Terraform-provider-aws: Configure schedule in inspector template resource

Created on 9 Aug 2018  ·  7Comments  ·  Source: hashicorp/terraform-provider-aws

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

New or Affected Resource(s)

  • aws_inspector_assessment_template

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

  • 0000

    • enhancement servicinspector upstream
    Source
    picture joe-zhou-ripple
    👍22

    Most helpful comment

    Hello,

    Can we have an update here please? The AWS CLI as well as boto3 offer the ability to start runs interactively and the ability to schedule runs was added to the AWS console last year. Not sure if it has filtered down into the API yet, though.

    picture cbchhaya on 10 Jun 2019
    👍3

    All 7 comments

    Without the schedule, the assessment is dead sitting there...

    joe-zhou-ripple picture joe-zhou-ripple on 9 Aug 2018

    Hello,

    Can we have an update here please? The AWS CLI as well as boto3 offer the ability to start runs interactively and the ability to schedule runs was added to the AWS console last year. Not sure if it has filtered down into the API yet, though.

    cbchhaya picture cbchhaya on 10 Jun 2019
    👍3

    Anything here? This looks important.

    rogerscuall picture rogerscuall on 19 Jul 2019

    The AWS Docs outline what's actually happening under-the-hood when you specify those options in the cli

    When you use this check box, Amazon Inspector automatically creates an Amazon CloudWatch Events rule for the assessment runs schedule that you are setting up. Amazon Inspector then also automatically creates an IAM role named AWS_InspectorEvents_Invoke_Assessment_Template. This role enables CloudWatch Events to make API calls against the Amazon Inspector resources.
    So this is not actually something that is handled by Inspector neccessarily, it's more of a sugar that the Inspector UI provides to make it easier to do.

    The CLI also doesn't have direct support for doing this, as there are no corresponding parameters to pass.

    I'm not sure if how Terraform usually does things like these when a single TF resource would require multiple actual AWS resources under-the-hood. That feels more like AWS module territory to me rather than a single resource.

    FnTm picture FnTm on 22 Jan 2020

    Excellent investigative work, @FnTm 👍

    I'm not sure if how Terraform usually does things like these when a single TF resource would require multiple actual AWS resources under-the-hood. That feels more like AWS module territory to me rather than a single resource.

    This is exactly correct. 💯 Terraform resources are designed to be single "API object" focused, so in the case of Terraform AWS Provider resources, its one resource equals one service API and its associated CRUD calls for a single "object". Terraform modules including those found on the Terraform Registry are the expected abstraction of multiple resources.

    Given that it appears the Inspector API does not directly support this as a configuration within its own API, we are going to close this issue as its not something to be directly implemented within a single Terraform AWS Provider resource. If there is missing functionality to enable a certain component of this feature request, please create a specific GitHub feature request pointing to the API reference and we'll take a fresh look. Thanks.

    bflad picture bflad on 22 Jan 2020

    For anyone interested in a module that can handle the scheduling, a quick search finds a couple of existing modules like
    https://github.com/USSBA/terraform-aws-inspector
    https://github.com/plus3it/terraform-aws-tardigrade-inspector
    that support this functionality.
    Just leaving this here in case someone comes in looking for a straight up answer on how to solve this need.

    FnTm picture FnTm on 22 Jan 2020

    I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

    If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

    hashibot[bot] picture hashibot[bot] on 27 Mar 2020
    Was this page helpful?
    0 / 5 - 0 ratings

    Related issues

    hazmeister picture hazmeister  ·  3Comments
    hashibot picture hashibot  ·  3Comments
    blaltarriba picture blaltarriba  ·  3Comments
    dvishniakov picture dvishniakov  ·  3Comments
    carmas picture carmas  ·  3Comments