v0.3.0: DEPRECATION

Release Notes

Another day, another deprecation. These are the last release notes.

v0.2.1

Release Notes

Another day, another release. These are the release notes for the version v0.2.1.

Features

• feat(azure): configure flexible subscription ids (#74) (Salim Afiune)(4b3e99b)

v0.2.0

Release Notes

Another day, another release. These are the release notes for the version v0.2.0.

Breaking Changes

Users now MUST provide ARN for IAM Role and/or S3 bucket

If you are using one of the use_existing_iam_role or use_existing_cloudtrail variables,
you will have to update your Terraform plans to pass not only the name but the ARN as well.

Existing IAM Role

Before:

provider "lacework" { }

provider "aws" { }

module "aws_cloudtrail" {
	source = "git::https://github.com/lacework/terraform-provisioning.git//aws/modules/cloudtrail?ref=master"

	# Use an existing IAM role
	use_existing_iam_role = true
	iam_role_name         = "lw-existing-role"
	iam_role_external_id  = "1GrDkEZV5VJ@=nLm"
}

Now:

provider "lacework" { }

provider "aws" { }

module "aws_cloudtrail" {
	source = "git::https://github.com/lacework/terraform-provisioning.git//aws/modules/cloudtrail?ref=master"

	# Use an existing IAM role
	use_existing_iam_role = true
	iam_role_arn          = "arn:aws:iam::123456789012:role/lw-existing-role"  // <-- NEW! Must be provided
	iam_role_name         = "lw-existing-role"
	iam_role_external_id  = "1GrDkEZV5VJ@=nLm"
}

Existing CloudTrail

Before:

provider "lacework" { }

provider "aws" { }

module "aws_cloudtrail" {
	source = "git::https://github.com/lacework/terraform-provisioning.git//aws/modules/cloudtrail?ref=master"

	# Use an existing CloudTrail
	use_existing_cloudtrail    = true
	bucket_name                = "lacework-ct-bucket-8805c0bf"
	sns_topic_name             = "lacework-ct-sns-8805c0bf"
}

Now:

provider "lacework" { }

provider "aws" { }

module "aws_cloudtrail" {
	source = "git::https://github.com/lacework/terraform-provisioning.git//aws/modules/cloudtrail?ref=master"

	# Use an existing CloudTrail
	use_existing_cloudtrail    = true
	bucket_arn                 = "arn:aws:s3:::lacework-ct-bucket-8805c0bf"  // <-- NEW! Must be provided
	bucket_name                = "lacework-ct-bucket-8805c0bf"
	sns_topic_name             = "lacework-ct-sns-8805c0bf"
}

Refactor

• refactor(aws): avoid using s3_bucket data source (Salim Afiune Maya)(ced2190)
• refactor(aws): avoid using iam_role data source (Salim Afiune Maya)(c2a7a7f)

Bug Fixes

• fix(azure): typo inside output.tf (#72) (Salim Afiune)(65b4f84)
• fix(azure): use object id instead of principal id (#71) (Salim Afiune)(78d7dd1)
• fix(gcp): for project level integrations (#69) (Salim Afiune)(af9c35e)

Documentation Updates

• doc(aws): update aws/README.md (Salim Afiune Maya)(d15660f)

Other Changes

• ci: update tests from modified examples/ (Salim Afiune Maya)(31e012d)

v0.1.1

Release Notes

Another day, another release. These are the release notes for the version v0.1.1.

We are introducing three new modules for Azure Cloud:

• ad_application Creates an Azure Active Directory application
• activity_log Creates a Lacework Activity Log integration
• config Creates a Lacework Compliance integration

Here is an example of how to use these modules to create both, a Lacework Compliance
integration and Lacework Activity Log integration:

provider "azuread" {}

provider "azurerm" {
  features {}
}

provider "lacework" {}

module "az_config" {
  source = "git::https://github.com/lacework/terraform-provisioning.git//azure/modules/config?ref=tags/v0.1.1"
}

module "az_activity_log" {
  source = "git::https://github.com/lacework/terraform-provisioning.git//azure/modules/activity_log?ref=tags/v0.1.1"

  use_existing_ad_application = true
  application_id              = module.az_config.application_id
  application_password        = module.az_config.application_password
  service_principal_id        = module.az_config.service_principal_id
}

Refactor

• refactor: modules azure config, activity_log and ad_application (#67) (Salim Afiune)(133de8a)

Bug Fixes

• fix(gcp): use correct Service Account Email (#65) (Salim Afiune)(d4777a1)

v0.1.0

Release Notes

We are starting to release our terraform modules! 🎉 🌟 Yas!!

This repository contains Terraform code for provisioning resources required to integrate
public cloud environments (AWS, GCP, Azure) into Lacework's automated security platform.

As of this release (v0.1.0) we have the following modules available:

AWS Config

provider "aws" {}

provider "lacework" {}

module "aws_config" {
  source = "git::https://github.com/lacework/terraform-provisioning.git//aws/modules/config?ref=master"
}

Module documentation https://github.com/lacework/terraform-provisioning/tree/master/aws

AWS CloudTrail

provider "aws" {}

provider "lacework" {}

module "aws_cloudtrail" {
  source                = "git::https://github.com/lacework/terraform-provisioning.git//aws/modules/cloudtrail?ref=master"
  bucket_force_destroy  = true
}

Module documentation https://github.com/lacework/terraform-provisioning/tree/master/aws

GCP Config

provider "google" {}

provider "lacework" {}

module "gcp_organization_config" {
	source          = "git::https://github.com/lacework/terraform-provisioning.git//gcp/modules/config?ref=master"
	org_integration = true
	organization_id = "my-organization-id"
}

Module documentation https://github.com/lacework/terraform-provisioning/tree/master/gcp

GCP Audit Log

provider "google" {}

provider "lacework" {}

module "gcp_project_audit_log" {
	source               = "git::https://github.com/lacework/terraform-provisioning.git//gcp/modules/audit_log?ref=master"
	bucket_force_destroy = true
}

Module documentation https://github.com/lacework/terraform-provisioning/tree/master/gcp

Features

• feat: start versioning repo v0.1.0 (Salim Afiune Maya)(98dab7f)
• feat(aws): parameterize time_sleep duration with input wait_time (#62) (David Huang)(e7892c0)
• feat(aws): add CloudTrail bucket security (Alan Nix)(4a8904f)
• feat(aws): added CloudTrail bucket server-side encryption (Alan Nix)(cbb76b4)
• feat(aws): consolidated cloudtrail + multitenancy (#45) (Salim Afiune)(c099209)
• feat: AWS Terraform Modules (#31) (Salim Afiune)(e307836)
• feat(gcp): enable required APIs at project level (#27) (Andrew Wojszynski)(38009e5)
• feat(aws): add cross_account_policy_name variable (Salim Afiune Maya)(7e5b158)
• feat(aws) Add CloudTrail Lacework Provider (Scott Ford)(456ae4a)
• feat(azure): use new lacework provider (Salim Afiune Maya)(b71fa39)
• feat(gcp): use new lacework provider (Salim Afiune Maya)(47455a9)
• feat(aws): use new lacework provider (Salim Afiune Maya)(ecf0774)
• feat(AWS): Initial commit of aws template (Scott Ford)(cfb147d)

Refactor

• refactor(GCP): convert templates into TF Modules (#50) (Salim Afiune)(b938e9a)

Bug Fixes

• fix(gcp): activate required apis correctly (#52) (Salim Afiune)(38b57ac)
• fix(gcp): update depends_on 10s time sleep (Salim Afiune Maya)(c4307e5)
• fix(gcp): improve stability (#51) (Salim Afiune)(a860120)
• fix(gcp): use correct resource_id for ORG or PROJ (#44) (Salim Afiune)(0c1dd84)
• fix(gcp): pass resource_level to LW integrations (#40) (Salim Afiune)(7665c2c)
• fix(aws): use SQS URL instead of ARN (Salim Afiune Maya)(2f84816)
• fix: add dependencies to avoid tocken lockdown (Salim Afiune Maya)(084807e)
• fix(gcp): user project id inside output file (Salim Afiune Maya)(e6414b0)
• fix(aws): configure an External ID in IAM Role (Salim Afiune Maya)(572dc97)
• fix(var): display iam_role ARN instead of ID (Salim Afiune Maya)(354f0fb)
• fix(review): remove tags variables + doc update (Salim Afiune Maya)(0765e1e)

Documentation Updates

• doc(azure): adds README.md (#36) (Salim Afiune)(00943d2)
• docs(aws): Fixed typos and corrected main.tf example (#60) (Michael OConnor)(8784562)
• docs(aws): added documentation for new 'bucket_sse_algorithm' variable (Alan Nix)(44bc6ff)
• docs(aws): update README.md examples (#38) (Salim Afiune)(293c16e)
• docs(README) Update AWS README for module refactor (#35) (Scott Ford)(8c086d0)
• docs(gcp) Update README docs for Org and Project integration (#30) (Scott Ford)(15c3faa)
• docs(gcp): fix TF_VAR prefix in README.md (#28) (Salim Afiune)(44aad17)
• docs: add api keys env vars to README (#25) (Andrew Wojszynski)(dbac1ed)
• docs: add step-by-step README.md for GCP (Scott Ford)(0092ca1)
• docs(README): typos, links and format (Salim Afiune Maya)(542ffe7)
• docs(README and LICENSE) Updates the main README and adds an apache2 LICENSE (Scott Ford)(b418897)

Other Changes

• style: update aws and gcp templates (Salim Afiune Maya)(3222ed6)
• chore: fix all terraform fmt format (Salim Afiune Maya)(c375733)
• chore: update Lacework's support website (#58) (Salim Afiune)(1ca6b58)
• chore(aws): expose cloudtrail SQS ARN (#48) (Salim Afiune)(f21d311)
• chore(aws): update typo in cloudtrail example (#46) (Salim Afiune)(ea52b87)
• chore(aws) rename enable_cloudtrail => use_existing_cloudtrail (#34) (Scott Ford)(1ab3036)
• ci: add badge and validate command (Salim Afiune Maya)(8f95e6c)
• ci: add more integration test cases (Salim Afiune Maya)(4a72a50)
• ci: add fmt and integration tests (Salim Afiune Maya)(379891c)
• ci: enable circleci pipelines (Salim Afiune Maya)(e66ebd1)