-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #7 from imperva/petal/aws-aurora-sources
AWS Aurora MySQL and PostgreSQL modules
- Loading branch information
Showing
66 changed files
with
3,887 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# Onboard Amazon Aurora MySQL via Kinesis example | ||
This example includes additional prerequisites that will need to be completed to fully utilize the module. More details can be found in the [onboarding documentation](https://docs.imperva.com/bundle/onboarding-databases-to-sonar-reference-guide/page/Amazon-Aurora-MySQL-Onboarding-Steps_48366913.html). | ||
|
||
It creates both 'aws' and 'dsfhub' resources. More information regarding authentication to each one can be found in the relevant provider documentation: | ||
- [aws](https://registry.terraform.io/providers/hashicorp/aws/latest/docs) | ||
- [dsfhub](https://registry.terraform.io/providers/imperva/dsfhub/latest/docs) | ||
|
||
## Prerequisites | ||
### Account Asset Permissions | ||
An AWS account asset will need to be onboarded to your DSF hub prior to using this module. The account asset will need to be granted permissions to be able to read from the newly created kinesis stream. | ||
|
||
<!-- BEGIN_TF_DOCS --> | ||
## Requirements | ||
|
||
No requirements. | ||
|
||
## Providers | ||
|
||
No providers. | ||
|
||
## Modules | ||
|
||
| Name | Source | Version | | ||
|------|--------|---------| | ||
| <a name="module_aws-aurora-mysql-kinesis"></a> [aws-aurora-mysql-kinesis](#module\_aws-aurora-mysql-kinesis) | ../../modules/onboard-aws-rds-aurora-mysql-kinesis | n/a | | ||
| <a name="module_aws-default-account-asset"></a> [aws-default-account-asset](#module\_aws-default-account-asset) | imperva/agentless-onboarding/dsfhub//modules/dsfhub-aws-cloud-account | n/a | | ||
|
||
## Resources | ||
|
||
No resources. | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_dsfhub_host"></a> [dsfhub\_host](#input\_dsfhub\_host) | n/a | `any` | n/a | yes | | ||
| <a name="input_dsfhub_token"></a> [dsfhub\_token](#input\_dsfhub\_token) | n/a | `any` | n/a | yes | | ||
|
||
## Outputs | ||
|
||
No outputs. | ||
<!-- END_TF_DOCS --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
locals { | ||
aws_region = "us-east-2" | ||
apply_immediately = true | ||
master_user = "admin" | ||
master_password = "Abcd1234" | ||
|
||
admin_email = "[email protected]" | ||
gateway_id = "a1b2c3d4-e5f6-g8h9-wxyz-123456790" | ||
} | ||
|
||
################################################################################ | ||
# Providers | ||
################################################################################ | ||
terraform { | ||
required_providers { | ||
dsfhub = { | ||
source = "imperva/dsfhub" | ||
} | ||
} | ||
} | ||
|
||
provider "aws" { | ||
region = local.aws_region | ||
} | ||
|
||
variable "dsfhub_host" {} # TF_VAR_dsfhub_host env variable | ||
variable "dsfhub_token" {} # TF_VAR_dsfhub_token env variable | ||
|
||
provider "dsfhub" { | ||
dsfhub_host = var.dsfhub_host | ||
dsfhub_token = var.dsfhub_token | ||
} | ||
|
||
################################################################################ | ||
# Prerequisites | ||
# 1. AWS cloud account | ||
################################################################################ | ||
# 1. AWS cloud account | ||
module "aws-default-account-asset" { | ||
source = "imperva/agentless-onboarding/dsfhub//modules/dsfhub-aws-cloud-account" | ||
|
||
admin_email = local.admin_email | ||
asset_display_name = "aws-account-asset" | ||
asset_id = "arn:aws:iam::1234567890" | ||
auth_mechanism = "default" | ||
gateway_id = local.gateway_id | ||
region = local.aws_region | ||
} | ||
|
||
################################################################################ | ||
# Amazon Aurora MySQL via kinesis stream | ||
################################################################################ | ||
module "aws-aurora-mysql-kinesis" { | ||
source = "../../modules/onboard-aws-rds-aurora-mysql-kinesis" | ||
|
||
aws_aurora_mysql_cluster_admin_email = local.admin_email | ||
aws_aurora_mysql_cluster_gateway_id = local.gateway_id | ||
aws_aurora_mysql_cluster_parent_asset_id = module.aws-default-account-asset.this.asset_id | ||
aws_aurora_mysql_cluster_region = local.aws_region | ||
|
||
aws_kinesis_admin_email = local.admin_email | ||
aws_kinesis_audit_pull_enabled = true | ||
aws_kinesis_gateway_id = local.gateway_id | ||
aws_kinesis_reason = "default" | ||
aws_kinesis_region = local.aws_region | ||
|
||
cluster_apply_immediately = local.apply_immediately | ||
cluster_db_master_password = local.master_password | ||
cluster_db_master_username = local.master_user | ||
cluster_id = "tf-aurora-mysql-kinesis-cluster" | ||
cluster_final_snapshot = true | ||
|
||
instance_apply_immediately = local.apply_immediately | ||
instance_identifier = "tf-aurora-mysql-kinesis-instance" | ||
instance_publicly_accessible = true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# Onboard Amazon Aurora MySQL Slow Query example | ||
This example includes additional prerequisites that will need to be completed to fully utilize the module. More details can be found in the [onboarding documentation](https://docs.imperva.com/bundle/onboarding-databases-to-sonar-reference-guide/page/Amazon-Aurora-MySQL-Onboarding-Steps_48366913.html). | ||
|
||
This example creates both 'aws' and 'dsfhub' resources. More information regarding authentication to each can be found in the relevant provider documentation: | ||
- [aws](https://registry.terraform.io/providers/hashicorp/aws/latest/docs) | ||
- [dsfhub](https://registry.terraform.io/providers/imperva/dsfhub/latest/docs) | ||
|
||
## Prerequisites | ||
### Account Asset Permissions | ||
An AWS account asset will need to be onboarded to your DSF hub prior to using this module. The account asset will need to be granted permissions to be able to read from the newly created CloudWatch log group. | ||
|
||
<!-- BEGIN_TF_DOCS --> | ||
## Requirements | ||
|
||
No requirements. | ||
|
||
## Providers | ||
|
||
No providers. | ||
|
||
## Modules | ||
|
||
| Name | Source | Version | | ||
|------|--------|---------| | ||
| <a name="module_aws-aurora-mysql-slowquery"></a> [aws-aurora-mysql-slowquery](#module\_aws-aurora-mysql-slowquery) | ../../modules/onboard-aws-rds-aurora-mysql-slowquery | n/a | | ||
| <a name="module_aws-default-account-asset"></a> [aws-default-account-asset](#module\_aws-default-account-asset) | imperva/agentless-onboarding/dsfhub//modules/dsfhub-aws-cloud-account | n/a | | ||
|
||
## Resources | ||
|
||
No resources. | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_dsfhub_host"></a> [dsfhub\_host](#input\_dsfhub\_host) | n/a | `any` | n/a | yes | | ||
| <a name="input_dsfhub_token"></a> [dsfhub\_token](#input\_dsfhub\_token) | n/a | `any` | n/a | yes | | ||
|
||
## Outputs | ||
|
||
No outputs. | ||
<!-- END_TF_DOCS --> |
101 changes: 101 additions & 0 deletions
101
examples/onboard-aws-rds-aurora-mysql-slowquery/main.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
locals { | ||
aws_region = "us-east-2" | ||
vpc_security_group_ids = [ | ||
"sg-12a345678912b1c2a", | ||
"sg-34b456789c12b231e" | ||
] | ||
subnet_group_name = "my-subnet-group" | ||
admin_email = "[email protected]" | ||
gateway_id = "a1b2c3d4-1234-5678-9123-cd1edcef7642" | ||
} | ||
|
||
################################################################################ | ||
# Providers | ||
################################################################################ | ||
terraform { | ||
required_providers { | ||
dsfhub = { | ||
source = "imperva/dsfhub" | ||
} | ||
} | ||
} | ||
|
||
provider "aws" { | ||
region = local.aws_region | ||
} | ||
|
||
variable "dsfhub_host" {} # TF_VAR_dsfhub_host env variable | ||
variable "dsfhub_token" {} # TF_VAR_dsfhub_token env variable | ||
|
||
provider "dsfhub" { | ||
dsfhub_host = var.dsfhub_host | ||
dsfhub_token = var.dsfhub_token | ||
} | ||
|
||
################################################################################ | ||
# Prerequisites | ||
# AWS cloud account | ||
################################################################################ | ||
|
||
module "aws-default-account-asset" { | ||
source = "imperva/agentless-onboarding/dsfhub//modules/dsfhub-aws-cloud-account" | ||
|
||
admin_email = local.admin_email | ||
asset_display_name = "aws-account-asset" | ||
asset_id = "arn:aws:iam::123456789101:role/iam-role" | ||
auth_mechanism = "default" | ||
gateway_id = local.gateway_id | ||
region = local.aws_region | ||
} | ||
|
||
################################################################################ | ||
# Amazon Aurora MySQL Slow query | ||
################################################################################ | ||
|
||
module "aws-aurora-mysql-slowquery" { | ||
source = "../../modules/onboard-aws-rds-aurora-mysql-slowquery" | ||
|
||
cluster_parameter_group_name = "aurora-mysql-cpg-tf" | ||
cluster_parameter_group_parameters = [ | ||
{ | ||
name = "server_audit_logging" | ||
value = 1 | ||
}, | ||
{ | ||
name = "server_audit_excl_users" | ||
value = "rdsadmin" | ||
}, | ||
{ | ||
name = "server_audit_events" | ||
value = "CONNECT,QUERY,QUERY_DCL,QUERY_DDL,QUERY_DML" | ||
}, | ||
{ | ||
name = "slow_query_log" | ||
value = 1 | ||
}, | ||
{ | ||
name = "long_query_time" | ||
value = 5 | ||
}, | ||
{ | ||
name = "log_slow_admin_statements" | ||
value = 1 | ||
} | ||
] | ||
|
||
cluster_cluster_id = "aurora-mysql-cluster" | ||
cluster_db_master_username = "admin" | ||
cluster_db_master_password = "mypassword" | ||
cluster_db_subnet_group_name = local.subnet_group_name | ||
cluster_vpc_security_group_ids = local.vpc_security_group_ids | ||
|
||
instance_identifier = "aurora-mysql" | ||
instance_publicly_accessible = false | ||
|
||
aws_aurora_mysql_cluster_admin_email = local.admin_email | ||
aws_aurora_mysql_cluster_gateway_id = local.gateway_id | ||
aws_aurora_mysql_cluster_parent_asset_id = module.aws-default-account-asset.this.asset_id | ||
aws_aurora_mysql_cluster_region = local.aws_region | ||
|
||
aws_log_group_audit_pull_enabled = true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# Onboard Amazon Aurora MySQL example | ||
This example includes additional prerequisites that will need to be completed to fully utilize the module. More details can be found in the [onboarding documentation](https://docs.imperva.com/bundle/onboarding-databases-to-sonar-reference-guide/page/Amazon-Aurora-MySQL-Onboarding-Steps_48366913.html). | ||
|
||
This example creates both 'aws' and 'dsfhub' resources. More information regarding authentication to each can be found in the relevant provider documentation: | ||
- [aws](https://registry.terraform.io/providers/hashicorp/aws/latest/docs) | ||
- [dsfhub](https://registry.terraform.io/providers/imperva/dsfhub/latest/docs) | ||
|
||
## Prerequisites | ||
### Account Asset Permissions | ||
An AWS account asset will need to be onboarded to your DSF hub prior to using this module. The account asset will need to be granted permissions to be able to read from the newly created CloudWatch log group. | ||
|
||
<!-- BEGIN_TF_DOCS --> | ||
## Requirements | ||
|
||
No requirements. | ||
|
||
## Providers | ||
|
||
No providers. | ||
|
||
## Modules | ||
|
||
| Name | Source | Version | | ||
|------|--------|---------| | ||
| <a name="module_aws-aurora-mysql"></a> [aws-aurora-mysql](#module\_aws-aurora-mysql) | ../../modules/onboard-aws-rds-aurora-mysql | n/a | | ||
| <a name="module_aws-default-account-asset"></a> [aws-default-account-asset](#module\_aws-default-account-asset) | imperva/agentless-onboarding/dsfhub//modules/dsfhub-aws-cloud-account | n/a | | ||
|
||
## Resources | ||
|
||
No resources. | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_dsfhub_host"></a> [dsfhub\_host](#input\_dsfhub\_host) | n/a | `any` | n/a | yes | | ||
| <a name="input_dsfhub_token"></a> [dsfhub\_token](#input\_dsfhub\_token) | n/a | `any` | n/a | yes | | ||
|
||
## Outputs | ||
|
||
No outputs. | ||
<!-- END_TF_DOCS --> |
Oops, something went wrong.