corelight · retr0h · Jun 6, 2024 · Jun 6, 2024 · Jun 6, 2024
diff --git a/cloud-config/init.tpl b/cloud-config/init.tpl
@@ -33,7 +33,16 @@ write_files:
 runcmd:
   - corelightctl sensor bootstrap -v
   - corelightctl sensor deploy -v
-%{ if cloud_provider == "azure" ~}
+
+%{ if enrichment_enabled && cloud_provider == "aws" ~}
   - |
-    echo '{"cloud_enrichment.enable": "true", "cloud_enrichment.cloud_provider": "azure","cloud_enrichment.bucket_name": "${container_name}", "cloud_enrichment.azure_storage_account": "${storage_account_name}"}' | corelightctl sensor cfg put
+    echo '{"cloud_enrichment.enable": "true", "cloud_enrichment.cloud_provider": "aws","cloud_enrichment.bucket_name": "${bucket_name}", "cloud_enrichment.bucket_region": "${bucket_region}"}' | corelightctl sensor cfg put
+%{ endif ~}
+%{ if enrichment_enabled && cloud_provider == "azure" ~}
+   - |
+    echo '{"cloud_enrichment.enable": "true", "cloud_enrichment.cloud_provider": "azure","cloud_enrichment.bucket_name": "${bucket_name}", "cloud_enrichment.azure_storage_account": "${azure_storage_account_name}"}' | corelightctl sensor cfg put
+%{ endif ~}
+%{ if enrichment_enabled && cloud_provider == "gcp" ~}
+    - |
+    echo '{"cloud_enrichment.enable": "true", "cloud_enrichment.cloud_provider": "gcp","cloud_enrichment.bucket_name": "${bucket_name}"}' | corelightctl sensor cfg put
 %{ endif ~}
diff --git a/data.tf b/data.tf
@@ -1,6 +1,6 @@
 data "cloudinit_config" "config" {
-  gzip          = false
-  base64_encode = false
+  gzip          = var.gzip_config
+  base64_encode = var.base64_encode_config
 
   part {
     content_type = "text/cloud-config"
@@ -14,12 +14,12 @@ data "cloudinit_config" "config" {
       mon_subnet       = var.subnetwork_monitoring_cidr
       mon_gateway      = var.subnetwork_monitoring_gateway
 
-      # enrichment service
-      cloud_provider = var.enrichment_cloud_provider_name
-      container_name = var.enrichment_storage_container_name
-
-      # enrichment service - azure
-      storage_account_name = var.enrichment_storage_account_name
+      # Optional - Cloud Enrichment Configuration
+      enrichment_enabled         = var.enrichment_enabled
+      cloud_provider             = var.enrichment_cloud_provider_name
+      bucket_name                = var.enrichment_bucket_name
+      bucket_region              = var.enrichment_bucket_region
+      azure_storage_account_name = var.enrichment_storage_account_name
     })
     filename = "sensor-build.yaml"
   }

diff --git a/examples/deployment/main.tf b/examples/deployment/main.tf
@@ -7,9 +7,13 @@ locals {
   mon_cidr                 = "10.3.0.0/24"
   mon_gateway              = "10.3.0.1"
 
-  enrichment_cloud_provider         = "azure"
-  enrichment_storage_account_name   = "account-foo"
-  enrichment_storage_container_name = "bucket-bar"
+
+  # Enrichment
+  enrichment_enabled              = "<true | false>"
+  enrichment_cloud_provider       = "<aws | azure | gcp>"
+  enrichment_storage_account_name = "account-foo"
+  enrichment_bucket_name          = "bucket-bar"
+  enrichment_s3_bucket_region     = "us-east-1"
 }
 
 module "sensor_config" {
@@ -24,9 +28,13 @@ module "sensor_config" {
   subnetwork_monitoring_gateway                = local.mon_gateway
 
   # Optional - Enrichment Service
-  enrichment_cloud_provider_name    = local.enrichment_cloud_provider
-  enrichment_storage_container_name = local.enrichment_storage_container_name
+  enrichment_enabled             = local.enrichment_enabled
+  enrichment_cloud_provider_name = local.enrichment_cloud_provider
+  enrichment_bucket_name         = local.enrichment_bucket_name
 
-  # Optional - Enrichment Service Azure
+  # Optional - Enrichment Service Azure Only
   enrichment_storage_account_name = local.enrichment_storage_account_name
+
+  # Optional - Enrichment Service AWS Only
+  enrichment_bucket_region = local.enrichment_s3_bucket_region
 }
diff --git a/variables.tf b/variables.tf
@@ -20,6 +20,18 @@ variable "sensor_monitoring_interface_name" {
   description = "the sensor(s) monitoring interface name"
 }
 
+variable "gzip_config" {
+  type        = bool
+  default     = false
+  description = "should the configuration be gzipped"
+}
+
+variable "base64_encode_config" {
+  type        = bool
+  default     = false
+  description = "should the configuration be base64 encoded"
+}
+
 variable "sensor_health_check_http_port" {
   type        = string
   default     = "41080"
@@ -45,6 +57,11 @@ variable "subnetwork_monitoring_gateway" {
 }
 
 # Enrichment Service
+variable "enrichment_enabled" {
+  description = "(optional) if cloud enrichment should enabled at time of sensor deployment"
+  type        = string
+  default     = false
+}
 
 variable "enrichment_cloud_provider_name" {
   description = "(optional) the cloud provider name"
@@ -57,16 +74,22 @@ variable "enrichment_cloud_provider_name" {
   }
 }
 
-# Enrichment Service -- Azure
+variable "enrichment_bucket_name" {
+  description = "(optional) the s3 bucket, azure storage container, or gcs bucket name"
+  type        = string
+  default     = ""
+}
 
+# Enrichment Service -- Azure
 variable "enrichment_storage_account_name" {
   description = "(optional) the azure storage account where enrichment data is stored"
   type        = string
   default     = ""
 }
 
-variable "enrichment_storage_container_name" {
-  description = "(optional) the container where enrichment data is stored"
+# Enrichment Service -- AWS
+variable "enrichment_bucket_region" {
+  description = "(optional) the region for the s3 enrichment bucket"
   type        = string
   default     = ""
-}
+}