Update AWS cloud scanner docs

deepfence · Nov 7, 2024 · a974049 · a974049
1 parent 1e65616
commit a974049
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 5 deletions.
diff --git a/deepfence_agent/plugins/deepfence_shipper/go.sum b/deepfence_agent/plugins/deepfence_shipper/go.sum
@@ -16,6 +16,8 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnN
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
+github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
+github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
 github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
 github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
@@ -33,10 +35,9 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
 github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M=
-github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
+github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
 github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
 github.com/hibiken/asynq v0.24.1 h1:+5iIEAyA9K/lcSPvx3qoPtsKJeKI5u9aOIvUmSsazEw=
 github.com/hibiken/asynq v0.24.1/go.mod h1:u5qVeSbrnfT+vtG5Mq8ZPzQu/BmCKMHvTGb91uy9Tts=
@@ -66,8 +67,8 @@ github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/nxadm/tail v1.4.11 h1:8feyoE3OzPrcshW5/MJ4sGESc5cqmGkGCWlco4l0bqY=
 github.com/nxadm/tail v1.4.11/go.mod h1:OTaG3NK980DZzxbRq6lEuzgU+mug70nY11sMd4JXXHc=

diff --git a/docs/docs/cloudscanner/aws.md b/docs/docs/cloudscanner/aws.md
@@ -118,6 +118,7 @@ module "deepfence-cloud-scanner_example_single-account" {
   # Optional: To refresh the cloud resources every hour, provide CloudTrail Trail ARNs (Management events with write-only or read-write).
   # If empty, a trail with management events will be automatically chosen if available.
   # e.g.: ["arn:aws:cloudtrail:us-east-1:123456789012:trail/aws-events"]
+  enable_cloudtrail_trails      = true
   cloudtrail_trails             = []
 }
 ```
@@ -192,6 +193,11 @@ For full details, refer to the GitHub repository: https://github.com/deepfence/t
       # Optional: AWS account ID where the helm chart is deployed, in case it is different from cloudAccount.accountID
       deployedAccountID: ""
 
+    # Optional: To refresh the cloud resources every hour, provide CloudTrail Trail ARNs (Management events with write-only or read-write).
+    # If empty, a trail with management events will be automatically chosen if available.
+    cloudAuditLogsEnabled: false
+    cloudAuditLogIDs: ""
+
     serviceAccount:
       # Specifies whether a service account should be created
       create: true
@@ -268,6 +274,11 @@ For full details, refer to the GitHub repository: https://github.com/deepfence/t
       # Role name in this case is deepfence-cloud-scanner-role
       roleName: ""
 
+    # Optional: To refresh the cloud resources every hour, provide CloudTrail Trail ARNs (Management events with write-only or read-write).
+    # If empty, a trail with management events will be automatically chosen if available.
+    cloudAuditLogsEnabled: false
+    cloudAuditLogIDs: ""
+
     serviceAccount:
       # Specifies whether a service account should be created
       create: true
@@ -324,6 +335,7 @@ For full details, refer to the GitHub repository: https://github.com/deepfence/t
       ORGANIZATION_DEPLOYMENT: false
       CLOUD_ORGANIZATION_ID: ""
       ROLE_NAME: ""
+      CLOUD_AUDIT_LOGS_ENABLED: "false"
       CLOUD_AUDIT_LOG_IDS: ""
       HTTP_SERVER_REQUIRED: "false"
       SUCCESS_SIGNAL_URL: ""
@@ -363,6 +375,7 @@ For full details, refer to the GitHub repository: https://github.com/deepfence/t
       ORGANIZATION_DEPLOYMENT: true
       CLOUD_ORGANIZATION_ID: "<ROOT_ACCOUNT_ID>"
       ROLE_NAME: "<ROLE_NAME>"
+      CLOUD_AUDIT_LOGS_ENABLED: "false"
       CLOUD_AUDIT_LOG_IDS: ""
       HTTP_SERVER_REQUIRED: "false"
       SUCCESS_SIGNAL_URL: ""