This module deploys the required infrastructure for an RMS managed Alert Logic deployment. This includes
Alert Logic Threat Manager appliances in each AZ of the VPC, and required IAM roles to allow for Alert
Logic scanning inventory scanning and log ingestion.
NOTE: You must supply a provider configured to use the us-west-2 region into this module in order
to create several of the resources. The dependancies for these resources only exist in us-west-2.
module "rms_main" {
source = "[email protected]:rackspace-infrastructure-automation/aws-terraform-rms//?ref=v0.12.2"
alert_logic_customer_id = "123456789"
name = "Test-RMS"
subnets = module.vpc.private_subnets
providers = {
aws.rms_oregon = aws.oregon
}
}Full working references are available at examples
There should be no changes required to move from previous versions of this module to version 0.12.0 or higher.
Using aws-terraform-cloudwatch_alarm to create the following CloudWatch Alarms:
- status_check_failed_system_alarm_ticket
- status_check_failed_instance_alarm_ticket
- status_check_failed_instance_alarm_reboot
- status_check_failed_system_alarm_recover
| Name | Version |
|---|---|
| terraform | >= 0.12 |
| aws | >= 2.7.0 |
| Name | Version |
|---|---|
| aws | >= 2.7.0 |
| aws.rms_oregon | >= 2.7.0 |
| local | n/a |
| null | n/a |
| Name | Source | Version |
|---|---|---|
| cross_account_role | ./iam_role | |
| instance_role | ./iam_role | |
| logging_role | ./iam_role | |
| status_check_failed_instance_alarm_ticket | [email protected]:rackspace-infrastructure-automation/aws-terraform-cloudwatch_alarm//?ref=v0.12.6 | |
| status_check_failed_system_alarm_ticket | [email protected]:rackspace-infrastructure-automation/aws-terraform-cloudwatch_alarm//?ref=v0.12.6 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alert_logic_customer_id | The Alert Logic Customer ID, provided by RMS. A numeric string between 3 and 12 characters in length. Omit if this is not the first RMS deployment under this account. | string |
"" |
no |
| alert_logic_data_center | Alert Logic Data Center where logs will be shipped. | string |
"US" |
no |
| az_count | Number of Availability Zones. For environments where only Log ingestion is required, please select 0 | number |
2 |
no |
| build_state | Allowed values 'Deploy' or 'Test'. Select 'Deploy' unless the stack is being built for testing in an account without access to the Alert Logic AMIs. | string |
"Deploy" |
no |
| cloudtrail_bucket | The desired cloudtrail log bucket to monitor. In most cases, the correct bucket will be determined via the canonical user id display name, but if a nonstand value is used, or a custom bucket name is needed, the full bucket name can be provided here. | string |
"" |
no |
| environment | Application environment for which this infrastructure is being created. e.g. Development/Production. | string |
"Production" |
no |
| instance_type | The instance type to use for the Alert Logic appliances. Defaults to c5.large | string |
"c5.large" |
no |
| key_pair | Name of an existing EC2 KeyPair to enable SSH access to the instances. | string |
"" |
no |
| name | The name prefix to use for the resources created in this module. | string |
n/a | yes |
| notification_topic | List of SNS Topic ARNs to use for customer notifications from CloudWatch alarms. (OPTIONAL) | list(string) |
[] |
no |
| rackspace_managed | Boolean parameter controlling if instance will be fully managed by Rackspace support teams, created CloudWatch alarms that generate tickets, and utilize Rackspace managed SSM documents. | bool |
true |
no |
| subnets | Private Subnet IDs for deployment. This is for the ALTM appliances. | list(string) |
n/a | yes |
| tags | Custom tags to apply to all resources. | map(string) |
{} |
no |
| volume_size | Select EBS Volume Size in GB. | number |
50 |
no |
| Name | Description |
|---|---|
| agent_sg | The security group id to assign to client instances |
| appliance_ip | The private IP addresses of the Alert Logic appliances. |
| appliance_sg | The security group id applied to the Alert Logic appliances. |
| cross_account_role_arn | Logging IAM Role ARN |
| deployment_details | All details required to proceed with Alert Logic setup |
| logging_role_arn | Logging IAM Role ARN |
| managed_instance_policy_arn | RMS Managed instance policy ARN |
| sqs_queue_name | Name of the Alert Logic SQS queue |