Skip to content

Latest commit

 

History

History
52 lines (38 loc) · 2.87 KB

README.md

File metadata and controls

52 lines (38 loc) · 2.87 KB

cfn-deep-security-provider

A CloudFormation custom resource provider for managing TrendMicro DeepSecurity resources. With this Custom CloudFormation Provider you can deploy EC2 instances and DeepSecurity policies and rules from a single CloudFormation template.

The provider supports all the DeepSecurity resources of the DeepSecurity API and provides support creating the AWS Cloud Account using the legacy API.

Deploy the provider

To deploy the provider, type:

aws cloudformation create-stack \
        --capabilities CAPABILITY_IAM \
        --stack-name cfn-deep-security-provider \
        --template-body file://./cloudformation/cfn-resource-provider.yaml

aws cloudformation wait stack-create-complete  --stack-name cfn-deep-security-provider

This CloudFormation template will use our pre-packaged provider from 463637877380.dkr.ecr.eu-central-1.amazonaws.com/xebia/cfn-deep-security-provider:1.0.1.

Configuring access

In order to be able to manage the DeepSecurity resources, you need to obtain create an API key and store it in the parameter store under the name /cfn-deep-security-provider/api-key.

aws ssm put-parameter --name /cfn-deep-security-provider/api-key --type SecureString --value="$API_KEY"

In order to create the AWS Cloud Account you need to [add an user] (https://help.deepsecurity.trendmicro.com/user-management.html?cshid=administration_users#Create_new_users_) to access the legacy API. and store the username, password and tenant name in the parameter store.

aws ssm put-parameter --name /cfn-deep-security-provider/user --type SecureString --value="$USERNAME"
aws ssm put-parameter --name /cfn-deep-security-provider/password --type SecureString --value="$PASSWORD"
aws ssm put-parameter --name /cfn-deep-security-provider/tenant --type SecureString --value="$TENANT"

Deploy the demo

In order to deploy the demo, type:

aws cloudformation create-stack \
        --capabilities CAPABILITY_NAMED_IAM \
        --stack-name cfn-deep-security-provider-demp \
        --template-body file://./cloudformation/demo.yaml

aws cloudformation wait stack-create-complete  --stack-name cfn-deep-security-provider-demo