-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathmain.tf
94 lines (78 loc) · 2.5 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
locals {
version_file = "${abspath(path.module)}/VERSION"
module_name = "terraform-aws-ssm-agent"
module_version = fileexists(local.version_file) ? file(local.version_file) : ""
}
resource "aws_ssm_document" "setup_lacework_agent" {
name = "${var.aws_resources_prefix}setup-lacework-agent"
document_type = "Command"
target_type = "/AWS::EC2::Instance"
content = jsonencode({
schemaVersion = "2.2"
description = "Setup the Lacework agent on a Linux instance"
parameters = {
LaceworkInstallPath = {
type = "String"
description = "The expected Lacework installation path"
default = "/var/lib/lacework"
}
LaceworkTempPath = {
type = "String"
description = "The temporary path for the Lacework installation script"
default = var.lacework_agent_temp_path
}
Token = {
type = "String"
description = "The access token for the Lacework agent"
default = var.lacework_access_token
}
Tags = {
type = "String"
description = "The Lacework agent tags"
default = jsonencode(var.lacework_agent_tags)
}
Serverurl = {
type = "String"
description = "The server URL for the Lacework agent"
default = var.lacework_server_url
}
Hash = {
type = "String"
description = "An Agent build hash provided by Lacework"
default = var.lacework_agent_build_hash
}
EnableDefaultSyscallConfig = {
type = "String"
description = "A flag to enable the default syscall config"
default = var.lacework_enable_default_syscall_config
}
AdditionalConfig = {
type = "String"
description = "Additional configuration parameters for the Lacework agent"
default = length(var.lacework_agent_configuration) == 0 ? "" : jsonencode(var.lacework_agent_configuration)
}
}
mainSteps = [
{
action = "aws:runShellScript"
name = "SetupLaceworkAgent"
precondition = {
StringEquals = [
"platformType",
"Linux",
]
}
inputs = {
runCommand = [
file("${path.module}/setup_lacework_agent.sh"),
]
}
}
]
})
tags = var.aws_resources_tags
}
data "lacework_metric_module" "lwmetrics" {
name = local.module_name
version = local.module_version
}