add secret for sensor management api credentials #47
Conversation
ryanjpayne
commented
Jan 23, 2024
ryanjpayne
commented
- Update crowdstrike_init_stack.yaml with parameter to select storage method for API credentials used by Sensor Management
- Update aws_cspm_cloudformation_v2.json with parameter and resources to store API credentials used by Sensor Management in a secret
- Update documentation for new parameter
Added test case cw-test-smlambda |
Please add run_test "cw-test-smlambda" to below file. |
ack |
There was a problem hiding this comment.
Please check below failure, which is deviating from best practices.
FAILED for resource: AWS::SecretsManager::Secret.CrowdStrikeSensorManagementFalconCredentialsSecret
File: /templates/aws_cspm_cloudformation_v2.json:452-460
Guide: https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-secrets-manager-secret-is-encrypted-using-kms
452 | "CrowdStrikeSensorManagementFalconCredentialsSecret": {
453 | "Type": "AWS::SecretsManager::Secret",
454 | "Condition": "ShouldCreateSensorManagementCredentialsSecret",
455 | "Properties": {
456 | "Name": "/CrowdStrike/CSPM/SensorManagement/FalconAPICredentials",
457 | "Description": "Falcon API credentials. Used by the 1-Click sensor management orchestrator.",
458 | "SecretString": {"Fn::Sub": "{\"ClientId\":\"${ClientID}\",\"ClientSecret\":\"${ClientSecret}\"}"}
459 | }
460 | },
|
/do-e2e-tests |
|
End to end test has been scheduled |
|
E2E tests in progress |
![aws-ia-automator-prod[bot]](https://avatars.githubusercontent.com/u/149281641?s=60&v=4){kind=small}
