Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(resource): AWS consolidated CloudTrail support #43

Merged
merged 4 commits into from
Dec 2, 2020
Merged

feat(resource): AWS consolidated CloudTrail support #43

merged 4 commits into from
Dec 2, 2020

Conversation

afiune
Copy link
Contributor

@afiune afiune commented Nov 24, 2020

There has been a new release where the platform now supports
consolidated CloudTrail integrations natively.

https://support.lacework.com/hc/en-us/articles/360055993554-Setup-of-Organization-AWS-CloudTrail-Integration

This change is updating the lacework_integration_aws_ct resource to
support the Account Mapping File as well as marking the integration as
Organization Level integration.

Example:

resource "lacework_integration_aws_ct" "consolidated" {
  name      = "A consolidated CloudTrail example"
  queue_url = "https://sqs.us-east-2.amazonaws.com/123456789012/MyQueue"
  credentials {
    role_arn    = "arn:aws:iam::1234567890:role/lacework_iam_example_role"
    external_id = "12345"
  }

  org_account_mappings {
    default_lacework_account = "lw_account_1"

    mapping {
      lacework_account = "lw_account_2"
      aws_accounts     = ["234556677", "774564564"]
    }

    mapping {
      lacework_account = "lw_account_3"
      aws_accounts     = ["553453453", "934534535"]
    }
  }
}

Jira: ALLY-235

Signed-off-by: Salim Afiune Maya [email protected]

@afiune afiune added resource Something related to resources feat New feature or request labels Nov 24, 2020
@afiune afiune self-assigned this Nov 24, 2020
@afiune afiune changed the title feat(resource): consolidated CloudTrail support feat(resource): AWS consolidated CloudTrail support Nov 24, 2020
afiune added a commit to lacework/go-sdk that referenced this pull request Nov 24, 2020
@afiune
refactor: account mapping file for consolidated CT
cba7e9f 
This refactor is modifying the behavior of the Encode and Decode
functions to use `[]byte` instead of `string`, this way we won't be
casting its content back and forth like this example:

lacework/terraform-provider-lacework#43

Additionally, I have made the `lacework integration show` command to
display the account mapping content.

```
$ lacework int show TECHALLY_53DFFB3E788A30BD84AD1822B06473018B2B4CBA0C1AD4C
                      INTEGRATION GUID                     |              NAME              |    TYPE    | STATUS  | STATE
-----------------------------------------------------------+--------------------------------+------------+---------+--------
  TECHALLY_53DFFB3E788A30BD84AD1822B06473018B2B4CBA0C1AD4C | A consolidated CloudTrail      | AWS_CT_SQS | Enabled | Ok

                                           INTEGRATION DETAILS
----------------------------------------------------------------------------------------------------------
    ROLE ARN              | arn:aws:iam::123483698038:role/lacework_iam_role
    EXTERNAL ID           | bubulubu
    QUEUE URL             | https://sqs.us-west-2.amazonaws.com/123483698038/lacework-ct-sqs-tech-ally
    ACCOUNT MAPPING FILE  | {
                          |   "defaultLaceworkAccountAws": "mini-ally",
                          |   "integration_mappings": {
                          |     "customerdemo": {
                          |       "aws_accounts": [
                          |         "934534535",
                          |         "553453453"
                          |       ]
                          |     },
                          |     "tech-ally": {
                          |       "aws_accounts": [
                          |         "774564564",
                          |         "234556677"
                          |       ]
                          |     }
                          |   }
                          | }
    UPDATED AT            | 2020-Nov-24 14:05:58 UTC
    UPDATED BY            | [email protected]
    STATE UPDATED AT      | 2020-Nov-24 14:06:02 UTC
    LAST SUCCESSFUL STATE | 2020-Nov-24 14:06:02 UTC

```

Signed-off-by: Salim Afiune Maya <[email protected]>
@afiune afiune mentioned this pull request Nov 24, 2020
Merged
@afiune afiune force-pushed the afiune/ALLY-235/account-mapping-file branch from e76c018 to f062d39 Compare November 24, 2020 14:17
scottford-lw
scottford-lw approved these changes Nov 30, 2020
View reviewed changes
Copy link
Contributor

@scottford-lw scottford-lw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

afiune added a commit to lacework/go-sdk that referenced this pull request Dec 2, 2020
@afiune
refactor: account mapping file for consolidated CT (#252)
402a363 
This refactor is modifying the behavior of the Encode and Decode
functions to use `[]byte` instead of `string`, this way we won't be
casting its content back and forth like this example:

lacework/terraform-provider-lacework#43

Additionally, I have made the `lacework integration show` command to
display the account mapping content.

```
$ lacework int show TECHALLY_53DFFB3E788A30BD84AD1822B06473018B2B4CBA0C1AD4C
                      INTEGRATION GUID                     |              NAME              |    TYPE    | STATUS  | STATE
-----------------------------------------------------------+--------------------------------+------------+---------+--------
  TECHALLY_53DFFB3E788A30BD84AD1822B06473018B2B4CBA0C1AD4C | A consolidated CloudTrail      | AWS_CT_SQS | Enabled | Ok

                                           INTEGRATION DETAILS
----------------------------------------------------------------------------------------------------------
    ROLE ARN              | arn:aws:iam::123483698038:role/lacework_iam_role
    EXTERNAL ID           | bubulubu
    QUEUE URL             | https://sqs.us-west-2.amazonaws.com/123483698038/lacework-ct-sqs-tech-ally
    ACCOUNT MAPPING FILE  | {
                          |   "defaultLaceworkAccountAws": "mini-ally",
                          |   "integration_mappings": {
                          |     "customerdemo": {
                          |       "aws_accounts": [
                          |         "934534535",
                          |         "553453453"
                          |       ]
                          |     },
                          |     "tech-ally": {
                          |       "aws_accounts": [
                          |         "774564564",
                          |         "234556677"
                          |       ]
                          |     }
                          |   }
                          | }
    UPDATED AT            | 2020-Nov-24 14:05:58 UTC
    UPDATED BY            | [email protected]
    STATE UPDATED AT      | 2020-Nov-24 14:06:02 UTC
    LAST SUCCESSFUL STATE | 2020-Nov-24 14:06:02 UTC

```

Signed-off-by: Salim Afiune Maya <[email protected]>
@afiune
chore(deps): update github.com/lacework/go-sdk
ad616a6 
Signed-off-by: Salim Afiune Maya <[email protected]>
@afiune
feat(resource): AWS consolidated CloudTrail support
b232e16 
There has been a new release where the platform now supports
consolidated CloudTrail integrations natively.

https://support.lacework.com/hc/en-us/articles/360055993554-Setup-of-Organization-AWS-CloudTrail-Integration

This change is updating the `lacework_integration_aws_ct` resource to
support the Account Mapping File as well as marking the integration as
Organization Level integration.

Example:

```hcl
resource "lacework_integration_aws_ct" "consolidated" {
  name      = "A consolidated CloudTrail example"
  queue_url = "https://sqs.us-east-2.amazonaws.com/123456789012/MyQueue"
  credentials {
    role_arn    = "arn:aws:iam::1234567890:role/lacework_iam_example_role"
    external_id = "12345"
  }

  org_account_mappings {
    default_lacework_account = "lw_account_1"

    mapping {
      lacework_account = "lw_account_2"
      aws_accounts     = ["234556677", "774564564"]
    }

    mapping {
      lacework_account = "lw_account_3"
      aws_accounts     = ["553453453", "934534535"]
    }
  }
}
```

Jira: ALLY-235

Signed-off-by: Salim Afiune Maya <[email protected]>
@afiune
fix: only encode mapping account when there is one
aedbee8 
Signed-off-by: Salim Afiune Maya <[email protected]>
@afiune
fix(docker): avoid loading non-existing password
5ea1e5d 
The Lacework API doesn't return passwords/secrets, therefore we should
not try to load them.

Closes #42

Signed-off-by: Salim Afiune Maya <[email protected]>
@afiune afiune force-pushed the afiune/ALLY-235/account-mapping-file branch from c5bbb9f to 5ea1e5d Compare December 2, 2020 21:11
@afiune afiune merged commit e5c6ae0 into master Dec 2, 2020
@afiune afiune deleted the afiune/ALLY-235/account-mapping-file branch December 2, 2020 21:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scottford-lw scottford-lw scottford-lw approved these changes

@mjunglw mjunglw Awaiting requested review from mjunglw

@alannix-lw alannix-lw Awaiting requested review from alannix-lw

Assignees

@afiune afiune

Labels
feat New feature or request resource Something related to resources
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@afiune @scottford-lw