diff --git a/templates_apprunner/CloudConnector.yaml b/templates_apprunner/CloudConnector.yaml index 69057b7..212947f 100644 --- a/templates_apprunner/CloudConnector.yaml +++ b/templates_apprunner/CloudConnector.yaml @@ -48,12 +48,20 @@ Parameters: - "No" Default: "Yes" Description: Whether to deploy ECS Image Scanning or not + UseScanningV2: + Type: String + AllowedValues: + - "Yes" + - "No" + Default: "No" + Description: Whether to deploy Image Scanner V2 Conditions: VerifySSL: !Equals [ !Ref VerifySSL, "Yes" ] DeployCloudScanning: !Equals [ !Ref DeployCloudScanning, "Yes"] ECRImageScanningDeploy: !Equals [ !Ref ECRImageScanningDeploy, "Yes"] ECSImageScanningDeploy: !Equals [ !Ref ECSImageScanningDeploy, "Yes"] + UseScanningV2: !Equals [ !Ref UseScanningV2, "Yes"] Resources: @@ -125,26 +133,29 @@ Resources: - DeployCloudScanning - !Sub - | - ${ECRCode} ${ECSCode} - ECRCode: 'Fn::If': - ECRImageScanningDeploy - - !Sub | - - - aws-ecr: - codeBuildProject: ${BuildProject} - secureAPITokenSecretName: ${SysdigSecureAPITokenSsm} + - !If + - UseScanningV2 + - "- aws-ecr-inline: {}" + - !Sub | + - aws-ecr: + codeBuildProject: ${BuildProject} + secureAPITokenSecretName: ${SysdigSecureAPITokenSsm} - "" ECSCode: 'Fn::If': - ECSImageScanningDeploy - - !Sub | - - - aws-ecs: - codeBuildProject: ${BuildProject} - secureAPITokenSecretName: ${SysdigSecureAPITokenSsm} + - !If + - UseScanningV2 + - "- aws-ecs-inline: {}" + - !Sub | + - aws-ecs: + codeBuildProject: ${BuildProject} + secureAPITokenSecretName: ${SysdigSecureAPITokenSsm} - "" - "[]" diff --git a/templates_apprunner/SecureForCloudAppRunner.yaml b/templates_apprunner/SecureForCloudAppRunner.yaml index 3908521..f18cbe5 100644 --- a/templates_apprunner/SecureForCloudAppRunner.yaml +++ b/templates_apprunner/SecureForCloudAppRunner.yaml @@ -41,8 +41,17 @@ Metadata: default: "Do you want to deploy Fargate Image Scanning?" ExistentCloudTrailSNSTopic: default: "CloudTrail SNS Topic" + UseScanningV2: + default: "Do you want to use image scanner version 2?" Parameters: + UseScanningV2: + Type: String + AllowedValues: + - "Yes" + - "No" + Default: "No" + ECRImageScanningDeploy: Type: String AllowedValues: @@ -98,6 +107,7 @@ Conditions: - !Equals [!Ref SysdigSecureEndpoint, "https://secure.sysdig.com"] - !Equals [!Ref SysdigSecureEndpoint, "https://eu1.app.sysdig.com"] - !Equals [!Ref SysdigSecureEndpoint, "https://us2.app.sysdig.com"] + UseScanningV2: !Equals [ !Ref UseScanningV2, "Yes" ] Resources: SysdigConfigLoggingBucket: @@ -154,6 +164,7 @@ Resources: DeployCloudScanning: !If [ DeployCloudScanning, "Yes", "No" ] ECRImageScanningDeploy: !If [ ECRImageScanningDeploy, "Yes", "No"] ECSImageScanningDeploy: !If [ ECSImageScanningDeploy, "Yes", "No"] + UseScanningV2: !If [ UseScanningV2, "Yes", "No"] CloudAgentlessRole: Type: AWS::CloudFormation::Stack diff --git a/templates_ecs/CloudConnector.yaml b/templates_ecs/CloudConnector.yaml index fa794d4..658cb37 100644 --- a/templates_ecs/CloudConnector.yaml +++ b/templates_ecs/CloudConnector.yaml @@ -48,21 +48,29 @@ Parameters: AllowedValues: - "Yes" - "No" - Default: "Yes" + Default: "No" Description: Whether to deploy ECR Image Scanning or not ECSImageScanningDeploy: Type: String AllowedValues: - "Yes" - "No" - Default: "Yes" + Default: "No" Description: Whether to deploy ECS Image Scanning or not + UseScanningV2: + Type: String + AllowedValues: + - "Yes" + - "No" + Default: "No" + Description: Whether to deploy Image Scanner V2 Conditions: VerifySSL: !Equals [ !Ref VerifySSL, "Yes" ] DeployCloudScanning: !Equals [ !Ref DeployCloudScanning, "Yes"] ECRImageScanningDeploy: !Equals [ !Ref ECRImageScanningDeploy, "Yes"] ECSImageScanningDeploy: !Equals [ !Ref ECSImageScanningDeploy, "Yes"] + UseScanningV2: !Equals [ !Ref UseScanningV2, "Yes"] Resources: @@ -224,41 +232,40 @@ Resources: "Fn::Base64": !Sub - | - rules: - - s3: - bucket: ${S3ConfigBucket} - path: rules + rules: [] ingestors: - cloudtrail-sns-sqs: queueURL: ${CloudTrailQueue} scanners: ${Scanners} - - S3ConfigBucket: !Ref S3ConfigBucket - CloudTrailQueue: !Ref CloudTrailQueue + - CloudTrailQueue: !Ref CloudTrailQueue Scanners: 'Fn::If': - DeployCloudScanning - !Sub - | - ${ECRCode} ${ECSCode} - ECRCode: 'Fn::If': - ECRImageScanningDeploy - - !Sub | - - - aws-ecr: - codeBuildProject: ${BuildProject} - secureAPITokenSecretName: ${SysdigSecureAPITokenSsm} + - !If + - UseScanningV2 + - "- aws-ecr-inline: {}" + - !Sub | + - aws-ecr: + codeBuildProject: ${BuildProject} + secureAPITokenSecretName: ${SysdigSecureAPITokenSsm} - "" ECSCode: 'Fn::If': - ECSImageScanningDeploy - - !Sub | - - - aws-ecs: - codeBuildProject: ${BuildProject} - secureAPITokenSecretName: ${SysdigSecureAPITokenSsm} + - !If + - UseScanningV2 + - "- aws-ecs-inline: {}" + - !Sub | + - aws-ecs: + codeBuildProject: ${BuildProject} + secureAPITokenSecretName: ${SysdigSecureAPITokenSsm} - "" - "[]" diff --git a/templates_ecs/CloudVision.yaml b/templates_ecs/CloudVision.yaml index f2845cb..2ace4c2 100644 --- a/templates_ecs/CloudVision.yaml +++ b/templates_ecs/CloudVision.yaml @@ -50,8 +50,17 @@ Metadata: default: "Private subnet Id's" ExistentCloudTrailSNSTopic: default: "CloudTrail SNS Topic" + UseScanningV2: + default: "Do you want to use image scanner version 2?" Parameters: + UseScanningV2: + Type: String + AllowedValues: + - "Yes" + - "No" + Default: "No" + ECRImageScanningDeploy: Type: String AllowedValues: @@ -133,6 +142,7 @@ Conditions: - !Equals [!Ref SysdigSecureEndpoint, "https://secure.sysdig.com"] - !Equals [!Ref SysdigSecureEndpoint, "https://eu1.app.sysdig.com"] - !Equals [!Ref SysdigSecureEndpoint, "https://us2.app.sysdig.com"] + UseScanningV2: !Equals [ !Ref UseScanningV2, "Yes" ] Resources: S3ConfigBucket: @@ -211,6 +221,7 @@ Resources: DeployCloudScanning: !If [ DeployCloudScanning, "Yes", "No" ] ECRImageScanningDeploy: !If [ ECRImageScanningDeploy, "Yes", "No"] ECSImageScanningDeploy: !If [ ECSImageScanningDeploy, "Yes", "No"] + UseScanningV2: !If [ UseScanningV2, "Yes", "No"] CloudAgentlessRole: Type: AWS::CloudFormation::Stack