Skip to content

Beat containing opa sdk to run rego eval on cloud native resources

License

Notifications You must be signed in to change notification settings

ofiriro3/cloudbeat

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Coverage Status Go Report Card

Cloudbeat

Cloudbeat analyzes cloud assets for security compliance and sends findings to Elasticsearch as part of the Cloud Security Posture plugin in Kibana.

Getting Started

To get started with Cloud Security Posture on your cluster, see our documentation.


Table of contents

Local Deployment

Deploying Cloudbeat locally either as a process, or through elastic-agent can be done with elastic-package - a tool that spins up en entire elastic stack locally. depending on the deployment platform (Self-Managed kubernetes / EKS) you may need to set up different environment.

Prerequisites

  1. We use Hermit to keep all our tooling in check. See our README for more details. Install it with the following commands:

    curl -fsSL https://github.com/cashapp/hermit/releases/download/stable/install.sh | /bin/bash
    . ./bin/activate-hermit

    Note This will download and install hermit into ~/bin. You should add this to your $PATH if it isn't already.

    It is also recommended to add hermit's shell integration

  2. Elastic stack running locally, preferably using elastic-package (you may need to authenticate) For example, spinning up 8.6.0 stack locally:

    eval "$(elastic-package stack shellinit --shell $(basename $SHELL))" # load stack environment variables
    elastic-package stack up --version 8.6.0 -v -d

Deploying Cloudbeat as a process

Cloudbeat can be deployed as a process, and will not be managed by Elastic Agent. (the fastest way to get started, getting findings)

Self-Managed Kubernetes

We use Kind to spin up a local kubernetes cluster, and deploy Cloudbeat as a process. Build and deploying cloudbeat into your local kind cluster:

if you don't already have a Kind cluster, you can create one with:

just create-kind-cluster
just elastic-stack-connect-kind # connect it to local elastic stack

Build and deploy cloudbeat on your local kind cluster:

just build-deploy-cloudbeat

Or without certificate

just build-deploy-cloudbeat-nocert

Note By default, cloudbeat binary will be built based on GOARCH environment variable. If you want to build cloudbeat for a different platform you can set it as following:

# just build-deploy-cloudbeat <Target Arch>
just build-deploy-cloudbeat amd64

Or without certificate

# just build-deploy-cloudbeat-nocert <Target Arch>
just build-deploy-cloudbeat-nocert amd64

Amazon Elastic Kubernetes Service (EKS)

Another deployment option is to deploy cloudbeat as a process on EKS. This is useful for testing and development purposes.

Export AWS creds as env vars, kustomize will use these to populate your cloudbeat deployment.

export AWS_ACCESS_KEY="<YOUR_AWS_KEY>"
export AWS_SECRET_ACCESS_KEY="<YOUR_AWS_SECRET>"

Set your default cluster to your EKS cluster

kubectl config use-context <your-eks-cluster>

Deploy cloudbeat on your EKS cluster

just deploy-eks-cloudbeat

Running Cloudbeat with Elastic Agent

  1. Spin up Elastic stack (using cloud/staging is recommended, but using elastic-package is also supported, see Local Deployment)
  2. Create an agent policy and install the CSP integration (KSPM).
  3. Now, when adding a new agent, you will get the K8s deployment instructions of elastic-agent.

Note Are you a developer/contributor or just looking for more information check out our dev docs

About

Beat containing opa sdk to run rego eval on cloud native resources

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Go 71.3%
  • Python 19.4%
  • Shell 5.2%
  • HCL 2.9%
  • Makefile 0.9%
  • Dockerfile 0.2%
  • Smarty 0.1%