-
Notifications
You must be signed in to change notification settings - Fork 360
/
main.tf
95 lines (84 loc) · 2.95 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
}
provider "aws" {
default_tags {
tags = {
Example = "This is a demo of the Fleet terraform module"
}
}
}
resource "random_pet" "main" {}
module "main" {
source = "github.com/fleetdm/fleet//terraform?ref=tf-mod-root-v1.3.0"
certificate_arn = module.acm.acm_certificate_arn
vpc = {
name = random_pet.main.id
enable_dns_hostnames = module.vulnprocessing.enable_dns_hostnames
}
fleet_config = {
extra_environment_variables = concat(module.firehose-logging.fleet_extra_environment_variables, module.vulnprocessing.fleet_extra_environment_variables)
extra_iam_policies = module.firehose-logging.fleet_extra_iam_policies
}
}
module "acm" {
source = "terraform-aws-modules/acm/aws"
version = "4.3.1"
domain_name = "${random_pet.main.id}.example.com"
zone_id = data.aws_route53_zone.main.id
wait_for_validation = true
}
resource "aws_route53_record" "main" {
zone_id = data.aws_route53_zone.main.id
name = "${random_pet.main.id}.example.com"
type = "A"
alias {
name = module.main.byo-vpc.byo-db.alb.lb_dns_name
zone_id = module.main.byo-vpc.byo-db.alb.lb_zone_id
evaluate_target_health = true
}
}
data "aws_route53_zone" "main" {
name = "example.com."
private_zone = false
}
module "firehose-logging" {
source = "github.com/fleetdm/fleet//terraform/addons/logging-destination-firehose?ref=tf-mod-addon-logging-destination-firehose-v1.0.0"
osquery_results_s3_bucket = {
name = "${random_pet.main.id}-results"
}
osquery_status_s3_bucket = {
name = "${random_pet.main.id}-status"
}
}
module "vulnprocessing" {
source = "github.com/fleetdm/fleet//terraform/addons/vuln-processing?ref=tf-mod-addon-vuln-processing-v1.0.0"
customer_prefix = "fleet"
ecs_cluster = module.main.byo-vpc.byo-db.byo-ecs.cluster.cluster_arn
vpc_id = module.main.vpc.vpc_id
fleet_config = {
image = "fleetdm/fleet:v4.37.0"
database = {
password_secret_arn = module.main.byo-vpc.secrets.secret_arns["${var.rds_config.name}-database-password"]
user = module.main.byo-vpc.rds.db_instance_username
address = "${module.main.byo-vpc.rds.db_instance_endpoint}:${module.main.byo-vpc.rds.db_instance_port}"
database = module.main.byo-vpc.rds.db_instance_name
}
extra_environment_variables = {
FLEET_LOGGING_DEBUG = "true"
FLEET_LOGGING_JSON = "true"
}
extra_secrets = {
// FLEET_LICENSE_KEY: "secret_manager_license_key_arn" // note needed for some feature of vuln processing
}
networking = {
subnets = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].subnets
security_groups = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].security_groups
}
}
}