empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Include execution policy for sentry secret (#10894)

Browse Source
This commit is contained in:
Robert Fairburn 2023-03-30 13:59:37 -05:00 committed by GitHub
parent b5e37ce056
commit e44be70600
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
infrastructure/dogfood/terraform/aws-tf-module/main.tf
View File

@ -88,7 +88,7 @@ module "main" {
}
}
extra_iam_policies = concat(module.firehose-logging.fleet_extra_iam_policies, module.osquery-carve.fleet_extra_iam_policies)
extra_execution_iam_policies = concat(module.mdm.extra_execution_iam_policies)
extra_execution_iam_policies = concat(module.mdm.extra_execution_iam_policies, [aws_iam_policy.sentry.arn])
extra_environment_variables = merge(module.mdm.extra_environment_variables, module.firehose-logging.fleet_extra_environment_variables, module.osquery-carve.fleet_extra_environment_variables, local.extra_environment_variables)
extra_secrets = merge(module.mdm.extra_secrets, local.sentry_secrets)
}
@ -157,6 +157,20 @@ resource "aws_secretsmanager_secret_version" "sentry" {
})
}
resource "aws_iam_policy" "sentry" {
name = "fleet-sentry-secret-policy"
policy = data.aws_iam_policy_document.sentry.json
}
data "aws_iam_policy_document" "sentry" {
statement {
actions = [
"secretsmanager:GetSecretValue",
]
resources = [aws_secretsmanager_secret.sentry.arn]
}
}
module "migrations" {
source = "github.com/fleetdm/fleet//terraform/addons/migrations?ref=main"
ecs_cluster = module.main.byo-vpc.byo-db.byo-ecs.service.cluster