Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cyralinc/terraform-aws-repo-crawler

Cyral Repo Crawler module for AWS
https://github.com/cyralinc/terraform-aws-repo-crawler

aws cyral terraform terraform-module

Last synced: 1 day ago
JSON representation

Cyral Repo Crawler module for AWS

Host: GitHub
URL: https://github.com/cyralinc/terraform-aws-repo-crawler
Owner: cyralinc
License: apache-2.0
Created: 2022-11-10T19:57:34.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2024-07-10T18:39:49.000Z (4 months ago)
Last Synced: 2024-07-10T21:58:27.194Z (4 months ago)
Topics: aws, cyral, terraform, terraform-module
Language: HCL
Homepage: https://registry.terraform.io/modules/cyralinc/repo-crawler/aws/latest
Size: 38.1 KB
Stars: 0
Watchers: 1
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        

# Cyral Repo Crawler AWS module for Terraform

This is a Terraform module to install the Cyral Repo Crawler as an AWS

Lambda function, including all of its dependencies such as IAM permissions,

a DynamoDB cache, etc.

Addtional resources will need to be created to trigger it with the correct parameters. Most importantly an Event Bridge rule with configuration.

See the [Deployments](./DEPLOYMENT.md) for usage details.

## Requirements

| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 0.14 |

|  [aws](#requirement\_aws) | >= 4.0, < 6.0.0 |

|  [random](#requirement\_random) | ~> 3.1 |

## Providers

| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | >= 4.0, < 6.0.0 |

|  [random](#provider\_random) | ~> 3.1 |

## Modules

No modules.

## Resources

| Name | Type |

|------|------|

| [aws_dynamodb_table.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |

| [aws_iam_role.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |

| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |

| [aws_secretsmanager_secret.cyral_secret](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |

| [aws_secretsmanager_secret_version.cyral_secret_version](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |

| [aws_security_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |

| [random_id.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |

| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |

| [aws_iam_policy_document.assume_role_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_iam_policy_document.execution_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |

| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |

| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |

## Inputs

| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [control\_plane\_grpc\_port](#input\_control\_plane\_grpc\_port) | The TCP/IP port for the Cyral Control Plane gRPC API (default: 443). | `number` | `443` | no |

|  [control\_plane\_host](#input\_control\_plane\_host) | The host for the Cyral Control Plane API, e.g. tenant.app.cyral.com. | `string` | n/a | yes |

|  [control\_plane\_rest\_port](#input\_control\_plane\_rest\_port) | The TCP/IP port for the Cyral Control Plane REST API. (default: 443) | `number` | `443` | no |

|  [crawler\_name](#input\_crawler\_name) | The name of the Repo Crawler Lambda function. If omitted, it will default
    to `cyral-repo-crawler-16 character random alphanumeric string`. | `string` | `""` | no |

|  [crawler\_version](#input\_crawler\_version) | The version of the Cyral Repo Crawler to use, e.g. v1.2.3. | `string` | n/a | yes |

|  [cyral\_client\_id](#input\_cyral\_client\_id) | The client ID to connect to the Cyral API. This is REQUIRED if the
    `cyral_secret_arn` variable is empty. | `string` | `""` | no |

|  [cyral\_client\_secret](#input\_cyral\_client\_secret) | The client secret to connect to the Cyral API. This is REQUIRED if the
    `cyral_secret_arn` variable is empty. | `string` | `""` | no |

|  [cyral\_secret\_arn](#input\_cyral\_secret\_arn) | ARN of the entry in AWS Secrets Manager that stores the secret containing
    the credentials for the Cyral API. Either this OR the `cyral_client_id` and
    `cyral_client_secret` variables are REQUIRED. If empty, the
    `cyral_client_id` and `cyral_client_secret` variables MUST both be
    provided, and a new secret will be created in AWS Secrets Manager. | `string` | `""` | no |

|  [dynamodb\_cache\_table\_name\_suffix](#input\_dynamodb\_cache\_table\_name\_suffix) | The suffix for the DynamoDB table name used for the classification cache.
    The full table will be prefixed with the Lambda function name
    (default: cyralRepoCrawlerCache). | `string` | `"cyralRepoCrawlerCache"` | no |

|  [repo\_secret\_arns](#input\_repo\_secret\_arns) | Secret ARN's to provide get access for the lambda. | `list(string)` | n/a | yes |

|  [subnet\_ids](#input\_subnet\_ids) | The subnets that the Repo Crawler Lambda function will be deployed to. All
    subnets must be able to reach both the Cyral Control Plane and the database
    being crawled. These subnets must also support communication with
    CloudWatch and Secrets Manager, therefore outbound internet access is
    likely required. | `list(string)` | 
[
  ""
] | no |

|  [timeout](#input\_timeout) | The timeout of the Repo Crawler Lambda function, in seconds. | `number` | `300` | no |

|  [vpc\_id](#input\_vpc\_id) | The VPC the lambda will be attached to. | `string` | `""` | no |

## Outputs

| Name | Description |

|------|-------------|

|  [repo\_crawler\_aws\_security\_group\_id](#output\_repo\_crawler\_aws\_security\_group\_id) | The Amazon Security Group ID of the Repo Crawler Lambda function. |

|  [repo\_crawler\_lambda\_function\_arn](#output\_repo\_crawler\_lambda\_function\_arn) | The Amazon Resource Name (ARN) of the Repo Crawler Lambda function. |

|  [repo\_crawler\_lambda\_function\_name](#output\_repo\_crawler\_lambda\_function\_name) | n/a |