feat: adds ability to change Lacework Server URL (#20)

* feat: Add Lacework Server Url * fix: Correct var SERVERURL -> SERVER_URL * fix: Correct var SERVERURL -> SERVER_URL * docs: Use EU url in example * style: Remove space * fix: Serverurl name * refactor: render Agent config.json When there are no settings, the config.json will look like this: ``` $ render_agent_config Updating the Lacework agent config.json file... { "tokens": { "AccessToken": "foo" }, "tags": {} } ``` Setting up TAGS: ``` $ TAGS='{"foo":"bar"}' $ render_agent_config Updating the Lacework agent config.json file... { "tokens": { "AccessToken": "foo" }, "tags": {"foo":"bar"} } ``` Setting up SERVER_URL: ``` $ SERVER_URL=bubulubu $ render_agent_config Updating the Lacework agent config.json file... { "tokens": { "AccessToken": "foo" }, "serverurl": "bubulubu", "tags": {"foo":"bar"} } ``` * refactor: setup_lacework_agent.sh script * docs: add custom server url example * docs: update all examples/ Signed-off-by: Darren Murray darren.murray@lacework.net Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
lacework · May 19, 2021 · 4c9f0a6 · 4c9f0a6
1 parent 74ed7cf
commit 4c9f0a6
Show file tree

Hide file tree

Showing 15 changed files with 345 additions and 72 deletions.
diff --git a/README.md b/README.md
@@ -15,6 +15,7 @@ A Terraform Module to create an AWS Systems Manager document for installing the
 | aws_resources_tags | A map/dictionary of Tags to be assigned to created AWS resources | `map(string)` | `{}` | no |
 | aws_resources_prefix | Prefix to use for created AWS resources | `string` | `""` | no |
 | lacework_access_token | The access token for the Lacework agent | `string` | `""` | no |
+| lacework_server_url | The server URL for the Lacework agent | `string` | `""` | no |
 
 ## Outputs
 

diff --git a/examples/access-lacework-token-via-provider/README.md b/examples/access-lacework-token-via-provider/README.md
@@ -3,3 +3,71 @@
 This example shows how to use the Terraform Provider for Lacework to create
 a new Lacework Agent Token and use it to deploy an AWS System Manager Command
 that can be used to install the Lacework Agent on a Linux EC2 instance.
+
+```hcl
+provider "aws" {
+  region = "us-east-1"
+}
+
+provider "lacework" {}
+
+resource "lacework_agent_access_token" "ssm_deployment" {
+  name        = "ssm-deployment"
+  description = "Used to deploy agents using AWS System Manager"
+}
+
+module "lacework_aws_ssm_agents_install" {
+  source  = "lacework/ssm-agent/aws"
+  version = "~> 0.4"
+
+  lacework_agent_tags = {
+    env = "dev"
+  }
+
+  aws_resources_tags = {
+    billing = "testing"
+    owner   = "myself"
+  }
+
+  lacework_access_token = lacework_agent_access_token.ssm_deployment.token
+}
+
+resource "aws_resourcegroups_group" "testing" {
+  name = "Testing"
+
+  resource_query {
+    query = jsonencode({
+      ResourceTypeFilters = [
+        "AWS::EC2::Instance"
+      ]
+
+      TagFilters = [
+        {
+          Key    = "environment"
+          Values = ["Testing"]
+        }
+      ]
+    })
+  }
+
+  tags = {
+    billing = "testing"
+    owner   = "myself"
+  }
+}
+
+resource "aws_ssm_association" "lacework_aws_ssm_agents_install_testing" {
+  association_name = "install-lacework-agents-testing-group"
+
+  name = module.lacework_aws_ssm_agents_install.ssm_document_name
+
+  targets {
+    key = "resource-groups:Name"
+    values = [
+      aws_resourcegroups_group.testing.name,
+    ]
+  }
+
+  compliance_severity = "HIGH"
+}
+```
diff --git a/examples/access-lacework-token-via-provider/main.tf b/examples/access-lacework-token-via-provider/main.tf
@@ -35,10 +35,8 @@ resource "aws_resourcegroups_group" "testing" {
 
       TagFilters = [
         {
-          Key = "environment"
-          Values = [
-            "Testing"
-          ]
+          Key    = "environment"
+          Values = ["Testing"]
         }
       ]
     })

diff --git a/examples/access-lacework-token-via-provider/versions.tf b/examples/access-lacework-token-via-provider/versions.tf
@@ -1,11 +1,11 @@
 terraform {
-  required_version = ">= 0.12.0"
+  required_version = ">= 0.12.31"
 
   required_providers {
     aws = "~> 3.0"
     lacework = {
       source  = "lacework/lacework"
-      version = "~> 0.2.13"
+      version = "~> 0.4"
     }
   }
 }
diff --git a/examples/custom-agent-build-hash/README.md b/examples/custom-agent-build-hash/README.md
@@ -0,0 +1,19 @@
+# AWS SSM Command using a Custom Agent Build Hash
+
+This example shows how to customize the version of the Lacework Agent
+that will be installed on the Linux EC2 intances.
+
+To get the Agent Build Hash (`lacework_agent_build_hash`) contact support@lacework.net.
+
+```hcl
+provider "aws" {
+  region = "us-west-2"
+}
+
+module "lacework_ssm_agents_install_custom_agent_build_hash" {
+  source  = "lacework/ssm-agent/aws"
+  version = "~> 0.4"
+
+  lacework_agent_build_hash = "3.7.2_2021-03-26_branch_123HASH"
+}
+```
diff --git a/examples/custom-agent-build-hash/main.tf b/examples/custom-agent-build-hash/main.tf
@@ -5,11 +5,7 @@ provider "aws" {
 module "lacework_ssm_agents_install_custom_agent_build_hash" {
   source = "../../"
 
-  lacework_agent_tags = {
-    env = "dev"
-  }
-
-  lacewwork_agent_build_hash = "3.7.2_2021-03-26_branch_123HASH"
+  lacework_agent_build_hash = "3.7.2_2021-03-26_branch_123HASH"
 }
 
 resource "aws_resourcegroups_group" "testing" {
@@ -41,7 +37,7 @@ resource "aws_resourcegroups_group" "testing" {
 resource "aws_ssm_association" "lacework_aws_ssm_agents_install_testing" {
   association_name = "install-lacework-agents-testing-group"
 
-  name = module.lacework_aws_ssm_agents_install.ssm_document_name
+  name = module.lacework_ssm_agents_install_custom_agent_build_hash.ssm_document_name
 
   targets {
     key = "resource-groups:Name"

diff --git a/examples/custom-server-url/README.md b/examples/custom-server-url/README.md
@@ -0,0 +1,17 @@
+# AWS SSM Command using a Custom Server URL
+
+This example shows how to customize the Agent Server URL for
+EU deployments.
+
+```hcl
+provider "aws" {
+  region = "us-west-2"
+}
+
+module "lacework_ssm_agents_install_custom_server_url" {
+  source  = "lacework/ssm-agent/aws"
+  version = "~> 0.4"
+
+  lacework_server_url   = "https://api.fra.lacework.net"
+}
+```
diff --git a/examples/custom-server-url/main.tf b/examples/custom-server-url/main.tf
@@ -0,0 +1,42 @@
+provider "aws" {
+  region = "us-west-2"
+}
+
+provider "lacework" {}
+
+resource "lacework_agent_access_token" "ssm_deployment" {
+  name        = "ssm-deployment"
+  description = "Used to deploy agents using AWS System Manager"
+}
+
+module "lacework_ssm_agents_install_custom_server_url" {
+  source = "../../"
+
+  lacework_access_token = lacework_agent_access_token.ssm_deployment.token
+  lacework_server_url   = "https://api.fra.lacework.net"
+}
+
+resource "aws_resourcegroups_group" "testing" {
+  name = "Testing"
+
+  resource_query {
+    query = jsonencode({
+      ResourceTypeFilters = [
+        "AWS::EC2::Instance"
+      ]
+    })
+  }
+}
+
+resource "aws_ssm_association" "lacework_aws_ssm_agents_install_testing" {
+  association_name = "install-lacework-agents-testing-group"
+
+  name = module.lacework_ssm_agents_install_custom_server_url.ssm_document_name
+
+  targets {
+    key = "resource-groups:Name"
+    values = [
+      aws_resourcegroups_group.testing.name,
+    ]
+  }
+}
diff --git a/examples/custom-server-url/versions.tf b/examples/custom-server-url/versions.tf
@@ -0,0 +1,11 @@
+terraform {
+  required_version = ">= 0.12.31"
+
+  required_providers {
+    aws = "~> 3.0"
+    lacework = {
+      source  = "lacework/lacework"
+      version = "~> 0.4"
+    }
+  }
+}
diff --git a/examples/default/README.md b/examples/default/README.md
@@ -1,3 +1,69 @@
 # Default AWS SSM command deployment
 
-This example deploys into AWS an AWS SSM Command that can be used to install the Lacework agent on a Linux EC2 instance.
+This example deploys into AWS an AWS SSM Command that can be used to install
+the Lacework agent on a Linux EC2 instance.
+
+```hcl
+provider "aws" {
+  region = "us-east-1"
+}
+
+module "lacework_aws_ssm_agents_install" {
+  source  = "lacework/ssm-agent/aws"
+  version = "~> 0.4"
+
+  lacework_agent_tags = {
+    env = "dev"
+  }
+
+  aws_resources_tags = {
+    billing = "testing"
+    owner   = "myself"
+  }
+}
+
+resource "aws_resourcegroups_group" "testing" {
+  name = "Testing"
+
+  resource_query {
+    query = jsonencode({
+      ResourceTypeFilters = [
+        "AWS::EC2::Instance"
+      ]
+
+      TagFilters = [
+        {
+          Key = "environment"
+          Values = [
+            "Testing"
+          ]
+        }
+      ]
+    })
+  }
+
+  tags = {
+    billing = "testing"
+    owner   = "myself"
+  }
+}
+
+resource "aws_ssm_association" "lacework_aws_ssm_agents_install_testing" {
+  association_name = "install-lacework-agents-testing-group"
+
+  name = module.lacework_aws_ssm_agents_install.ssm_document_name
+
+  targets {
+    key = "resource-groups:Name"
+    values = [
+      aws_resourcegroups_group.testing.name,
+    ]
+  }
+
+  parameters = {
+    Token = "my-lacework-token"
+  }
+
+  compliance_severity = "HIGH"
+}
+```
diff --git a/examples/default/versions.tf b/examples/default/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 0.12.0"
+  required_version = ">= 0.12.31"
 
   required_providers {
     aws = "~> 3.0"

diff --git a/main.tf b/main.tf
@@ -27,6 +27,12 @@ resource "aws_ssm_document" "setup_lacework_agent" {
         default     = jsonencode(var.lacework_agent_tags)
       }
 
+      Serverurl = {
+        type        = "String"
+        description = "The server URL for the Lacework agent"
+        default     = var.lacework_server_url
+      }
+
       Hash = {
         type        = "String"
         description = "An Agent build hash provided by Lacework"

diff --git a/scripts/ci_tests.sh b/scripts/ci_tests.sh
@@ -11,6 +11,8 @@ readonly project_name=terraform-aws-ssm-agent
 TEST_CASES=(
   examples/default
   examples/access-lacework-token-via-provider
+  examples/custom-agent-build-hash
+  examples/custom-server-url
 )
 
 log() {