/terraform-aws-polaris-cloud-native

Primary LanguageHCLMIT LicenseMIT

Terraform Module - AWS Rubrik Cloud Native

This module adds an AWS account to Rubrik Security Cloud (RSC/Polaris).

Prerequisites

There are a few services you'll need in order to get this project off the ground:

Usage

# Setting up an AWS account that will use all features.

module "polaris-aws-cloud-native" {
  source  = "rubrikinc/polaris-cloud-native/aws"
  
  aws_account_name  = "my_aws_account_hosted_exocompute"
  aws_account_id    = "123456789012"
  aws_regions       = ["us-west-2","us-east-1"]
  rsc_credentials   = "../.creds/customer-service-account.json"
  rsc_aws_features  = [
                      {
                        name              = "CLOUD_NATIVE_PROTECTION",
                        permission_groups = []
                      },
                      {
                        name              = "RDS_PROTECTION",
                        permission_groups = []
                      },
                      {
                        name              = "CLOUD_NATIVE_S3_PROTECTION"
                        permission_groups = []
                      },
                      {
                        name              = "EXOCOMPUTE"
                        permission_groups = []
                      },
                      {
                        name = "CLOUD_NATIVE_ARCHIVAL",
                        permission_groups = []
                      }
                    ]
}

Requirements

Name Version
terraform >=1.5.6
aws ~>5.26.0
polaris =0.8.0-beta.16

Providers

Name Version
aws 5.26.0
polaris 0.8.0-beta.15

Resources

Name Type
aws_iam_instance_profile.profile resource
aws_iam_role.rsc_roles resource
polaris_aws_cnp_account.account resource
polaris_aws_cnp_account_attachments.attachments resource
polaris_aws_cnp_account_trust_policy.trust_policy resource
polaris_aws_cnp_artifacts.artifacts data source
polaris_aws_cnp_permissions.permissions data source

Modules

No modules.

Inputs

Name Description Type Default Required
aws_account_id AWS account ID to protect with Rubrik Security Cloud. string n/a yes
aws_account_name AWS account name to protect with Rubrik Security Cloud. string n/a yes
aws_ec2_recovery_role_path EC2 recovery role path for the cross account role. string "" no
aws_external_id External ID for the AWS cross account role. If left empty, RSC will automatically generate an external ID. string "" no
aws_profile AWS profile to use for the Rubrik Security Cloud account. string n/a yes
aws_regions AWS regions to protect with Rubrik Security Cloud. set(string) n/a yes
aws_role_path AWS role path for cross account role. string "/" no
rsc_aws_delete_snapshots_on_destroy Delete snapshots in AWS when account is removed from Rubrik Security Cloud. bool false no
rsc_aws_features RSC features with permission groups. 
set(object({
    name              = string
    permission_groups = set(string)
  }))
 n/a yes
rsc_cloud_type AWS cloud type in RSC. string "STANDARD" no
rsc_credentials Path to the Rubrik Security Cloud service account file. string n/a yes

Outputs

Name Description
aws_eks_worker_node_role_arn n/a
aws_iam_cross_account_role_arn n/a
cluster_master_role_arn n/a
rsc_aws_cnp_account_id n/a
worker_instance_profile n/a