|
1 | 1 | # Azure Agentless Host Scan Module |
2 | 2 |
|
3 | | -This module will deploy a LightHouse Definition and Assignment in Azure for a single subscription. |
| 3 | +This module will deploy a LightHouse Definition and Assignment in Azure for a single subscription, , or for an Azure Tenant. |
4 | 4 |
|
5 | 5 | If instrumenting an Azure subscription, the following resources will be created: |
6 | 6 | - LightHouse Definition associated with Sysdig Service Principal and the VM Scanner Operator role. |
7 | | -- LightHouse Assignment associated with the LightHouse Definition and the Azure subscription provided. |
| 7 | +- LightHouse Assignment associated with the LightHouse Definition and the Azure subscription provided. |
| 8 | + |
| 9 | +If instrumenting an Azure Tenant, the following resources will be created: |
| 10 | +- LightHouse Definition associated with Sysdig Service Principal and the VM Scanner Operator role. |
| 11 | +- LightHouse Assignment associated with the LightHouse Definition and the Azure subscriptions under each of the |
| 12 | + instrumented Management Groups within the Tenant provided, if no Management Groups are provided, all subscriptions under Root Management Group level. |
| 13 | + |
| 14 | +<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
| 15 | +## Requirements |
| 16 | + |
| 17 | +| Name | Version | |
| 18 | +|------|-----------| |
| 19 | +| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 | |
| 20 | +| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | >= 3.76.0 | |
| 21 | +| <a name="requirement_azuread"></a> [azuread](#requirement\_azuread) | >= 2.43.0 | |
| 22 | +| <a name="requirement_sysdig"></a> [sysdig](#requirement\_sysdig) | >= 1.19.0 | |
| 23 | + |
| 24 | +## Providers |
| 25 | + |
| 26 | +| Name | Version | |
| 27 | +|------|---------| |
| 28 | +| <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | >= 3.76.0 | |
| 29 | + |
| 30 | +## Modules |
| 31 | + |
| 32 | +No modules. |
| 33 | + |
| 34 | +## Resources |
| 35 | + |
| 36 | +| Name | Type | |
| 37 | +|------|------| |
| 38 | +| [azurerm_lighthouse_definition.lighthouse_definition](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lighthouse_definition) | resource | |
| 39 | +| [azurerm_lighthouse_assignment.lighthouse_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lighthouse_assignment) | resource | |
| 40 | +| [azurerm_lighthouse_assignment.lighthouse_assignment_for_tenant](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/lighthouse_assignment) | resource | |
| 41 | +| [azurerm_subscription.primary](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source | |
| 42 | +| [azurerm_management_group.root_management_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/management_group) | data source | |
| 43 | +| [azurerm_management_group.management_groups](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/management_group) | data source | |
| 44 | + |
| 45 | +## Inputs |
| 46 | + |
| 47 | +| Name | Description | Type | Default | Required | |
| 48 | +|---------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------|---------|:--------:| |
| 49 | +| <a name="input_subscription_id"></a> [subscription\_id](#input\_subscription\_id) | The identifier of the Azure Subscription in which to create a trust relationship. | `string` | n/a | yes | |
| 50 | +| <a name="input_sysdig_tenant_id"></a> [sysdig\_tenant\_id](#input\_sysdig\_tenant\_id) | The identifier of Sysdig Tenant where the Sysdig Service Principal is set. | `string` | n/a | yes | |
| 51 | +| <a name="input_sysdig_service_principal_id"></a> [sysdig\_service\_principal\_id](#input\_sysdig\_service\_principal\_id) | The identifier of the Sysdig Service Principal in the Sysdig tenant. A Lighthouse Definition linked to this Service Principal will be created. | `string` | n/a | yes | |
| 52 | +| <a name="input_is_organizational"></a> [is\_organizational](#input\_is\_organizational) | true/false whether secure-for-cloud should be deployed in an organizational setup (all subscriptions of tenant) or not (only on default azure provider subscription) | `bool` | `false` | no | |
| 53 | +| <a name="input_management_group_ids"></a> [management\_group\_ids](#input\_management\_group\_ids) | List of Azure Management Group IDs. secure-for-cloud will be deployed to all the subscriptions under these management groups. | `set(string)` | `[]` | no | |
| 54 | + |
| 55 | +## Outputs |
| 56 | + |
| 57 | +| Name | Description | |
| 58 | +|-------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------| |
| 59 | +| <a name="lighthouse_definition_display_id"></a> [lighthouse\_definition\_display\_id](#output\_lighthouse\_definition\_display\_id) | Display id of the Lighthouse Definition created, associated with the Service Principal | |
| 60 | +| <a name="output_subscription_alias"></a> [subscription\_alias](#output\_subscription\_alias) | Display name of the subscription | |
| 61 | +<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
| 62 | + |
| 63 | +## Authors |
| 64 | + |
| 65 | +Module is maintained by [Sysdig](https://sysdig.com). |
| 66 | + |
| 67 | +## License |
| 68 | + |
| 69 | +Apache 2 Licensed. See LICENSE for full details. |
0 commit comments