Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS Inspector2 Enable Service Feature #22330

Closed
rhelwatkar opened this issue Dec 23, 2021 · 9 comments · Fixed by #27505
Closed

AWS Inspector2 Enable Service Feature #22330

rhelwatkar opened this issue Dec 23, 2021 · 9 comments · Fixed by #27505
Assignees
Labels
enhancement Requests to existing resources that expand the functionality or scope. new-resource Introduces a new resource. service/inspector Issues and PRs that pertain to the inspector service.
Milestone

Comments

@rhelwatkar
Copy link

rhelwatkar commented Dec 23, 2021

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Editor's Note

The AWS link provided by op in references is for "Inspector V2" or "Inspector2". I've changed the issue title to clarify that we're talking about 2 since none of this make sense in context of v1.

Description

AWS has recently launched new aws Inspector, we can enable the service via CLI.

This feature is missing and can be added to enable Inspector Service.

New or Affected Resource(s)

  • aws_inspector_enable

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

resource "aws_inspector_enable" "enable_service" {
    account_id = []
    client_token = ""
    resource_types = []
}

References

AWS Documentation page - https://awscli.amazonaws.com/v2/documentation/api/latest/reference/inspector2/enable.html

@rhelwatkar rhelwatkar added the enhancement Requests to existing resources that expand the functionality or scope. label Dec 23, 2021
@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. service/inspector Issues and PRs that pertain to the inspector service. labels Dec 23, 2021
@autarchprinceps
Copy link

It's a little more complicated. Yes, you can just enable it, but you'd typically either set it on root account, or set a delegate on the root account, and then in that root/security account you associate other accounts.
Not that simple enable in the current account shouldn't also work, but it would be great to see the actual main use case thought about too.

@justinretzolk justinretzolk added new-resource Introduces a new resource. and removed needs-triage Waiting for first response or review from a maintainer. labels Jan 13, 2022
@bismark
Copy link

bismark commented Feb 4, 2022

Would also be nice to have support for managing suppression rules.

@james-green-affinity
Copy link

This feature definitely should support the ability be able to delegate within the Terraform to an Audit account.

@snemetz
Copy link

snemetz commented Feb 23, 2022

This should be changed to supporting inspector2.
Doing only 1 api of the newer inspector2 service will not be useful
I need all of these to just get started

aws inspector2 enable [--account-ids X] --resource-types "ECR"
aws inspector2 enable-delegated-admin-account --delegated-admin-account-id ID
aws inspector2 update-organization-configuration --auto-enable ec2=false,ecr=true

@AzySir AzySir mentioned this issue Apr 30, 2022
@breathingdust
Copy link
Member

Hi all 👋 Just letting you know that this is issue is featured on this quarters roadmap. If a PR exists to close the issue a maintainer will review and either make changes directly, or work with the original author to get the contribution merged. If you have written a PR to resolve the issue please ensure the "Allow edits from maintainers" box is checked. Thanks for your patience and we are looking forward to getting this merged soon!

@YakDriver YakDriver changed the title AWS Inspector Enable Service Feature AWS Inspector2 Enable Service Feature Jul 20, 2022
@YakDriver
Copy link
Member

YakDriver commented Jul 20, 2022

aws_inspector2_organization_configuration #27000

aws_inspector2_delegated_admin_account #27229

aws_inspector2_enabler

  • Disable
    • [in] account_ids
    • [in] resource_types ('EC2', 'ECR')
    • [out] accounts (account_id, resource_status, status)
    • [out] failed_accounts (account_id, error_code, error_message, resource_status, status)
    • [out] metadata
  • Enable
    • [in] account_ids
    • [in] resource_types ('EC2', 'ECR')
    • [out] accounts (account_id, resource_status, status)
    • [out] failed_accounts (account_id, error_code, error_message, resource_status, status)
    • [out] metadata

@YakDriver YakDriver assigned YakDriver and unassigned YakDriver Jul 20, 2022
@ajardan
Copy link

ajardan commented Aug 2, 2022

Are there any news when this is going to be released ? Is there anything that we can help to speed things up ?

@github-actions
Copy link

This functionality has been released in v4.37.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 27, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement Requests to existing resources that expand the functionality or scope. new-resource Introduces a new resource. service/inspector Issues and PRs that pertain to the inspector service.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

9 participants