Skip to content

Commit 87b33f2

Browse files
retr0hJohn Dewey
andauthored
support fleet configuration (#9)
* support fleet configuration Ability to pair the sensor to Fleet. * pinned to v0.3.0 of terraform-config-sensor --------- Co-authored-by: John Dewey <john.dewey@corelight.com>
1 parent fff6227 commit 87b33f2

File tree

4 files changed

+62
-9
lines changed

4 files changed

+62
-9
lines changed

README.md

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,11 +23,11 @@ module "asg_lambda_role" {
2323
module "sensor" {
2424
source = "github.com/corelight/terraform-aws-sensor"
2525
26-
# Recommend deploying a sensor per availability zone. Multiple AZs can
26+
# Recommend deploying a sensor per availability zone. Multiple AZs can
2727
# be set but GWLB cross availability zone support is not recommended.
2828
auto_scaling_availability_zones = ["<availability zone>"]
2929
aws_key_pair_name = "<key pair name>"
30-
30+
3131
# Request access to Corelight sensor AMI from you Account Executive
3232
corelight_sensor_ami_id = "<sensor AMI ID>"
3333
license_key = "<your Corelight sensor license key>"
@@ -36,14 +36,19 @@ module "sensor" {
3636
community_string = "<password for the sensor api>"
3737
vpc_id = "<vpc where the sensor autoscaling group is deployed>"
3838
asg_lambda_iam_role_arn = module.asg_lambda_role.role_arn
39-
40-
# (Optional) ASG should have an instance profile when using
39+
40+
# (Optional) ASG should have an instance profile when using
4141
# the cloud enrichment feature
4242
enrichment_bucket_name = "<cloud enrichment s3 bucket name>"
4343
enrichment_bucket_region = "<cloud enrichment s3 bucket region>"
4444
enrichment_instance_profile_arn = aws_iam_instance_profile.corelight_sensor.arn
45+
46+
# Optional - Fleet Manager
47+
fleet_token = "<the pairing token from the Fleet UI>"
48+
fleet_url = "<the URL of the fleet instance from the Fleet UI>"
4549
}
4650
51+
4752
### Optional resources for enrichment
4853
module "enrichment_sensor_role" {
4954
source = "github.com/corelight/terraform-aws-enrichment//modules/iam/sensor"
@@ -67,4 +72,4 @@ Deployment examples can be found [here](examples).
6772

6873
The project is licensed under the [MIT][] license.
6974

70-
[MIT]: LICENSE
75+
[MIT]: LICENSE

examples/deployment/main.tf

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@ locals {
99
terraform : true,
1010
purpose : "Corelight"
1111
}
12+
fleet_token = "b1cd099ff22ed8a41abc63929d1db126"
13+
fleet_url = "https://fleet.example.com:1443/fleet/v1/internal/softsensor/websocket"
1214
}
1315

1416
data "aws_subnet" "management" {
@@ -38,6 +40,8 @@ module "sensor" {
3840
community_string = "<password for the sensor api>"
3941
vpc_id = local.vpc_id
4042
asg_lambda_iam_role_arn = module.asg_lambda_role.role_arn
43+
fleet_token = local.fleet_token
44+
fleet_url = local.fleet_url
4145

4246
tags = local.tags
4347
}
@@ -52,4 +56,4 @@ module "bastion" {
5256
public_ssh_allow_cidr_blocks = ["0.0.0.0/0"]
5357

5458
tags = local.tags
55-
}
59+
}

sensor_config.tf

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,14 @@
11
module "sensor_config" {
2-
source = "github.com/corelight/terraform-config-sensor?ref=v0.2.0"
2+
source = "github.com/corelight/terraform-config-sensor?ref=v0.3.0"
33

44
sensor_license = var.license_key
55
fleet_community_string = var.community_string
6+
fleet_token = var.fleet_token
7+
fleet_url = var.fleet_url
8+
fleet_server_sslname = var.fleet_server_sslname
9+
fleet_http_proxy = var.fleet_http_proxy
10+
fleet_https_proxy = var.fleet_https_proxy
11+
fleet_no_proxy = var.fleet_no_proxy
612
sensor_management_interface_name = "eth1"
713
sensor_monitoring_interface_name = "eth0"
814
base64_encode_config = true
@@ -12,4 +18,4 @@ module "sensor_config" {
1218
enrichment_bucket_name = var.enrichment_bucket_name
1319
enrichment_bucket_region = var.enrichment_bucket_region
1420
enrichment_cloud_provider_name = "aws"
15-
}
21+
}

variables.tf

Lines changed: 39 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -171,4 +171,42 @@ variable "tags" {
171171
description = "(optional) Any tags that should be applied to resources deployed by the module"
172172
type = object({})
173173
default = {}
174-
}
174+
}
175+
176+
variable "fleet_token" {
177+
type = string
178+
default = ""
179+
sensitive = true
180+
description = "(optional) the pairing token from the Fleet UI. Must be set if 'fleet_url' is provided"
181+
}
182+
183+
variable "fleet_url" {
184+
type = string
185+
default = ""
186+
description = "(optional) the URL of the fleet instance from the Fleet UI. Must be set if 'fleet_token' is provided"
187+
}
188+
189+
variable "fleet_server_sslname" {
190+
type = string
191+
default = "1.broala.fleet.product.corelight.io"
192+
description = "(optional) the SSL hostname for the fleet server"
193+
194+
}
195+
196+
variable "fleet_http_proxy" {
197+
type = string
198+
default = ""
199+
description = "(optional) the proxy URL for HTTP traffic from the fleet"
200+
}
201+
202+
variable "fleet_https_proxy" {
203+
type = string
204+
default = ""
205+
description = "(optional) the proxy URL for HTTPS traffic from the fleet"
206+
}
207+
208+
variable "fleet_no_proxy" {
209+
type = string
210+
default = ""
211+
description = "(optional) hosts or domains to bypass the proxy for fleet traffic"
212+
}

0 commit comments

Comments
 (0)