diff --git a/.github/workflows/test-environment.yml b/.github/workflows/test-environment.yml index 1853476e56..34ffebb024 100644 --- a/.github/workflows/test-environment.yml +++ b/.github/workflows/test-environment.yml @@ -228,17 +228,6 @@ jobs: enrollment_token="init" echo "::add-mask::$enrollment_token" echo "ENROLLMENT_TOKEN=$enrollment_token" >> $GITHUB_ENV - # TODO: remove - # - name: Init CDR Infra - # id: init-cdr-infra - # env: - # INPUT_CDR_INFRA: ${{ inputs.cdr-infra }} - # run: | - # if [[ "${INPUT_CDR_INFRA:-}" == "true" ]]; then - # echo "CDR_INFRA=true" >> $GITHUB_ENV - # else - # echo "CDR_INFRA=false" >> $GITHUB_ENV - # fi - name: Init Infra Type id: init-infra-type @@ -338,9 +327,8 @@ jobs: ./manage_infrastructure.sh "$INFRA_TYPE" "upload" echo "s3-bucket-folder=${S3_BUCKET}" >> $GITHUB_OUTPUT echo "aws-cnvm-stack=${CNVM_STACK_NAME}" >> $GITHUB_OUTPUT - # TODO: remove "true" after debugging - python3 ../../.ci/scripts/create_env_config.py || true - aws s3 cp "./env_config.json" "${S3_BUCKET}/env_config.json" || true + python3 ../../.ci/scripts/create_env_config.py + aws s3 cp "./env_config.json" "${S3_BUCKET}/env_config.json" # TODO: remove # - name: Upload tf state # id: upload-state @@ -548,18 +536,19 @@ jobs: working-directory: ${{ env.WORKING_DIR }}/cis run: | scriptname="cspm-linux.sh" - src="../../$INTEGRATIONS_SETUP_DIR/$scriptname" + src="../../../$INTEGRATIONS_SETUP_DIR/$scriptname" cmd="chmod +x $scriptname && ./$scriptname" - ../../.ci/scripts/remote_setup.sh -k "$EC2_CSPM_KEY" -s "$src" -h "$CSPM_PUBLIC_IP" -d "~/$scriptname" -c "$cmd" + ../../../.ci/scripts/remote_setup.sh -k "$EC2_CSPM_KEY" -s "$src" -h "$CSPM_PUBLIC_IP" -d "~/$scriptname" -c "$cmd" - name: Install AWS Asset Inventory integration id: aws-asset-inventory + if: env.INFRA_TYPE != 'cis' working-directory: ${{ env.INTEGRATIONS_SETUP_DIR }} run: | poetry run python ./install_aws_asset_inventory_integration.py - name: Deploy AWS Asset Inventory agent - if: env.INFRA_TYPE != 'cdr' + if: env.INFRA_TYPE != 'cis' working-directory: ${{ env.WORKING_DIR }}/cis run: | scriptname="aws-asset-inventory-linux.sh" @@ -578,7 +567,6 @@ jobs: aws s3 cp "./kspm_unmanaged.yaml" "$S3_BUCKET/kspm_unmanaged.yaml" aws s3 cp "./kspm_d4c.yaml" "$S3_BUCKET/kspm_d4c.yaml" aws s3 cp "./kspm_eks.yaml" "$S3_BUCKET/kspm_eks.yaml" - aws s3 cp "./aws-asset-inventory-linux.sh" "$S3_BUCKET/aws-asset-inventory-linux.sh" fi aws s3 cp "./state_data.json" "$S3_BUCKET/state_data.json" diff --git a/deploy/test-environments/cdr/main.tf b/deploy/test-environments/cdr/main.tf index a53e41d730..d7e9a2a6bc 100644 --- a/deploy/test-environments/cdr/main.tf +++ b/deploy/test-environments/cdr/main.tf @@ -59,4 +59,14 @@ module "azure_vm_activity_logs" { specific_tags = merge(local.common_tags, { "vm_type" : "activity-logs" }) } +module "aws_ec2_for_asset_inventory" { + count = var.deploy_aws_asset_inventory ? 1 : 0 + source = "../../cloud/modules/ec2" + providers = { aws : aws } + aws_ami = var.ami_map[var.region] + deploy_k8s = false + deploy_agent = false + deployment_name = "${var.deployment_name}-${random_string.suffix.result}" + specific_tags = merge(local.common_tags, { "ec2_type" : "asset_inventory" }) +} # ===== End Of CDR Infrastructure Resources ===== diff --git a/deploy/test-environments/cdr/output.tf b/deploy/test-environments/cdr/output.tf index 2c3a237939..b9c4f99791 100644 --- a/deploy/test-environments/cdr/output.tf +++ b/deploy/test-environments/cdr/output.tf @@ -47,3 +47,18 @@ output "az_vm_activity_logs_key" { value = var.deploy_az_vm ? module.azure_vm_activity_logs[0].azure_vm_ssh_key : null sensitive = true } + +output "ec2_asset_inventory_ssh_cmd" { + value = module.aws_ec2_for_asset_inventory[0].cloudbeat_ssh_cmd + sensitive = true +} + +output "ec2_asset_inventory_public_ip" { + value = module.aws_ec2_for_asset_inventory[0].aws_instance_cloudbeat_public_ip + sensitive = true +} + +output "ec2_asset_inventory_key" { + value = module.aws_ec2_for_asset_inventory[0].ec2_ssh_key + sensitive = true +} diff --git a/deploy/test-environments/cdr/variables.tf b/deploy/test-environments/cdr/variables.tf index cbfcdcee4c..dd62f01fd0 100644 --- a/deploy/test-environments/cdr/variables.tf +++ b/deploy/test-environments/cdr/variables.tf @@ -60,6 +60,12 @@ variable "deploy_aws_ec2" { default = true } +variable "deploy_aws_asset_inventory" { + description = "Deploy AWS Asset Inventory EC2 resources" + type = bool + default = true +} + # ========= Cloud Tags ======================== variable "division" { default = "engineering" diff --git a/deploy/test-environments/cis/main.tf b/deploy/test-environments/cis/main.tf index 2c4c578446..a725c528be 100644 --- a/deploy/test-environments/cis/main.tf +++ b/deploy/test-environments/cis/main.tf @@ -40,17 +40,6 @@ module "aws_ec2_for_cspm" { specific_tags = merge(local.common_tags, { "ec2_type" : "cspm" }) } -module "aws_ec2_for_asset_inventory" { - count = var.deploy_aws_asset_inventory ? 1 : 0 - source = "../../cloud/modules/ec2" - providers = { aws : aws } - aws_ami = var.ami_map[var.region] - deploy_k8s = false - deploy_agent = false - deployment_name = "${var.deployment_name}-${random_string.suffix.result}" - specific_tags = merge(local.common_tags, { "ec2_type" : "asset_inventory" }) -} - module "eks" { source = "../../cloud/modules/provision-eks-cluster" region = var.region diff --git a/deploy/test-environments/cis/output.tf b/deploy/test-environments/cis/output.tf index 8b57cf6883..cee27acdd3 100644 --- a/deploy/test-environments/cis/output.tf +++ b/deploy/test-environments/cis/output.tf @@ -37,18 +37,4 @@ output "ec2_cspm_key" { sensitive = true } -output "ec2_asset_inventory_ssh_cmd" { - value = module.aws_ec2_for_asset_inventory[0].cloudbeat_ssh_cmd - sensitive = true -} - -output "ec2_asset_inventory_public_ip" { - value = module.aws_ec2_for_asset_inventory[0].aws_instance_cloudbeat_public_ip - sensitive = true -} - -output "ec2_asset_inventory_key" { - value = module.aws_ec2_for_asset_inventory[0].ec2_ssh_key - sensitive = true -} # ============================================================= diff --git a/deploy/test-environments/cis/variables.tf b/deploy/test-environments/cis/variables.tf index 39b01709ac..6896d9fc6a 100644 --- a/deploy/test-environments/cis/variables.tf +++ b/deploy/test-environments/cis/variables.tf @@ -33,12 +33,6 @@ variable "deploy_aws_cspm" { default = true } -variable "deploy_aws_asset_inventory" { - description = "Deploy AWS Asset Inventory EC2 resources" - type = bool - default = true -} - variable "division" { default = "engineering" type = string diff --git a/deploy/test-environments/set_cloud_env_params.sh b/deploy/test-environments/set_cloud_env_params.sh index 4bc2412202..6516e21438 100755 --- a/deploy/test-environments/set_cloud_env_params.sh +++ b/deploy/test-environments/set_cloud_env_params.sh @@ -37,10 +37,6 @@ output_cis_vars() { echo "::add-mask::$EC2_KSPM" echo "EC2_KSPM=$EC2_KSPM" >>"$GITHUB_ENV" - EC2_ASSET_INV=$(terraform output -raw ec2_asset_inventory_ssh_cmd) - echo "::add-mask::$EC2_ASSET_INV" - echo "EC2_ASSET_INV=$EC2_ASSET_INV" >>"$GITHUB_ENV" - EC2_CSPM_KEY=$(terraform output -raw ec2_cspm_key) echo "::add-mask::$EC2_CSPM_KEY" echo "EC2_CSPM_KEY=$EC2_CSPM_KEY" >>"$GITHUB_ENV" @@ -49,10 +45,6 @@ output_cis_vars() { echo "::add-mask::$EC2_KSPM_KEY" echo "EC2_KSPM_KEY=$EC2_KSPM_KEY" >>"$GITHUB_ENV" - EC2_ASSET_INV_KEY=$(terraform output -raw ec2_asset_inventory_key) - echo "::add-mask::$EC2_ASSET_INV_KEY" - echo "EC2_ASSET_INV_KEY=$EC2_ASSET_INV_KEY" >>"$GITHUB_ENV" - KSPM_PUBLIC_IP=$(terraform output -raw ec2_kspm_public_ip) echo "::add-mask::$KSPM_PUBLIC_IP" echo "KSPM_PUBLIC_IP=$KSPM_PUBLIC_IP" >>"$GITHUB_ENV" @@ -61,9 +53,6 @@ output_cis_vars() { echo "::add-mask::$CSPM_PUBLIC_IP" echo "CSPM_PUBLIC_IP=$CSPM_PUBLIC_IP" >>"$GITHUB_ENV" - ASSET_INV_PUBLIC_IP=$(terraform output -raw ec2_asset_inventory_public_ip) - echo "::add-mask::$ASSET_INV_PUBLIC_IP" - echo "ASSET_INV_PUBLIC_IP=$ASSET_INV_PUBLIC_IP" >>"$GITHUB_ENV" } # Function to output cis variables @@ -91,6 +80,14 @@ output_cdr_vars() { gcp_audit_logs_key=$(terraform output -raw gcp_audit_logs_key) echo "::add-mask::$gcp_audit_logs_key" echo "AUDIT_LOGS_KEY=$gcp_audit_logs_key" >>"$GITHUB_ENV" + + ec2_asset_inv_key=$(terraform output -raw ec2_asset_inventory_key) + echo "::add-mask::$ec2_asset_inv_key" + echo "EC2_ASSET_INV_KEY=$ec2_asset_inv_key" >>"$GITHUB_ENV" + + asset_inv_public_ip=$(terraform output -raw ec2_asset_inventory_public_ip) + echo "::add-mask::$asset_inv_public_ip" + echo "ASSET_INV_PUBLIC_IP=$asset_inv_public_ip" >>"$GITHUB_ENV" } # Check for valid input diff --git a/deploy/test-environments/upload_state.sh b/deploy/test-environments/upload_state.sh index c2c59c8bf0..1bff2c777f 100755 --- a/deploy/test-environments/upload_state.sh +++ b/deploy/test-environments/upload_state.sh @@ -10,7 +10,6 @@ upload_cis() { aws s3 cp "./terraform.tfstate" "${S3_BUCKET}/cis-terraform.tfstate" aws s3 cp "${EC2_CSPM_KEY}" "${S3_BUCKET}/cspm.pem" aws s3 cp "${EC2_KSPM_KEY}" "${S3_BUCKET}/kspm.pem" - aws s3 cp "${EC2_ASSET_INV_KEY}" "${S3_BUCKET}/asset_inv.pem" } # Function to upload additional keys for CDR @@ -19,6 +18,7 @@ upload_cdr() { aws s3 cp "${CLOUDTRAIL_KEY}" "${S3_BUCKET}/cloudtrail.pem" aws s3 cp "${ACTIVITY_LOGS_KEY}" "${S3_BUCKET}/az_activity_logs.pem" aws s3 cp "${AUDIT_LOGS_KEY}" "${S3_BUCKET}/gcp_audit_logs.pem" + aws s3 cp "${EC2_ASSET_INV_KEY}" "${S3_BUCKET}/asset_inv.pem" } # Check for valid input