Skip to content

Latest commit

 

History

History
65 lines (54 loc) · 5.91 KB

README.md

File metadata and controls

65 lines (54 loc) · 5.91 KB

Requirements

Name Version
terraform ~> 1.5
archive ~> 2.4.0
google ~> 4.78.0
google-beta ~> 4.78.0
local ~> 2.4.0
random ~> 3.5.0

Providers

Name Version
archive ~> 2.4.0
google ~> 4.78.0
google-beta ~> 4.78.0
random ~> 3.5.0

Modules

No modules.

Resources

Name Type
google-beta_google_project_service_identity.pubsub resource
google_cloudfunctions2_function.gke_2_scc_func resource
google_eventarc_trigger.gke-cp-events resource
google_logging_organization_sink.gke_events resource
google_organization_iam_member.gke_2_scc_func resource
google_project_iam_member.event_arc_sub_sa resource
google_project_iam_member.gke_2_scc_func resource
google_project_iam_member.logging_sa resource
google_project_iam_member.pubsub_sa resource
google_pubsub_topic.log_streaming resource
google_scc_source.gke resource
google_service_account.event_arc_sub_sa resource
google_service_account.gke_2_scc_func resource
google_storage_bucket.gcf_artifacts resource
google_storage_bucket_object.gke_2_scc_func resource
random_id.id resource
archive_file.gke_2_scc_func data source
google_client_config.current data source
google_client_openid_userinfo.self data source
google_project.this data source

Inputs

Name Description Type Default Required
findings_config list(FindingConfig) where FindingConfig == {"method"="$METHOD_NAME", "category"="$CATEGORY_NAME", "severity"="$SEVERITY_NAME"}. Must include at least one finding config for the DEFAULT category to provide if the method is not found 
list(object({
    method   = string
    category = string
    severity = optional(string, "")
  }))
 
[
  {
    "category": "NO_CATEGORY_SPECIFIED",
    "method": "DEFAULT"
  }
]
 no
integration_config Resource allocation configuration for the GCF 
object({
    available_memory                 = optional(string, "128Mi")
    available_cpu                    = optional(string, "1")
    timeout_seconds                  = optional(number, 10)
    max_instance_count               = optional(number, 1)
    max_instance_request_concurrency = optional(number, 100)
  })
 n/a yes
log_streaming_filter The Cloud Logging inclusion filter for Audit Logs that should be streamed into SCC as findings string n/a yes
organization_id The ID of your Google Cloud Organization string n/a yes
source_name Override the name of the SCC Source that will be created string "gke2scc" no

Outputs

Name Description
logging_org_sink The Org sink for log streaming
pubsub_topic The Pub/Sub topic for log streaming