A Terraform Module to create an ECS Task Definition and Daemon Service for deploying the Lacework Datacollector Agent in an Elastic Container Service (ECS) cluster.
The main.tf file will configure an ECS Task Definition which will then be used to run the Lacework Datacollector container.
The main.tf file will configure a daemon Service within the specified ECS Cluster which will run the Task Definition above.
| Name | Version |
|---|---|
| terraform | >= 0.14 |
| aws | >= 5.0 |
| lacework | ~> 1.18 |
| random | >= 2.1 |
| Name | Version |
|---|---|
| aws | >= 5.0 |
| lacework | ~> 1.18 |
| random | >= 2.1 |
No modules.
| Name | Type |
|---|---|
| aws_ecs_service.lacework_datacollector | resource |
| aws_ecs_task_definition.lacework_datacollector | resource |
| aws_iam_policy.ssm_parameter_store_policy | resource |
| aws_iam_role.ecs_execution | resource |
| aws_iam_role_policy_attachment.ecs_task_execution_policy_attachment | resource |
| aws_iam_role_policy_attachment.ssm_parameter_store_iam_role_policy | resource |
| aws_ssm_parameter.lacework_access_token | resource |
| random_id.uniq | resource |
| aws_iam_policy_document.ssm_parameter_store_policy | data source |
| lacework_metric_module.lwmetrics | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| ecs_cluster_arn | The ARN of the ECS cluster in which to deploy the Lacework agent | string |
n/a | yes |
| ecs_launch_type | The desired launch type for the Lacework agent ECS Service | string |
"EC2" |
no |
| ecs_service_name | The desired name for the Lacework agent ECS Service | string |
"" |
no |
| ecs_task_family_name | The desired name for the Lacework agent ECS Task Definition | string |
"" |
no |
| iam_role_arn | The IAM role ARN to use when use_existing_iam_role is true |
string |
"" |
no |
| iam_role_name | The IAM role name to use when use_existing_iam_role is false |
string |
"" |
no |
| iam_role_tags | The tags to apply to a created IAM role | map(string) |
{} |
no |
| lacework_access_token | The access token for the Lacework agent | string |
n/a | yes |
| lacework_datacollector_image | The image used to deploy the Lacework datacollector. | string |
"lacework/datacollector:latest" |
no |
| lacework_server_url | The server URL for the Lacework agent | string |
"" |
no |
| lacework_task_cpu | The quantity of CPU units to assign to the task | string |
"512" |
no |
| lacework_task_mem | The quantity of Memory (MiB) to assign to the task | string |
"512" |
no |
| resource_prefix | A prefix that will be use at the beginning of every generated resource | string |
"lacework-ecs" |
no |
| ssm_parameter_arn | An existing SSM parameter ARN. Can be used when use_ssm_parameter_store is true |
string |
"" |
no |
| ssm_parameter_encrypted | Set this to true if the SSM parameter is/should be encrypted |
bool |
false |
no |
| ssm_parameter_kms_arn | The ARN of the KMS key to use when ssm_parameter_encrypted is true |
string |
"" |
no |
| ssm_parameter_name | The name to use for the Lacework agent access token when using SSM | string |
"/lacework/access_token" |
no |
| use_existing_iam_role | Set this to true to use an existing IAM role |
bool |
false |
no |
| use_ssm_parameter_store | Set this to true to use SSM to store the Lacework agent access token |
bool |
false |
no |
| Name | Description |
|---|---|
| iam_role_arn | ARN of the IAM Role |
| lacework_datacollector_service_arn | ARN of the created Service |
| lacework_datacollector_task_definition_arn | ARN of the created Task Definition |
| ssm_parameter_arn | The ARN of the SSM Parameter |