Skip to content

falcosecurity/falco-aws-terraform

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
examples/single-account
examples/single-account
 
 
modules/infrastructure
modules/infrastructure
 
 
LICENSE
LICENSE
 
 
OWNERS
OWNERS
 
 
README.md
README.md
 
 
presubmit.sh
presubmit.sh
 
 

Repository files navigation

Terraform Module for Falco AWS Resources.

Terraform Module for Falco AWS Resources

Falco Ecosystem Repository Incubating

Quick Start

The examples/single-account directory can be used to create self-contained AWS Resources (Cloudtrail + S3 + SNS + SQS) that track cloud events and make them accessible to the cloudtrail plugin:

$ aws configure get region
<some aws region e.g. us-east-1, eu-west-1>
$ aws sts get-caller-identity
{
    "UserId": "XXXX",
    "Account": "NNNNN",
    "Arn": "arn:aws:iam::NNNN:YYYYY"
}
$ cd examples/single-account
$ terraform init
$ terraform validate
$ terraform apply
...
Apply complete! Resources: 14 added, 0 changed, 0 destroyed.

Outputs:

cloudtrail_sns_subscribed_sqs_arn = "arn:aws:sqs:ZZZZ"
cloudtrail_sns_subscribed_sqs_url = "https://sqs.<REGION>.amazonaws.com/.../<QUEUE NAME>"

The <QUEUE_NAME> can then be used in the cloudtrail configuration for the open_params value:

plugins:
  - name: cloudtrail
    library_path: libcloudtrail.so
    init_config: ""
    open_params: "sqs://<QUEUE NAME>"
...
load_plugins: [cloudtrail]

Documentation

See README.md in examples/single-account or any of the modules/* subdirectories.

About

Terraform Module for Falco AWS Resources

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

6 stars

Watchers

5 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages