draios · pabloopez · Nov 21, 2022 · Nov 3, 2022 · Nov 3, 2022 · Nov 4, 2022
diff --git a/common/prepare-track/README.md b/common/prepare-track/README.md
@@ -7,28 +7,30 @@ USAGE:
   init.sh [OPTIONS...]
 
 
-Environment start up script. It can be used to deploy a Sysdig Agent and/or set
-up some environment variables. When called with NO OPTIONS, it will deploy an
-Agent and will ask for Monitor and Secure API keys; same as calling with
-'-a/--agent -m/--monitor -s/--secure'. When using the product options"
-('-m/--monitor' and/or '-s/--secure'), API keys will be stored in file
-/opt/sysdig/user_data_${PRODUCT}_API_OK, and exported to envvar
-$SYSDIG_${PRODUCT}_API_TOKEN (where ${PRODUCT} is MONITOR or SECURE).
+Environment start up script. It can be used to:
+- deploy a Sysdig Agent 
+- deploy Sysdig Secure for Cloud (AWS, GCP, Azure)
+- and/or set up some environment variables.
 
-WARNING: This script is meant to be used in training materials. Do NOT use it
-in production.
+Review the options below to learn what's available.
+
+WARNING: This script is meant to be used in training materials.
+Do NOT use it in production.
 
 
 OPTIONS:
 
   -a, --agent                 Deploy a Sysdig Agent.
+  -c, --cloud                 Set up environment for Sysdig Secure for Cloud.
   -h, --help                  Show this help.
   -m, --monitor               Set up environment for Monitor API usage.
   -n, --node-analyzer         Enable Node Analyzer. Use with -a/--agent.
   -N, --node-image-analyzer   Enable Image Node Analyzer. Use with -a/--agent.
   -p, --prometheus            Enable Prometheus. Use with -a/--agent.
   -s, --secure                Set up environment for Secure API usage.
-
+  -r, --region                Set up environment with user's Sysdig Region for a track with a host.
+  -q, --region-cloud          Set up environment with user's Sysdig Region for cloud track with a cloud account.
+  -v, --vulnmanag             Enable Image Scanning with Sysdig Secure for Cloud. Use with -c/--cloud.
 
 ENVIRONMENT VARIABLES:
 
@@ -43,4 +45,5 @@ ENVIRONMENT VARIABLES:
   DOCKER_OPTS                 Additional options for Docker installation.
 
   HOST_OPTS                   Additional options for Host installation.
+
 ```
diff --git a/common/prepare-track/cloud/aws/cloud-connector-aws.tf b/common/prepare-track/cloud/aws/cloud-connector-aws.tf
@@ -21,6 +21,11 @@ variable "training_aws_region" {
   description = "The AWS Region"
 }
 
+variable "deploy_scanner" {
+  type        = bool
+  description = "If true, deploys the Sysdig Scanner for ECR and Fargate"
+}
+
 provider "sysdig" {
   sysdig_secure_url       = var.training_secure_url
   sysdig_secure_api_token = var.training_secure_api_token
@@ -33,6 +38,7 @@ provider "aws" {
 module "secure-for-cloud_example_single-account" {
   source = "sysdiglabs/secure-for-cloud/aws//examples/single-account"
 
-  # deploy_beta_image_scanning_ecr=true
-
+  deploy_image_scanning_ecs = var.deploy_scanner
+  deploy_image_scanning_ecr = var.deploy_scanner
+  deploy_beta_image_scanning_ecr = var.deploy_scanner
 }
diff --git a/common/prepare-track/cloud/azure/cloud-connector-azure.tf b/common/prepare-track/cloud/azure/cloud-connector-azure.tf
@@ -21,6 +21,11 @@ variable "training_azure_subscription" {
   description = "Azure Subscription ID"
 }
 
+variable "deploy_scanner" {
+  type        = bool
+  description = "If true, deploys the Sysdig Scanner for ECR and Fargate"
+}
+
 provider "sysdig" {
   sysdig_secure_url       = var.training_secure_url
   sysdig_secure_api_token = var.training_secure_api_token
@@ -34,7 +39,7 @@ provider "azurerm" {
 module "secure_for_cloud_example_single_subscription" {
   source = "sysdiglabs/secure-for-cloud/azurerm//examples/single-subscription"
 
-  deploy_scanning = false
+  deploy_scanning = var.deploy_scanner
 
-  deploy_active_directory=false
+  deploy_active_directory = false
 } 
diff --git a/common/prepare-track/cloud/gcp/cloud-connector-gcp.tf b/common/prepare-track/cloud/gcp/cloud-connector-gcp.tf
@@ -31,6 +31,11 @@ variable "gcp_creds" {
   description = "Auth credentials for the GCP SA from Instruqt"
 }
 
+variable "deploy_scanner" {
+  type        = bool
+  description = "If true, deploys the Sysdig Scanner for ECR and Fargate"
+}
+
 provider "sysdig" {
   sysdig_secure_url       = var.training_secure_url
   sysdig_secure_api_token = var.training_secure_api_token
@@ -51,5 +56,5 @@ provider "google-beta" {
 module "secure-for-cloud_example_single-project" {
   source = "sysdiglabs/secure-for-cloud/google//examples/single-project"
 
-  deploy_scanning = true
+  deploy_scanning = var.deploy_scanner
 }
diff --git a/common/prepare-track/cloud/install_with_terraform.sh b/common/prepare-track/cloud/install_with_terraform.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 ##
-# Deploy the Sysdig Cloud Connector for Sysdig Secure for Cloud in AWS
+# Deploy the Sysdig Secure for Cloud infra for different cloud vendors
 #
 # Usage:
 #   install_with_terraform.sh $PROVIDER $SYSDIG_SECURE_API_TOKEN $SECURE_URL $CLOUD_REGION $CLOUD_ACCOUNT_ID
@@ -29,6 +29,7 @@ then
         -var="training_secure_api_token=$SYSDIG_SECURE_API_TOKEN" \
         -var="training_secure_url=$SECURE_URL" \
         -var="training_aws_region=$CLOUD_REGION" \
+        -var="deploy_scanner=$USE_CLOUD_SCAN_ENGINE" \
         >> ${OUTPUT} 2>&1 \
     && echo "    Terraform apply completed! Check all TF deployment logs at: $OUTPUT"
 fi
@@ -45,6 +46,7 @@ then
         -var="training_gcp_region=$CLOUD_REGION" \
         -var="training_gcp_project=$CLOUD_ACCOUNT_ID" \
         -var="gcp_creds=$GOOGLE_CREDENTIALS" \
+        -var="deploy_scanner=$USE_CLOUD_SCAN_ENGINE" \
         >> ${OUTPUT} 2>&1 \
     && echo "    Terraform apply completed! Check all TF deployment logs at: $OUTPUT"
 fi
@@ -55,6 +57,7 @@ then
     terraform init && terraform apply -auto-approve \
         -var="training_secure_api_token=$SYSDIG_SECURE_API_TOKEN" \
         -var="training_secure_url=$SECURE_URL" \
-        -var="training_azure_subscription=$CLOUD_ACCOUNT_ID" #\
+        -var="training_azure_subscription=$CLOUD_ACCOUNT_ID" \
+        -var="deploy_scanner=$USE_CLOUD_SCAN_ENGINE" #\
         #-y >> ${OUTPUT} 2>&1
 fi