions         = true # optional: if true, allow actions needed to scan virtual machines. e.g) ec2:CreateSnapshots
  allow_function_scan_permissions   = true # optional: if true, allow actions needed to scan lambda functions. e.g) lambda:GetFunction
  allow_cloudtrail_read_permissions = true # optional: if true, allow managed policy AWSCloudTrail_ReadOnlyAccess
}

output cloudbase_role_arn {
  value       = module.cloudbase.role_arn
  description = "For input Cloudbase console."
}

About

terraform aws module for cloudbase

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases 13

v0.12.0 Latest
Aug 22, 2024
+ 12 releases

Packages

No packages published

Contributors 7

Languages