feat: always deploy cc and bench (#58)

* feat: always deploy CC and bench, CS can be enabled or disabled

Author: hayk99

.gitignore

@@ -1,3 +1,4 @@
 packaged-template.yaml
 *.zip
-.idea/
+.idea/
+.DS_Store

templates/CloudVision.yaml

@@ -10,14 +10,12 @@ Metadata:
           - SysdigSecureEndpoint
           - SysdigSecureAPIToken
           - SysdigRoleName
-          - CreateSysdigRole
           - SysdigExternalID
           - SysdigTrustedIdentity
 
       - Label:
           default: "Modules to Deploy"
         Parameters:
-          - CloudConnectorDeploy
           - ECRImageScanningDeploy
           - ECSImageScanningDeploy
 
@@ -36,14 +34,10 @@ Metadata:
         default: "Sysdig Secure API Token"
       SysdigRoleName:
         default: "Sysdig Role Name"
-      CreateSysdigRole:
-        default: "Do you want to create Sysdig Role?"
       SysdigExternalID:
         default: "Sysdig External ID"
       SysdigTrustedIdentity:
         default: "Sysdig Trusted Identity"
-      CloudConnectorDeploy:
-        default: "Do you want to deploy Real-Time Threat Investigation based on CloudTrail?"
       ECRImageScanningDeploy:
         default: "Do you want to deploy ECR Image Registry Scanning?"
       ECSImageScanningDeploy:
@@ -58,13 +52,6 @@ Metadata:
         default: "CloudTrail SNS Topic"
 
 Parameters:
-  CloudConnectorDeploy:
-    Type: String
-    AllowedValues:
-      - "Yes"
-      - "No"
-    Default: "Yes"
-
   ECRImageScanningDeploy:
     Type: String
     AllowedValues:
@@ -112,40 +99,27 @@ Parameters:
     Type: String
     Default: ""
 
-  CreateSysdigRole:
-    Type: String
-    AllowedValues:
-      - "Yes"
-      - "No"
-    Default: "No"
-
 Conditions:
   RequiresCloudTrail: !Equals [!Ref ExistentCloudTrailSNSTopic, ""]
   RequiresNewECSCluster: !Or
     - !Equals [!Ref ExistentECSCluster, ""]
     - !Equals [!Ref ExistentECSClusterVPC, ""]
     - !Equals [!Join [",", !Ref ExistentECSClusterPrivateSubnets], ""]
-  DeployCloudConnector: !Equals [!Ref CloudConnectorDeploy, "Yes"]
   DeployCloudScanning: !Or
     - !Equals [!Ref ECRImageScanningDeploy, "Yes"]
     - !Equals [!Ref ECSImageScanningDeploy, "Yes"]
   ECRImageScanningDeploy: !Equals [ !Ref ECRImageScanningDeploy, "Yes"]
   ECSImageScanningDeploy: !Equals [ !Ref ECSImageScanningDeploy, "Yes"]
   DeployCloudTrail: !And
     - !Condition RequiresCloudTrail
-    - !Or
-      - !Condition DeployCloudConnector
-      - !Condition DeployCloudScanning
+    - !Condition DeployCloudScanning
   DeployNewECSCluster: !And
     - !Condition RequiresNewECSCluster
-    - !Or
-      - !Condition DeployCloudConnector
-      - !Condition DeployCloudScanning
+    - !Condition DeployCloudScanning
   EndpointIsSaas: !Or
     - !Equals [!Ref SysdigSecureEndpoint, "https://secure.sysdig.com"]
     - !Equals [!Ref SysdigSecureEndpoint, "https://eu1.app.sysdig.com"]
     - !Equals [!Ref SysdigSecureEndpoint, "https://us2.app.sysdig.com"]
-  RequireSysdigRole: !Equals [ !Ref CreateSysdigRole, "Yes" ]
 
 Resources:
   S3ConfigBucket:
@@ -209,7 +183,6 @@ Resources:
 
   CloudConnectorStack:
     Type: AWS::CloudFormation::Stack
-    Condition: DeployCloudConnector
     Properties:
       TemplateURL: ./CloudConnector.yaml
       Parameters:
@@ -228,7 +201,6 @@ Resources:
 
   CloudAgentlessRole:
     Type: AWS::CloudFormation::Stack
-    Condition: RequireSysdigRole
     Properties:
       TemplateURL: ./CloudAgentlessRole.yaml
       Parameters:

templates/Makefile

@@ -2,7 +2,7 @@ S3_BUCKET ?= "s4c-cft"
 S3_PREFIX ?= "test"
 # We need the REGION or the TemplateURLs might be created for a different region, resulting in a deployment error
 S3_REGION ?= "eu-west-1"
-SECURE_API_TOKEN=""
+SECURE_API_TOKEN ?= ""
 
 .PHONY: packaged-template.yaml
 
@@ -30,9 +30,7 @@ test: packaged-template.yaml
 		--parameter-overrides \
 			"SysdigSecureAPIToken=$(SECURE_API_TOKEN)" \
 			"ECRImageScanningDeploy=Yes" \
-			"ECSImageScanningDeploy=Yes" \
-			"CloudConnectorDeploy=Yes" \
-			"CreateSysdigRole=No"
+			"ECSImageScanningDeploy=Yes"
 
 ci: packaged-template.yaml
 	aws s3 cp ./packaged-template.yaml s3://$(S3_BUCKET)/$(S3_PREFIX)/entry-point.yaml