feat: Adding Sentry and Network Security options to Account Deployment #96
feat: Adding Sentry and Network Security options to Account Deployment #96
Conversation
felipecosta09
changed the title
…ttps://github.com/trendmicro/cloudone-community into aws-cfn-cloud-account-connector-add-sentry-option
raphabot
changed the title
felipecosta09
added
new-project 🎉
| @@ -1,6 +1,6 @@ | |||
| # Add AWS Account to Cloud One | |||
There was a problem hiding this comment.
I think it is important to note here that you need to ensure the AWS Account before hand can handle the amount of S3 buckets that will be created by Sentry. I have seen this cause many failed deployments and rollbacks are even more of a challenge to navigate with Sentry.
Or IMHO, just remove sentry part
There was a problem hiding this comment.
Do we have this requirement documented in the product documentation somewhere?
There was a problem hiding this comment.
Its not documented. The stack creates 2 S3 buckets per AWS Region that we support. There are 31 total AWS regions.
|
|
||
| cloudOneRoleArn = os.environ['CloudOneRoleArn'] | ||
| cloudOneRegion = os.environ['CloudOneRegion'] | ||
| cloudOneApiKey = os.environ['CloudOneApiKey'] |
There was a problem hiding this comment.
Was looking through the templates and maybe I missed it:
Is this API Key being encrypted?
I can only see it being flagged as NoEcho in the params value adds
There was a problem hiding this comment.
Good catch. I need to update this to use Secrets Manager and KMS.
3 participants
Cloud One Service
[x] Common
[ ] Workload Security
[ ] Application Security
[ ] Network Security
[ ] File Storage Security
[ ] Container Security
[ ] Conformity
[ ] Open Source Security
[x] Other
Proposed Changes