diff --git a/infrastructure/dogfood/terraform/aws-tf-module/main.tf b/infrastructure/dogfood/terraform/aws-tf-module/main.tf index cb4162bd43ac..8edc535bcddd 100644 --- a/infrastructure/dogfood/terraform/aws-tf-module/main.tf +++ b/infrastructure/dogfood/terraform/aws-tf-module/main.tf @@ -115,16 +115,16 @@ module "main" { } extra_iam_policies = concat(module.firehose-logging.fleet_extra_iam_policies, module.osquery-carve.fleet_extra_iam_policies, module.ses.fleet_extra_iam_policies) extra_execution_iam_policies = concat(module.mdm.extra_execution_iam_policies, [aws_iam_policy.sentry.arn]) #, module.saml_auth_proxy.fleet_extra_execution_policies) - extra_environment_variables = merge( + extra_environment_variables = merge( module.mdm.extra_environment_variables, module.firehose-logging.fleet_extra_environment_variables, module.osquery-carve.fleet_extra_environment_variables, module.ses.fleet_extra_environment_variables, local.extra_environment_variables, module.geolite2.extra_environment_variables, - # module.vuln-processing.extra_environment_variables + module.vuln-processing.extra_environment_variables ) - extra_secrets = merge(module.mdm.extra_secrets, local.sentry_secrets) + extra_secrets = merge(module.mdm.extra_secrets, local.sentry_secrets) # extra_load_balancers = [{ # target_group_arn = module.saml_auth_proxy.lb_target_group_arn # container_name = "fleet" @@ -254,7 +254,7 @@ module "migrations" { depends_on = [ module.geolite2 ] - source = "github.com/fleetdm/fleet//terraform/addons/migrations?ref=tf-mod-addon-migrations-v2.0.0" + source = "github.com/fleetdm/fleet//terraform/addons/migrations?ref=tf-mod-addon-migrations-v2.0.1" ecs_cluster = module.main.byo-vpc.byo-db.byo-ecs.service.cluster task_definition = module.main.byo-vpc.byo-db.byo-ecs.task_definition.family task_definition_revision = module.main.byo-vpc.byo-db.byo-ecs.task_definition.revision @@ -263,6 +263,7 @@ module "migrations" { ecs_service = module.main.byo-vpc.byo-db.byo-ecs.service.name desired_count = module.main.byo-vpc.byo-db.byo-ecs.appautoscaling_target.min_capacity min_capacity = module.main.byo-vpc.byo-db.byo-ecs.appautoscaling_target.min_capacity + vuln_service = module.vuln-processing.vuln_service_arn } module "mdm" { @@ -451,17 +452,17 @@ module "geolite2" { license_key = var.geolite2_license } -# module "vuln-processing" { -# source = "github.com/fleetdm/fleet//terraform/addons/external-vuln-scans?ref=tf-mod-addon-external-vuln-scans-v2.0.0" -# ecs_cluster = module.main.byo-vpc.byo-db.byo-ecs.service.cluster -# execution_iam_role_arn = module.main.byo-vpc.byo-db.byo-ecs.execution_iam_role_arn -# subnets = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].subnets -# security_groups = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].security_groups -# fleet_config = module.main.byo-vpc.byo-db.byo-ecs.fleet_config -# task_role_arn = module.main.byo-vpc.byo-db.byo-ecs.iam_role_arn -# awslogs_config = { -# group = module.main.byo-vpc.byo-db.byo-ecs.fleet_config.awslogs.name -# region = module.main.byo-vpc.byo-db.byo-ecs.fleet_config.awslogs.region -# prefix = module.main.byo-vpc.byo-db.byo-ecs.fleet_config.awslogs.prefix -# } -# } +module "vuln-processing" { + source = "github.com/fleetdm/fleet//terraform/addons/external-vuln-scans?ref=tf-mod-addon-external-vuln-scans-v2.0.2" + ecs_cluster = module.main.byo-vpc.byo-db.byo-ecs.service.cluster + execution_iam_role_arn = module.main.byo-vpc.byo-db.byo-ecs.execution_iam_role_arn + subnets = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].subnets + security_groups = module.main.byo-vpc.byo-db.byo-ecs.service.network_configuration[0].security_groups + fleet_config = module.main.byo-vpc.byo-db.byo-ecs.fleet_config + task_role_arn = module.main.byo-vpc.byo-db.byo-ecs.iam_role_arn + awslogs_config = { + group = module.main.byo-vpc.byo-db.byo-ecs.fleet_config.awslogs.name + region = module.main.byo-vpc.byo-db.byo-ecs.fleet_config.awslogs.region + prefix = module.main.byo-vpc.byo-db.byo-ecs.fleet_config.awslogs.prefix + } +}