cfn-deep-security-provider

A CloudFormation custom resource provider for managing TrendMicro DeepSecurity resources. With this Custom CloudFormation Provider you can deploy EC2 instances and DeepSecurity policies and rules from a single CloudFormation template.

The provider supports all the DeepSecurity resources of the DeepSecurity API and provides support creating the AWS Cloud Account using the legacy API.

Generic Custom::DeepSecurity resources like policies, rules, etc.
Custom::DeepSecurityAWSCloudAccount for automatic AWS account synchronization
Custom::DeepSecurityLookup to lookup ID's of existing resources like policies, rules, etc

Deploy the provider

To deploy the provider, type:

aws cloudformation create-stack \
        --capabilities CAPABILITY_IAM \
        --stack-name cfn-deep-security-provider \
        --template-body file://./cloudformation/cfn-resource-provider.yaml

aws cloudformation wait stack-create-complete  --stack-name cfn-deep-security-provider

This CloudFormation template will use our pre-packaged provider from 463637877380.dkr.ecr.eu-central-1.amazonaws.com/xebia/cfn-deep-security-provider:1.0.1.

Configuring access

In order to be able to manage the DeepSecurity resources, you need to obtain create an API key and store it in the parameter store under the name /cfn-deep-security-provider/api-key.

aws ssm put-parameter --name /cfn-deep-security-provider/api-key --type SecureString --value="$API_KEY"

In order to create the AWS Cloud Account you need to [add an user] (https://help.deepsecurity.trendmicro.com/user-management.html?cshid=administration_users#Create_new_users_) to access the legacy API. and store the username, password and tenant name in the parameter store.

aws ssm put-parameter --name /cfn-deep-security-provider/user --type SecureString --value="$USERNAME"
aws ssm put-parameter --name /cfn-deep-security-provider/password --type SecureString --value="$PASSWORD"
aws ssm put-parameter --name /cfn-deep-security-provider/tenant --type SecureString --value="$TENANT"

Deploy the demo

In order to deploy the demo, type:

aws cloudformation create-stack \
        --capabilities CAPABILITY_NAMED_IAM \
        --stack-name cfn-deep-security-provider-demp \
        --template-body file://./cloudformation/demo.yaml

aws cloudformation wait stack-create-complete  --stack-name cfn-deep-security-provider-demo

Name		Name	Last commit message	Last commit date
Latest commit History 66 Commits
.github/workflows		.github/workflows
.idea		.idea
cloudformation		cloudformation
docs		docs
src		src
tests		tests
.buildspec.yaml		.buildspec.yaml
.dockerignore		.dockerignore
.gitignore		.gitignore
.gitlab-ci.yml		.gitlab-ci.yml
.make-release-support		.make-release-support
.release		.release
Dockerfile		Dockerfile
LICENSE		LICENSE
Makefile		Makefile
Makefile.mk		Makefile.mk
Pipfile		Pipfile
Pipfile.lock		Pipfile.lock
README.md		README.md
entrypoint.sh		entrypoint.sh
requirements.txt		requirements.txt
test-requirements.txt		test-requirements.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

cfn-deep-security-provider

Deploy the provider

Configuring access

Deploy the demo

About

Releases

Packages

Languages

License

binxio/cfn-deep-security-provider

Folders and files

Latest commit

History

Repository files navigation

cfn-deep-security-provider

Deploy the provider

Configuring access

Deploy the demo

About

Resources

License

Security policy

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages