Cloudbeat analyzes cloud assets for security compliance and sends findings to Elasticsearch as part of the Cloud Security Posture plugin in Kibana.
To get started with Cloud Security Posture on your cluster, see our documentation.
Deploying Cloudbeat locally either as a process, or through elastic-agent can be done with elastic-package - a tool that spins up en entire elastic stack locally. depending on the deployment platform (Self-Managed kubernetes / EKS) you may need to set up different environment.
-
We use Hermit to keep all our tooling in check. See our README for more details. Install it with the following commands:
curl -fsSL https://github.com/cashapp/hermit/releases/download/stable/install.sh | /bin/bash . ./bin/activate-hermit
Note This will download and install hermit into
~/bin. You should add this to your$PATHif it isn't already.It is also recommended to add hermit's shell integration
-
Elastic stack running locally, preferably using elastic-package (you may need to authenticate) For example, spinning up 8.6.0 stack locally:
eval "$(elastic-package stack shellinit --shell $(basename $SHELL))" # load stack environment variables elastic-package stack up --version 8.6.0 -v -d
Cloudbeat can be deployed as a process, and will not be managed by Elastic Agent. (the fastest way to get started, getting findings)
We use Kind to spin up a local kubernetes cluster, and deploy Cloudbeat as a process. Build and deploying cloudbeat into your local kind cluster:
if you don't already have a Kind cluster, you can create one with:
just create-kind-cluster
just elastic-stack-connect-kind # connect it to local elastic stackBuild and deploy cloudbeat on your local kind cluster:
just build-deploy-cloudbeatOr without certificate
just build-deploy-cloudbeat-nocertNote By default, cloudbeat binary will be built based on
GOARCHenvironment variable. If you want to build cloudbeat for a different platform you can set it as following:# just build-deploy-cloudbeat <Target Arch> just build-deploy-cloudbeat amd64Or without certificate
# just build-deploy-cloudbeat-nocert <Target Arch> just build-deploy-cloudbeat-nocert amd64
Another deployment option is to deploy cloudbeat as a process on EKS. This is useful for testing and development purposes.
Export AWS creds as env vars, kustomize will use these to populate your cloudbeat deployment.
export AWS_ACCESS_KEY="<YOUR_AWS_KEY>"
export AWS_SECRET_ACCESS_KEY="<YOUR_AWS_SECRET>"Set your default cluster to your EKS cluster
kubectl config use-context <your-eks-cluster>Deploy cloudbeat on your EKS cluster
just deploy-eks-cloudbeat- Spin up Elastic stack (using cloud/staging is recommended, but using elastic-package is also supported, see Local Deployment)
- Create an agent policy and install the CSP integration (KSPM).
- Now, when adding a new agent, you will get the K8s deployment instructions of elastic-agent.
Note Are you a developer/contributor or just looking for more information check out our dev docs