Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/deepfence/terraform-aws-cloud-scanner
Deepfence Cloud Scanner runs in your cloud environment, gathering inventory and compliance information for the assets deployed in that environment. It submits that information to your Deepfence ThreatMapper or ThreatStryker Management Console
https://github.com/deepfence/terraform-aws-cloud-scanner
aws terraform
Last synced: about 1 month ago
JSON representation
Deepfence Cloud Scanner runs in your cloud environment, gathering inventory and compliance information for the assets deployed in that environment. It submits that information to your Deepfence ThreatMapper or ThreatStryker Management Console
- Host: GitHub
- URL: https://github.com/deepfence/terraform-aws-cloud-scanner
- Owner: deepfence
- License: apache-2.0
- Created: 2022-07-27T17:35:49.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-11-06T10:12:13.000Z (about 2 months ago)
- Last Synced: 2024-11-06T11:20:38.440Z (about 2 months ago)
- Topics: aws, terraform
- Language: HCL
- Homepage:
- Size: 122 KB
- Stars: 35
- Watchers: 7
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Cloud Scanner for AWS by Deepfence
This module deploys Deepfence cloud scanner for AWS by creating underlying resources in AWS.
### Notice
* **Deployment cost** This example will create resources that cost money.
Run `terraform destroy` when you don't need them anymore## Required Permissions
### Provisioning Permissions
User deploying the resources needs the below access on AWS-
- ECS
- VPC
- CloudWatch
- IAM## Usage
### - Single-Account on ECS
Deepfence workload will be deployed in the same account where user's resources will be watched.
Please check out below to implement the same:
- [`./examples/single-account-ecs`](https://github.com/deepfence/terraform-aws-cloud-scanner/tree/main/examples/single-account-ecs)
### - Organizational
Deepfence workload will be deployed in a separate member account while scanning will be done in multiple member accounts.
Following is the method to deploy the same:
- [`./examples/organizational-deploy-with-member-account-read-only-access-creation`](https://github.com/deepfence/terraform-aws-cloud-scanner/tree/main/examples/organizational-deploy-with-member-account-read-only-access-creation)
## Authors
Module is maintained and supported by [Deepfence](https://deepfence.io/).
## License
Apache 2 Licensed. See LICENSE for full details.