Inicio Explorar Axuda
Iniciar sesión
bat9go
/
Ycsecurity
réplica de https://github.com/yandex-cloud/yc-solution-library-for-security
Seguir 1
Destacar 0
Fork 0
Ficheiros Incidencias 0 Wiki
Árbore: b4fd5ef18a
Ramas Etiquetas
Ycsecurity
/
auditlogs
/
export-auditlogs-to-ELK_k8s
/
modules
Mirtov Alexey a9d9d6ad4a Update 03-infra.tf %!s(int64=2) %!d(string=hai) anos
..
chart a5de537490 update all descriptions (except docker image and schema) %!s(int64=2) %!d(string=hai) anos
function a5de537490 update all descriptions (except docker image and schema) %!s(int64=2) %!d(string=hai) anos
pusher a5de537490 update all descriptions (except docker image and schema) %!s(int64=2) %!d(string=hai) anos
templates a5de537490 update all descriptions (except docker image and schema) %!s(int64=2) %!d(string=hai) anos
00-sa-and-bucket.tf a5de537490 update all descriptions (except docker image and schema) %!s(int64=2) %!d(string=hai) anos
01-function-and-mq.tf a5de537490 update all descriptions (except docker image and schema) %!s(int64=2) %!d(string=hai) anos
02-worker.tf a5de537490 update all descriptions (except docker image and schema) %!s(int64=2) %!d(string=hai) anos
03-infra.tf a9d9d6ad4a Update 03-infra.tf %!s(int64=2) %!d(string=hai) anos
04-audit-export.tf a5de537490 update all descriptions (except docker image and schema) %!s(int64=2) %!d(string=hai) anos
05-falco.tf a5de537490 update all descriptions (except docker image and schema) %!s(int64=2) %!d(string=hai) anos
06-kyverno.tf a5de537490 update all descriptions (except docker image and schema) %!s(int64=2) %!d(string=hai) anos
Readme.md a5de537490 update all descriptions (except docker image and schema) %!s(int64=2) %!d(string=hai) anos
outputs.tf a5de537490 update all descriptions (except docker image and schema) %!s(int64=2) %!d(string=hai) anos
variables.tf a5de537490 update all descriptions (except docker image and schema) %!s(int64=2) %!d(string=hai) anos
versions.tf a5de537490 update all descriptions (except docker image and schema) %!s(int64=2) %!d(string=hai) anos

Readme.md

Requirements

Name Version
terraform >= 0.14
kustomization >= 0.5.0
yandex >= 0.72.0

Providers

Name Version
archive n/a
helm n/a
null n/a
random n/a
time n/a
yandex >= 0.72.0

Modules

No modules.

Resources

Name Type
helm_release.auditlog_worker resource
helm_release.falco resource
helm_release.falco_worker resource
helm_release.falcosidekick resource
helm_release.kyverno resource
helm_release.kyverno-policies resource
helm_release.kyverno_worker resource
helm_release.policy_reporter resource
null_resource.previous resource
random_string.project_suffix resource
time_sleep.wait_timer resource
yandex_function.k8s_log_exporter resource
yandex_function.s3_ymq_for_auditlog resource
yandex_function.s3_ymq_for_falco resource
yandex_function.s3_ymq_for_kyverno resource
yandex_function_trigger.logs-trigger resource
yandex_function_trigger.s3_ymq_auditlog_trigger resource
yandex_function_trigger.s3_ymq_falco_trigger resource
yandex_function_trigger.s3_ymq_kyverno_trigger resource
yandex_iam_service_account.sa-writer resource
yandex_iam_service_account_key.sa-auth-key resource
yandex_iam_service_account_static_access_key.sa-writer-keys resource
yandex_iam_service_account_static_access_key.sa_static_key resource
yandex_kms_secret_ciphertext.encrypted_pass resource
yandex_kms_secret_ciphertext.encrypted_s3_key resource
yandex_kms_secret_ciphertext.encrypted_s3_secret resource
yandex_kms_symmetric_key.kms-key resource
yandex_message_queue.log_queue_for_auditlog resource
yandex_message_queue.log_queue_for_falco resource
yandex_message_queue.log_queue_for_kyverno resource
yandex_resourcemanager_folder_iam_binding.binding resource
yandex_resourcemanager_folder_iam_binding.create_funct resource
yandex_resourcemanager_folder_iam_member.send_queue resource
yandex_resourcemanager_folder_iam_member.upload_logs resource
yandex_storage_bucket.es-bucket resource
archive_file.function_export data source
archive_file.function_pusher data source
yandex_iam_service_account.bucket_sa data source
yandex_kubernetes_cluster.my_cluster data source
yandex_resourcemanager_folder.my_folder data source

Inputs

Name Description Type Default Required
auditlog_enabled AUDIT LOG bool n/a yes
auditlog_worker_chart_name The name of the auditlog worker helm release string n/a yes
auditlog_worker_namespace The namespace in which the worker chart will be deployed. string n/a yes
auditlog_worker_replicas_count Count of replicas for audit worker. number n/a yes
auditlogs_prefix n/a string n/a yes
cloud_id The Yandex.Cloud cloud id. string n/a yes
cluster_name The Yandex.Cloud K8s cluster name. string n/a yes
create_namespace Create the namespace if it does not yet exists. bool n/a yes
elastic_pw Elastic Server string n/a yes
elastic_server n/a string n/a yes
elastic_user n/a string n/a yes
fakeeventgenerator_enabled n/a bool n/a yes
falco_enabled FALCO bool n/a yes
falco_helm_namespace The namespace in which the helm will be deployed. string n/a yes
falco_prefix n/a string n/a yes
falco_version FALCO Helm string n/a yes
falco_worker_chart_name The name of the falco worker helm release string n/a yes
falco_worker_namespace The namespace in which the worker chart will be deployed. string n/a yes
falco_worker_replicas_count Count of replicas for falco worker. number n/a yes
falcosidekick_version n/a string n/a yes
folder_id The Yandex.Cloud folder id. string n/a yes
kyverno_enabled KYVERNO bool n/a yes
kyverno_helm_namespace The namespace in which the helm will be deployed. string n/a yes
kyverno_policies_version n/a string n/a yes
kyverno_prefix n/a string n/a yes
kyverno_version KYVERNO Helm string n/a yes
kyverno_worker_chart_name The name of the kyverno worker helm release string n/a yes
kyverno_worker_namespace The namespace in which the worker chart will be deployed. string n/a yes
kyverno_worker_replicas_count Count of replicas for kyverno worker. number n/a yes
log_bucket_name S3 Bucket Variables string n/a yes
podSecurityStandard n/a string "restricted" no
policy_reporter_version n/a string n/a yes
s3_expiration Enable or disable delete indicies backup from bucket after days map(string) 
{
  "days": 10,
  "enabled": true
}
 no
service_account_id functions.invoker, storage.editor, ymq.editor string n/a yes
set Additional values set map(any) {} no
set_sensitive Additional sensitive values set map(any) {} no
timer_for_mq Timer for add permission for create mq string "10s" no
validationFailureAction n/a string "audit" no
value Values for the chart. string "" no
worker_docker_image Worker Settings string n/a yes

Outputs

Name Description
folder_id n/a
log_bucket_name n/a
service_account_id n/a