Skip to content

Commit 46cddbd

Browse files
airadierairadier
authored
feat: allow specifying a SNS Topic to reuse existing CloudTrail (#36)
1 parent 655bacd commit 46cddbd

File tree

1 file changed

+31
-33
lines changed

1 file changed

+31
-33
lines changed

templates/CloudVision.yaml

Lines changed: 31 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ Metadata:
2424
- ExistentECSCluster
2525
- ExistentECSClusterVPC
2626
- ExistentECSClusterPrivateSubnets
27+
- ExistentCloudTrailSNSTopic
2728

2829
ParameterLabels:
2930
SysdigSecureEndpoint:
@@ -44,6 +45,8 @@ Metadata:
4445
default: "VPC Id"
4546
ExistentECSClusterPrivateSubnets:
4647
default: "Private subnet Id's"
48+
ExistentCloudTrailSNSTopic:
49+
default: "CloudTrail SNS Topic"
4750

4851
Parameters:
4952
CloudBenchDeploy:
@@ -86,6 +89,10 @@ Parameters:
8689
Type: List<String>
8790
Default: ""
8891
Description: Leave it blank to let us to deploy the infrastructure required for running Sysdig for Cloud
92+
ExistentCloudTrailSNSTopic:
93+
Type: String
94+
Default: ""
95+
Description: Leave it blank to let us to deploy the infrastructure required for running Sysdig for Cloud
8996

9097
SysdigSecureAPIToken:
9198
Type: String
@@ -95,40 +102,31 @@ Parameters:
95102
Default: "https://secure.sysdig.com"
96103

97104
Conditions:
98-
DeployECRImageScanning: !Equals [!Ref ECRImageScanningDeploy, "Yes"]
99-
DeployECSImageScanning: !Equals [!Ref ECSImageScanningDeploy, "Yes"]
100-
DeployCloudScanning: !Or [!Condition DeployECRImageScanning, !Condition DeployECSImageScanning]
105+
RequiresCloudTrail: !Equals [!Ref ExistentCloudTrailSNSTopic, ""]
106+
RequiresNewECSCluster: !Or
107+
- !Equals [!Ref ExistentECSCluster, ""]
108+
- !Equals [!Ref ExistentECSClusterVPC, ""]
109+
- !Equals [!Join [",", !Ref ExistentECSClusterPrivateSubnets], ""]
101110
DeployCloudConnector: !Equals [!Ref CloudConnectorDeploy, "Yes"]
102111
DeployCloudBench: !Equals [ !Ref CloudBenchDeploy, "Yes" ]
103-
DeployCloudTrail: !Or [!Condition DeployCloudScanning, !Condition DeployCloudConnector]
104-
RequiresNewECSCluster:
105-
Fn::Or:
106-
- Fn::Equals:
107-
- !Ref ExistentECSCluster
108-
- ""
109-
- Fn::Equals:
110-
- !Ref ExistentECSClusterVPC
111-
- ""
112-
- Fn::Equals:
113-
- !Join [",", !Ref ExistentECSClusterPrivateSubnets]
114-
- ""
112+
DeployCloudScanning: !Or
113+
- !Equals [!Ref ECRImageScanningDeploy, "Yes"]
114+
- !Equals [!Ref ECSImageScanningDeploy, "Yes"]
115+
DeployCloudTrail: !And
116+
- !Condition RequiresCloudTrail
117+
- !Or
118+
- !Condition DeployCloudConnector
119+
- !Condition DeployCloudScanning
115120
DeployNewECSCluster: !And
116-
- !Or
117-
- !Condition DeployCloudConnector
118-
- !Condition DeployCloudBench
119-
- !Condition DeployCloudScanning
120-
- !Condition RequiresNewECSCluster
121-
EndpointIsSaas:
122-
Fn::Or:
123-
- Fn::Equals:
124-
- !Ref SysdigSecureEndpoint
125-
- "https://secure.sysdig.com"
126-
- Fn::Equals:
127-
- !Ref SysdigSecureEndpoint
128-
- "https://eu1.app.sysdig.com"
129-
- Fn::Equals:
130-
- !Ref SysdigSecureEndpoint
131-
- "https://us2.app.sysdig.com"
121+
- !Condition RequiresNewECSCluster
122+
- !Or
123+
- !Condition DeployCloudConnector
124+
- !Condition DeployCloudScanning
125+
- !Condition DeployCloudBench
126+
EndpointIsSaas: !Or
127+
- !Equals [!Ref SysdigSecureEndpoint, "https://secure.sysdig.com"]
128+
- !Equals [!Ref SysdigSecureEndpoint, "https://eu1.app.sysdig.com"]
129+
- !Equals [!Ref SysdigSecureEndpoint, "https://us2.app.sysdig.com"]
132130

133131
Resources:
134132
S3ConfigBucket:
@@ -179,7 +177,7 @@ Resources:
179177
CloudBenchDeployed: !Ref CloudBenchDeploy
180178
ECRDeployed: !Ref ECRImageScanningDeploy
181179
ECSDeployed: !Ref ECSImageScanningDeploy
182-
CloudTrailTopic: !GetAtt ["CloudTrailStack", "Outputs.Topic"]
180+
CloudTrailTopic: !If [ DeployCloudTrail, !GetAtt ["CloudTrailStack", "Outputs.Topic"], !Ref ExistentCloudTrailSNSTopic ]
183181

184182
ScanningCodeBuildStack:
185183
Type: AWS::CloudFormation::Stack
@@ -205,7 +203,7 @@ Resources:
205203
ECRDeployed: !Ref ECRImageScanningDeploy
206204
ECSDeployed: !Ref ECSImageScanningDeploy
207205
BuildProject: !GetAtt [ "ScanningCodeBuildStack", "Outputs.BuildProject" ]
208-
CloudTrailTopic: !GetAtt ["CloudTrailStack", "Outputs.Topic"]
206+
CloudTrailTopic: !If [ DeployCloudTrail, !GetAtt ["CloudTrailStack", "Outputs.Topic"], !Ref ExistentCloudTrailSNSTopic ]
209207

210208
CloudBenchStack:
211209
Type: AWS::CloudFormation::Stack

0 commit comments

Comments
 (0)