quickstart-trend-micro-cloudone-helm-resource-provider

module

v0.0.0-...-f5eaa89 Latest Latest Go to latest Published: Mar 28, 2022 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aws-quickstart/quickstart-trend-micro-cloudone-helm-resource-provider

Links

Open Source Insights

README ¶

TrendMicro::CloudOneContainer::Helm

An AWS CloudFormation resource type that deploys Trend Micro Cloud One Container Security into EKS clusters using helm.

Prerequisites

IAM role

An IAM role is used by CloudFormation to execute this resource type handler code. A CloudFormation template to create the exeecution role is available here

Create an EKS cluster and provide CloudFormation access to the Kubernetes API

EKS clusters use IAM to allow access to the kubernetes API, as the CloudFormation resource types in this project interact with the kubernetes API, the IAM execution role must be granted access to the kubernetes API. This can be done in one of two ways:

Create the cluster using CloudFormation: Currently there is no native way to manage EKS auth using CloudFormation (+1 this GitHub issue to help prioritize native support). For this reason we have published AWSQS::EKS::Cluster. Instructions on activation and usage can be found here.
Manually: to allow this resource type to access the kubernetes API, follow the instructions in the EKS documentation adding the IAM execution role created above to the system:masters group. (Note: you can scope this down if you plan to use the resource type to only perform specific operations on the kubernetes cluster)

Activating the resource type

Activation can be done in one of the following ways:

Note that this must be done in each region you plan to use this resource type in.

Usage

Properties and return values for the resource type are documented here.

Documentation for the helm chart and it's values are available here.

Examples

Deploy Trend Micro Cloud One Container Security fetching credentials stored in AWS Secrets Manager

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  CloudOneHelmRelease:
    Type: "TrendMicro::CloudOneContainer::Helm"
    Properties:
      ClusterID: my-cluster-name
      Name: trendmicro-cloudone
      Namespace: trendmicro-cloudone
      Values:
        cloudOne.admissionController.apiKey: {{resolve:secretsmanager:cloudone-api:SecretString:api-key}}
        cloudOne.runtimeSecurity.apiKey: {{resolve:secretsmanager:cloudone-api:SecretString:api-key}}
        cloudOne.runtimeSecurity.secret: {{resolve:secretsmanager:cloudone-api:SecretString:api-secret}}

Directories ¶

Path	Synopsis
cmd Code generated by 'cfn generate', changes will be undone by the next invocation.	Code generated by 'cfn generate', changes will be undone by the next invocation.
resource Code generated by 'cfn generate', changes will be undone by the next invocation.	Code generated by 'cfn generate', changes will be undone by the next invocation.
vpc

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL