From 6fda53ef19b968d7e9c010aaf13a0bb5df7589d5 Mon Sep 17 00:00:00 2001 From: Alex Pickering Date: Fri, 1 Nov 2024 11:38:50 -0700 Subject: [PATCH 1/4] add crowdstrike install step Signed-off-by: Alex Pickering --- .github/workflows/deploy-changed-cf.yaml | 43 ++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/.github/workflows/deploy-changed-cf.yaml b/.github/workflows/deploy-changed-cf.yaml index 236c7e48e0..9c74b03e10 100644 --- a/.github/workflows/deploy-changed-cf.yaml +++ b/.github/workflows/deploy-changed-cf.yaml @@ -422,6 +422,49 @@ jobs: env: REGION: ${{ secrets.AWS_REGION }} + - id: install-crowdstrike-on-rds + name: Install CrowdStrike Sensor for default RDS instances + run: |- + + if [[ -n "${{ secrets.FALCON_CID }}" ]]; + then + + INSTANCE_ID=$(aws ec2 describe-instances \ + --filters "Name=tag:Name,Values=rds-${CLUSTER_ENV}-ssm-agent" \ + --output text \ + --query 'Reservations[*].Instances[*].InstanceId') + if [ -z $INSTANCE_ID ]; then + echo "Can not connect to RDS agent: No instances found for $CLUSTER_ENV" + exit 1 + fi + + CLUSTER_NAME=aurora-cluster-${CLUSTER_ENV}-default + + RDSHOST=$(aws rds describe-db-cluster-endpoints \ + --region $REGION \ + --db-cluster-identifier $CLUSTER_NAME \ + --filter Name=db-cluster-endpoint-type,Values='writer' \ + --query 'DBClusterEndpoints[0].Endpoint' \ + --output text) + if [ -z $RDSHOST ]; then + echo "Failed getting RDS host with name $CLUSTER_NAME" + exit 1 + fi + + INSTALL_SCRIPT_URL="https://raw.githubusercontent.com/crowdstrike/falcon-scripts/v1.6.0/bash/install/falcon-linux-install.sh" + INSTALL_FALCON_COMMAND=" + export FALCON_CLIENT_ID=${{ secrets.FALCON_CLIENT_ID }} && \ + export FALCON_CLIENT_SECRET=${{ secrets.FALCON_CLIENT_SECRET }} && \ + curl -O ${INSTALL_SCRIPT_URL} && \ + bash falcon-linux-install.sh + " + + aws ssm send-command --instance-ids "$INSTANCE_ID" \ + --document-name AWS-RunShellScript \ + --parameters "commands='$INSTALL_FALCON_COMMAND' + env: + REGION: ${{ secrets.AWS_REGION }} + report-if-failed: name: Report if workflow failed runs-on: ubuntu-20.04 From 62320c52a6d11dd557d5e2e835a2e8e2801c1475 Mon Sep 17 00:00:00 2001 From: Alex Pickering Date: Fri, 1 Nov 2024 11:43:40 -0700 Subject: [PATCH 2/4] trigger diff in rds cf Signed-off-by: Alex Pickering --- cf/rds.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cf/rds.yaml b/cf/rds.yaml index be9c7ffe4a..d806ce0321 100644 --- a/cf/rds.yaml +++ b/cf/rds.yaml @@ -158,3 +158,4 @@ Resources: AutoMinorVersionUpgrade: true PubliclyAccessible: false + From bb80a16958b04086de4f1abff60bb1dbdc3290c3 Mon Sep 17 00:00:00 2001 From: Alex Pickering Date: Fri, 1 Nov 2024 12:04:02 -0700 Subject: [PATCH 3/4] close quote Signed-off-by: Alex Pickering --- .github/workflows/deploy-changed-cf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy-changed-cf.yaml b/.github/workflows/deploy-changed-cf.yaml index 9c74b03e10..7c1d34082c 100644 --- a/.github/workflows/deploy-changed-cf.yaml +++ b/.github/workflows/deploy-changed-cf.yaml @@ -461,7 +461,7 @@ jobs: aws ssm send-command --instance-ids "$INSTANCE_ID" \ --document-name AWS-RunShellScript \ - --parameters "commands='$INSTALL_FALCON_COMMAND' + --parameters "commands='$INSTALL_FALCON_COMMAND'" env: REGION: ${{ secrets.AWS_REGION }} From 8cc5485a1563dab9232d5193d1672c5c1f2c9c31 Mon Sep 17 00:00:00 2001 From: Alex Pickering Date: Fri, 1 Nov 2024 12:11:52 -0700 Subject: [PATCH 4/4] fix end of file Signed-off-by: Alex Pickering --- .github/workflows/deploy-changed-cf.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/deploy-changed-cf.yaml b/.github/workflows/deploy-changed-cf.yaml index 7c1d34082c..3ef64eda6a 100644 --- a/.github/workflows/deploy-changed-cf.yaml +++ b/.github/workflows/deploy-changed-cf.yaml @@ -462,6 +462,11 @@ jobs: aws ssm send-command --instance-ids "$INSTANCE_ID" \ --document-name AWS-RunShellScript \ --parameters "commands='$INSTALL_FALCON_COMMAND'" + + else + echo "CrowdStrike CID missing, skipping falcon sensor setup" + fi + env: REGION: ${{ secrets.AWS_REGION }}