sysdiglabs
diff --git a/‎modules/Makefile‎
Lines changed: 22 additions & 4 deletions b/‎modules/Makefile‎
Lines changed: 22 additions & 4 deletions
@@ -11,14 +11,16 @@ PARAM_TRUSTED_IDENTITY ?= arn:aws:iam:::role/$(PARAM_NAME_SUFFIX)
 PARAM_TARGET_EVENT_BUS_ARN ?= arn:aws:events:us-east-1::event-bus/default
 PARAM_BUCKET_ARN ?= arn:aws:s3:::cloudtrail-$(PARAM_NAME_SUFFIX)
 PARAM_REGIONS ?= us-east-1
+PARAM_LAMBDA_SCANNING_ENABLED ?= true
 
 .PHONY: validate lint deploy test clean
 validate: export AWS_PAGER=""
 validate:
-	aws cloudformation validate-template --template-body file://./foundational.cft.yaml
-	aws cloudformation validate-template --template-body file://./log_ingestion.events.cft.yaml
-	aws cloudformation validate-template --template-body file://./log_ingestion.s3.cft.yaml
-	aws cloudformation validate-template --template-body file://./volume_access.cft.yaml
+	aws --region us-east-1 cloudformation validate-template --template-body file://./foundational.cft.yaml
+	aws --region us-east-1 cloudformation validate-template --template-body file://./log_ingestion.events.cft.yaml
+	aws --region us-east-1 cloudformation validate-template --template-body file://./log_ingestion.s3.cft.yaml
+	aws --region us-east-1 cloudformation validate-template --template-body file://./volume_access.cft.yaml
+	aws --region us-east-1 cloudformation validate-template --template-body file://./vm_workload_scanning.cft.yaml
 
 lint:
 	cfn-lint *.cft.yaml
@@ -28,12 +30,15 @@ lint:
 	yq '.Resources.OrganizationRuleStackSet.Properties.TemplateBody' log_ingestion.events.cft.yaml | cfn-lint -
 	yq '.Resources.AccountStackSet.Properties.TemplateBody' volume_access.cft.yaml | cfn-lint -
 	yq '.Resources.OrganizationStackSet.Properties.TemplateBody' volume_access.cft.yaml | cfn-lint -
+	yq '.Resources.ScanningOrgNoLambdaRoleStackSet.Properties.TemplateBody' vm_workload_scanning.cft.yaml | cfn-lint -
+	yq '.Resources.ScanningOrgWithLambdaRoleStackSet.Properties.TemplateBody' vm_workload_scanning.cft.yaml | cfn-lint -
 
 publish:
 	aws s3 cp foundational.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/foundational.cft.yaml
 	aws s3 cp log_ingestion.s3.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/log_ingestion.s3.cft.yaml
 	aws s3 cp log_ingestion.events.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/log_ingestion.events.cft.yaml
 	aws s3 cp volume_access.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/volume_access.cft.yaml
+	aws s3 cp vm_workload_scanning.cft.yaml s3://$(S3_BUCKET)/modules/$(S3_PREFIX)/vm_workload_scanning.cft.yaml
 
 deploy:
 	aws cloudformation deploy \
@@ -83,10 +88,23 @@ deploy:
 			"IsOrganizational=$(PARAM_IS_ORGANIZATIONAL)" \
 			"OrganizationalUnitIDs=$(PARAM_ORGANIZATIONAL_UNIT_IDS)"
 
+	aws cloudformation deploy \
+		--stack-name $(STACK_NAME)-VMWorkloadScanning-$(PARAM_NAME_SUFFIX) \
+		--template-file vm_workload_scanning.cft.yaml \
+		--capabilities "CAPABILITY_NAMED_IAM" "CAPABILITY_AUTO_EXPAND" \
+		--parameter-overrides \
+			"NameSuffix=$(PARAM_NAME_SUFFIX)" \
+			"ExternalID=$(PARAM_EXTERNAL_ID)" \
+			"TrustedIdentity=$(PARAM_TRUSTED_IDENTITY)" \
+			"LambdaScanningEnabled"=$(PARAM_LAMBDA_SCANNING_ENABLED) \
+			"IsOrganizational=$(PARAM_IS_ORGANIZATIONAL)" \
+			"OrganizationalUnitIDs=$(PARAM_ORGANIZATIONAL_UNIT_IDS)"
+
 clean:
 	aws cloudformation delete-stack --stack-name $(STACK_NAME)-Foundational-$(PARAM_NAME_SUFFIX)
 	aws cloudformation delete-stack --stack-name $(STACK_NAME)-LogIngestion-EventBridge-$(PARAM_NAME_SUFFIX)
 	aws cloudformation delete-stack --stack-name $(STACK_NAME)-LogIngestion-S3-$(PARAM_NAME_SUFFIX)
 	aws cloudformation delete-stack --stack-name $(STACK_NAME)-VolumeAccess-$(PARAM_NAME_SUFFIX)
+	aws cloudformation delete-stack --stack-name $(STACK_NAME)-VMWorkloadScanning-$(PARAM_NAME_SUFFIX)