Lacework Agents access token resource and data source #41
Assignees
Labels
feat
New feature or request
Comments
|
@JPLachance Would this resource and this data source work for you? Resourceresource "lacework_agent_access_token" "k8s" {
name = "prod"
description = "k8s deployment for production env"
}Data Sourcedata "lacework_agent_access_token" "k8s" {
name = "prod"
}Both expose a |
|
Hello! This will work. It will allow me to create token, store it in AWS Secrets Manager, automate its rotation. Thank you 😄 |
afiune
added a commit
that referenced
this issue
Dec 8, 2020
** lacework_agent_access_token To connect to the Lacework platform, Lacework agents require an agent access token. Use this resource to mange agent tokens within your Lacework account. !> **Warning:** Agent tokens should be treated as secret and not published. A token uniquely identifies a Lacework customer. If you suspect your token has been publicly exposed or compromised, generate a new token, update the new token on all machines using the old token. When complete, the old token can safely be disabled without interrupting Lacework services. You can use the agent token name to logically separate your deployments, for example, by environment types (QA, Dev, etc.) or system types (CentOS, RHEL, etc.). -> **Note:** The Lacework agent runs on most Linux distributions. For more detailed information, see [Supported Operating Systems.](https://support.lacework.com/hc/en-us/articles/360005230014-Supported-Operating-Systems). !> **Warning:** By design, agent tokens cannot be deleted. Running terraform destroy will only disable the token. ** Example Usage ```hcl resource "lacework_agent_access_token" "k8s" { name = "prod" description = "k8s deployment for production env" } ``` ** Argument Reference The following arguments are supported: * `name` - (Required) The agent access token name. * `description` - (Optional) The agent access token description. * `enabled` - (Optional) The state of the external integration. Defaults to `true`. ** Attributes Reference In addition to the arguments listed above, the following computed attributes are exported: * `token` - The agent access token. ** Import A Lacework agent access token can be imported using the token itself, e.g. ``` $ terraform import lacework_agent_access_token.k8s YourAgentToken ``` -> **Note:** To list all agent access tokens in your Lacework account, use the Lacework CLI command `lacework agent token list`. To install this tool follow [this documentation](https://github.com/lacework/go-sdk/wiki/CLI-Documentation#installation). Closes #41 Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
afiune
added a commit
that referenced
this issue
Dec 8, 2020
** lacework_agent_access_token To connect to the Lacework platform, Lacework agents require an agent access token. Use this resource to mange agent tokens within your Lacework account. !> **Warning:** Agent tokens should be treated as secret and not published. A token uniquely identifies a Lacework customer. If you suspect your token has been publicly exposed or compromised, generate a new token, update the new token on all machines using the old token. When complete, the old token can safely be disabled without interrupting Lacework services. You can use the agent token name to logically separate your deployments, for example, by environment types (QA, Dev, etc.) or system types (CentOS, RHEL, etc.). -> **Note:** The Lacework agent runs on most Linux distributions. For more detailed information, see [Supported Operating Systems.](https://support.lacework.com/hc/en-us/articles/360005230014-Supported-Operating-Systems). !> **Warning:** By design, agent tokens cannot be deleted. Running terraform destroy will only disable the token. ** Example Usage ```hcl resource "lacework_agent_access_token" "k8s" { name = "prod" description = "k8s deployment for production env" } ``` ** Argument Reference The following arguments are supported: * `name` - (Required) The agent access token name. * `description` - (Optional) The agent access token description. * `enabled` - (Optional) The state of the external integration. Defaults to `true`. ** Attributes Reference In addition to the arguments listed above, the following computed attributes are exported: * `token` - The agent access token. ** Import A Lacework agent access token can be imported using the token itself, e.g. ``` $ terraform import lacework_agent_access_token.k8s YourAgentToken ``` -> **Note:** To list all agent access tokens in your Lacework account, use the Lacework CLI command `lacework agent token list`. To install this tool follow [this documentation](https://github.com/lacework/go-sdk/wiki/CLI-Documentation#installation). Closes #41 Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
afiune
added a commit
that referenced
this issue
Dec 8, 2020
To connect to the Lacework platform, Lacework agents require an agent access token. Use this resource to manage agent tokens within your Lacework account. !> **Warning:** Agent tokens should be treated as secret and not published. A token uniquely identifies a Lacework customer. If you suspect your token has been publicly exposed or compromised, generate a new token, update the new token on all machines using the old token. When complete, the old token can safely be disabled without interrupting Lacework services. You can use the agent token name to logically separate your deployments, for example, by environment types (QA, Dev, etc.) or system types (CentOS, RHEL, etc.). -> **Note:** The Lacework agent runs on most Linux distributions. For more detailed information, see [Supported Operating Systems.](https://support.lacework.com/hc/en-us/articles/360005230014-Supported-Operating-Systems). !> **Warning:** By design, agent tokens cannot be deleted. Running terraform destroy will only disable the token. ** Example Usage ```hcl resource "lacework_agent_access_token" "k8s" { name = "prod" description = "k8s deployment for production env" } ``` ** Argument Reference The following arguments are supported: * `name` - (Required) The agent access token name. * `description` - (Optional) The agent access token description. * `enabled` - (Optional) The state of the external integration. Defaults to `true`. ** Attributes Reference In addition to the arguments listed above, the following computed attributes are exported: * `token` - The agent access token. ** Import A Lacework agent access token can be imported using the token itself, e.g. ``` $ terraform import lacework_agent_access_token.k8s YourAgentToken ``` -> **Note:** To list all agent access tokens in your Lacework account, use the Lacework CLI command `lacework agent token list`. To install this tool follow [this documentation](https://github.com/lacework/go-sdk/wiki/CLI-Documentation#installation). Closes #41 Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
afiune
added a commit
that referenced
this issue
Dec 8, 2020
To have parity with our resource `lacework_agent_access_token` we are adding a new data source to retrieve Agent access tokens by looking up for the Token Alias. (a.k.a Token Name) Contributes #41 Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
dmurray-lacework
pushed a commit
that referenced
this issue
May 27, 2021
To connect to the Lacework platform, Lacework agents require an agent access token. Use this resource to manage agent tokens within your Lacework account. !> **Warning:** Agent tokens should be treated as secret and not published. A token uniquely identifies a Lacework customer. If you suspect your token has been publicly exposed or compromised, generate a new token, update the new token on all machines using the old token. When complete, the old token can safely be disabled without interrupting Lacework services. You can use the agent token name to logically separate your deployments, for example, by environment types (QA, Dev, etc.) or system types (CentOS, RHEL, etc.). -> **Note:** The Lacework agent runs on most Linux distributions. For more detailed information, see [Supported Operating Systems.](https://support.lacework.com/hc/en-us/articles/360005230014-Supported-Operating-Systems). !> **Warning:** By design, agent tokens cannot be deleted. Running terraform destroy will only disable the token. ** Example Usage ```hcl resource "lacework_agent_access_token" "k8s" { name = "prod" description = "k8s deployment for production env" } ``` ** Argument Reference The following arguments are supported: * `name` - (Required) The agent access token name. * `description` - (Optional) The agent access token description. * `enabled` - (Optional) The state of the external integration. Defaults to `true`. ** Attributes Reference In addition to the arguments listed above, the following computed attributes are exported: * `token` - The agent access token. ** Import A Lacework agent access token can be imported using the token itself, e.g. ``` $ terraform import lacework_agent_access_token.k8s YourAgentToken ``` -> **Note:** To list all agent access tokens in your Lacework account, use the Lacework CLI command `lacework agent token list`. To install this tool follow [this documentation](https://github.com/lacework/go-sdk/wiki/CLI-Documentation#installation). Closes #41 Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
dmurray-lacework
pushed a commit
that referenced
this issue
May 27, 2021
To have parity with our resource `lacework_agent_access_token` we are adding a new data source to retrieve Agent access tokens by looking up for the Token Alias. (a.k.a Token Name) Contributes #41 Signed-off-by: Salim Afiune Maya <afiune@lacework.net>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Greetings,
Today, to manage Lacework agents access tokens, we must use the Lacework UI or the API.
With a Terraform resource, automating the creation and management of Lacework agents access tokens will be easier. For example, it will make it easy to create the access token and then store it in AWS Secrets Manager.
Thanks in advance for the help!
The text was updated successfully, but these errors were encountered: