|
1 | | -# Sysdig Secure for Cloud in GCP |
| 1 | +# Sunset Notice |
2 | 2 |
|
3 | | -Terraform module that deploys the [**Sysdig Secure for Cloud** stack in **Google Cloud**](https://docs.sysdig.com/en/docs/installation/sysdig-secure-for-cloud/deploy-sysdig-secure-for-cloud-on-gcp/). |
4 | | -<br/> |
5 | | - |
6 | | -Provides unified threat-detection, forensics and analysis through these major components: |
7 | | - |
8 | | - |
9 | | -* **[Threat Detection](https://docs.sysdig.com/en/docs/sysdig-secure/insights/)**: Tracks abnormal and suspicious activities in your cloud environment based on Falco language. Managed through `cloud-connector` module. <br/> |
10 | | - |
11 | | -* **[Image Scanning](https://docs.sysdig.com/en/docs/sysdig-secure/scanning/)**: Automatically scans all container images pushed to the registry (GCR) and the images that run on the GCP workload (currently CloudRun). Managed through `cloud-connector`. <br/>Disabled by Default, can be enabled through `deploy_scanning` input variable parameters.<br/> |
12 | | - |
13 | | -For other Cloud providers check: [AWS](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud), [Azure](https://github.com/sysdiglabs/terraform-azurerm-secure-for-cloud) |
14 | | - |
15 | | -<br/> |
| 3 | +> [!CAUTION] |
| 4 | +> Sysdig released a new onboarding experience for GCP in November 2024. We recommend connecting your cloud accounts by [following these instructions](https://docs.sysdig.com/en/docs/sysdig-secure/connect-cloud-accounts/). |
| 5 | +> |
| 6 | +> This repository should be used solely in cases where Agentless Threat Detection cannot be used. |
16 | 7 |
|
17 | 8 | ## Usage |
18 | 9 |
|
19 | 10 | There are several ways to deploy Secure for Cloud in you GCP infrastructure, |
20 | 11 |
|
21 | | -- **[`/examples`](https://github.com/sysdiglabs/terraform-google-secure-for-cloud/tree/master/examples)** for the most common scenarios |
22 | | - - [Single Project](https://github.com/sysdiglabs/terraform-google-secure-for-cloud/tree/master/examples/single-project/) |
23 | | - - [Single Project with a pre-existing Kubernetes Cluster](https://github.com/sysdiglabs/terraform-google-secure-for-cloud/tree/master/examples/single-project-k8s/README.md) |
24 | | - - [Organizational](https://github.com/sysdiglabs/terraform-google-secure-for-cloud/tree/master/examples/organization/README.md) |
25 | | - - Many module,examples and use-cases, we provide ways to **re-use existing resources (as optionals)** in your |
26 | | -infrastructure. Check input summary on each example/module. |
27 | | -- **[`/use-cases`](https://github.com/sysdiglabs/terraform-google-secure-for-cloud/tree/master/use-cases)** with self-baked customer-specific alternative scenarios. |
28 | | - |
29 | | -Find specific overall service arquitecture diagrams attached to each example/use-case. |
| 12 | +- [Single Project](https://github.com/sysdiglabs/terraform-google-secure-for-cloud/tree/master/examples/single-project/) |
| 13 | +- [Single Project with a pre-existing Kubernetes Cluster](https://github.com/sysdiglabs/terraform-google-secure-for-cloud/tree/master/examples/single-project-k8s/README.md) |
| 14 | +- [Organizational](https://github.com/sysdiglabs/terraform-google-secure-for-cloud/tree/master/examples/organization/README.md) |
30 | 15 |
|
31 | | -In the long-term our purpose is to evaluate those use-cases and if they're common enough, convert them into examples to make their usage easier. |
32 | | - |
33 | | -If you're unsure about what/how to use this module, please fill the [questionnaire](https://github.com/sysdiglabs/terraform-aws-secure-for-cloud/blob/master/use-cases/_questionnaire.md) report as an issue and let us know your context, we will be happy to help. |
34 | | - |
35 | | - |
36 | | -### Notice |
37 | | -* [GCP regions](https://cloud.google.com/compute/docs/regions-zones/#available) |
38 | | - * Do not confuse required `region` with GCP location or zone. [Identifying a region or zone](https://cloud.google.com/compute/docs/regions-zones/#identifying_a_region_or_zone) |
39 | | -* All Sysdig Secure for Cloud features but [Image Scanning](https://docs.sysdig.com/en/docs/sysdig-secure/scanning/) are enabled by default. You can enable it through `deploy_scanning` input variable parameter of each example.<br/> |
40 | | -* For **free subscription** users, beware that organizational examples may not deploy properly due to the [1 cloud-account limitation](https://docs.sysdig.com/en/docs/administration/administration-settings/subscription/#cloud-billing-free-tier). Open an Issue so we can help you here! |
41 | | -* This example will create resources that **cost money**. Run `terraform destroy` when you don't need them anymore. |
42 | | - * For a normal load, it should be <150$/month aprox. |
43 | | - * [Cloud Logging API](https://cloud.google.com/service-usage/docs/enabled-service#default) is activated by default so no extra cost here |
44 | | - * Cloud Run instance comes as the most expensive service. Default [cpu/memory specs](https://github.com/sysdiglabs/terraform-google-secure-for-cloud/blob/master/modules/services/cloud-connector/variables.tf#L73-L83), for an ingestion of 35KK events/hour, for 2 instances 24x7 usage |
45 | | - * Cloud Run ingests events from a pub/sub topic, with no retention. It's cost is quite descpreciable, but you can check with the calculator based on the events of the Log Explorer console and 4KB of size per event aprox.<br/>Beware that the logs we consume are scoped to the projects, and we exclude kubernetes events `logName=~"^projects/SCOPED_PROJECT_OR_ORG/logs/cloudaudit.googleapis.com"` |
46 | | -<br/> |
| 16 | +If you're unsure about how to use this module, please contact your Sysdig representative. Our experts will guide you through the process and assist you in setting up your account securely and correctly. |
47 | 17 |
|
48 | 18 | ## Prerequisites |
49 | 19 |
|
@@ -82,8 +52,6 @@ Besides, the following GCP **APIs must be enabled** ([how do I check it?](#q-how |
82 | 52 | * [Cloud Build API](https://console.cloud.google.com/marketplace/product/google/cloudbuild.googleapis.com) |
83 | 53 | * [Identity and access management API](https://console.cloud.google.com/marketplace/product/google/iam.googleapis.com) |
84 | 54 |
|
85 | | -<br/> |
86 | | - |
87 | 55 | ## Confirm the Services are Working |
88 | 56 |
|
89 | 57 | Check official documentation on [Secure for cloud - GCP, Confirm the Services are working](https://docs.sysdig.com/en/docs/installation/sysdig-secure-for-cloud/deploy-sysdig-secure-for-cloud-on-gcp/#confirm-the-services-are-working) |
@@ -118,8 +86,6 @@ It may take some time, but you should see logs detecting the new image in the `c |
118 | 86 |
|
119 | 87 | And a CloudBuild being launched successfully. |
120 | 88 |
|
121 | | -<br/> |
122 | | -
|
123 | 89 | ## Troubleshooting |
124 | 90 |
|
125 | 91 | ### Q: Module does not find project ID |
|
0 commit comments