empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 17:05:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
c1a7b565f1
fleet/terraform/addons/osquery-perf/main.tf
Robert Fairburn 68673cfa6a
Initial osquery-perf terraform module addon (#9556) 
Added some outputs to re-use the execution and other iam roles in terraform module.
Added osquery-perf addon terraform module
2023-01-31 15:28:57 -06:00

80 lines
2.4 KiB
HCL
Raw Blame History

resource "aws_kms_key" "enroll_secret" {
deletion_window_in_days = 10
enable_key_rotation = true
}
resource "aws_kms_alias" "enroll_secret" {
name_prefix = "alias/${var.customer_prefix}-enroll-secret-key"
target_key_id = aws_kms_key.enroll_secret.key_id
}
resource "aws_secretsmanager_secret" "enroll_secret" {
name_prefix = "${var.customer_prefix}-enroll-secret"
kms_key_id = aws_kms_key.enroll_secret.arn
}
data "aws_secretsmanager_secret_version" "enroll_secret" {
secret_id = aws_secretsmanager_secret.enroll_secret.id
}
resource "aws_ecs_task_definition" "osquery_perf" {
family = "${var.customer_prefix}-osquery-perf"
network_mode = "awsvpc"
requires_compatibilities = ["FARGATE"]
execution_role_arn = var.ecs_execution_iam_role_arn
task_role_arn = var.ecs_iam_role_arn
cpu = 256
memory = 1024
container_definitions = jsonencode(
[
{
name = "osquery-perf"
image = var.osquery_perf_image
cpu = 256
memory = 512
mountPoints = []
volumesFrom = []
essential = true
ulimits = [
{
softLimit = 9999,
hardLimit = 9999,
name = "nofile"
}
]
networkMode = "awsvpc"
logConfiguration = {
logDriver = "awslogs"
options = var.logging_options
}
workingDirectory = "/go",
command = concat([
"/go/osquery-perf",
"-enroll_secret", data.aws_secretsmanager_secret_version.enroll_secret.secret_string,
"-host_count", "500",
"-server_url", var.server_url,
"--policy_pass_prob", "0.5",
"--start_period", "5m",
], var.extra_flags)
}
])
lifecycle {
create_before_destroy = true
}
}
resource "aws_ecs_service" "osquery_perf" {
name = "osquery_perf"
launch_type = "FARGATE"
cluster = var.ecs_cluster
task_definition = aws_ecs_task_definition.osquery_perf.arn
desired_count = var.loadtest_containers
deployment_minimum_healthy_percent = 100
deployment_maximum_percent = 200
network_configuration {
subnets = var.subnets
security_groups = var.security_groups
}
}
Reference in New Issue View Git Blame Copy Permalink