empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
c1a7b565f1
fleet/terraform/addons/osquery-perf
History
Robert Fairburn 68673cfa6a
Initial osquery-perf terraform module addon (#9556) 
Added some outputs to re-use the execution and other iam roles in terraform module.
Added osquery-perf addon terraform module
2023-01-31 15:28:57 -06:00
..
.header.md Initial osquery-perf terraform module addon (#9556) 2023-01-31 15:28:57 -06:00
.terraform-docs.yml Initial osquery-perf terraform module addon (#9556) 2023-01-31 15:28:57 -06:00
main.tf Initial osquery-perf terraform module addon (#9556) 2023-01-31 15:28:57 -06:00
README.md Initial osquery-perf terraform module addon (#9556) 2023-01-31 15:28:57 -06:00
variables.tf Initial osquery-perf terraform module addon (#9556) 2023-01-31 15:28:57 -06:00

README.md

osquery-perf addon

This addon adds osquery-perf hosts to the Fleet installation. These are generally used for loadtesting or other testing purposes. See https://github.com/fleetdm/fleet/tree/main/cmd/osquery-perf to learn more about osquery-perf itself.

This addon creates an AWS Secrets Manager secret that will be used to store the enroll secret that the osquery-perf hosts use to enroll into Fleet. This secret will need to have its SecretString populated with the enroll secret manually once everything is setup in order for the osquery-perf hosts to connect.

Below is an example implementation of the module:

module "osquery_perf" {
  source                     = "github.com/fleetdm/fleet//terraform/addons/osquery-perf?ref=main"
  customer_prefix            = "fleet"
  ecs_cluster                = module.main.byo-vpc.byo-db.byo-ecs.service.cluster
  subnets                    = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].subnets
  security_groups            = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].security_groups
  ecs_iam_role_arn           = module.main.byo-vpc.byo-db.byo-ecs.iam_role_arn
  ecs_execution_iam_role_arn = module.main.byo-vpc.byo-db.byo-ecs.execution_iam_role_arn
  server_url                 = "https://${aws_route53_record.main.fqdn}"
  osquery_perf_image         = local.osquery_perf_image
  extra_flags                = ["--os_templates", "mac10.14.6,ubuntu_22.04,windows_11"]
  logging_options            = module.main.byo-vpc.byo-db.byo-ecs.logging_config
}

Requirements

No requirements.

Providers

Name Version
aws n/a

Modules

No modules.

Resources

Name Type
aws_ecs_service.osquery_perf resource
aws_ecs_task_definition.osquery_perf resource
aws_kms_alias.enroll_secret resource
aws_kms_key.enroll_secret resource
aws_secretsmanager_secret.enroll_secret resource
aws_secretsmanager_secret_version.enroll_secret data source

Inputs

Name Description Type Default Required
customer_prefix customer prefix to use to namespace all resources string "fleet" no
ecs_cluster n/a string n/a yes
ecs_execution_iam_role_arn n/a string n/a yes
ecs_iam_role_arn n/a string n/a yes
extra_flags n/a list(string) [] no
loadtest_containers n/a number 1 no
logging_options n/a 
object({
    awslogs-group         = string
    awslogs-region        = string
    awslogs-stream-prefix = string
  })
 n/a yes
osquery_perf_image n/a string n/a yes
security_groups n/a list(string) n/a yes
server_url n/a string n/a yes
subnets n/a list(string) n/a yes

Outputs

No outputs.