Setting up Agentless Scanning using Terraform
This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project,
feel free to reach out to us!If you’ve already set up Cloud Security Management and want to add a new AWS account or enable Agentless Scanning on an existing integrated AWS account, you can use either Terraform or AWS CloudFormation. This article provides detailed instructions for the Terraform approach.
If you're setting up Cloud Security Management for the first time, you can follow the
quick start workflow, which uses AWS CloudFormation to enable Agentless Scanning.
- On the Cloud Security Management Setup page, click Cloud Integrations > AWS.
- At the bottom of the AWS section, click Add AWS accounts by following these steps. The Add New AWS Account(s) dialog is displayed.
- Under Choose a method for adding your AWS account, select Manually.
- Follow the instructions for installing the Datadog Agentless Scanner module.
- Select the I confirm that the Datadog IAM Role has been added to the AWS Account checkbox.
- Enter the AWS Account ID and AWS Role Name.
- Click Save.
- On the Cloud Security Management Setup page, click Cloud Integrations > AWS.
- Click the Edit scanning button for the AWS account where you want to deploy the Agentless scanner.
- Enable Resource Scanning should already be toggled on. If it isn’t, toggle Enable Resource Scanning to the on position.
- In the How would you like to set up Agentless Scanning? section, select Terraform.
- Follow the instructions for installing the Datadog Agentless Scanner module.
- In the Agentless Scanning section, toggle Host Vulnerability Scanning, Container Vulnerability Scanning, Lambda Vulnerability Scanning, and Data Security Scanning to the on position.
- Click Done.
Exclude resources from scans
To exclude AWS hosts, containers, and Lambda functions from scans, apply the tag DatadogAgentlessScanner:false
to each resource. For detailed instructions on adding this tag, refer to the AWS documentation.
Disable Agentless Scanning
- On the Cloud Security Management Setup page, click Cloud Integrations > AWS.
- To disable Agentless Scanning for an account, click the Edit button and toggle the Agentless Scanning section to the off position.
- Click Done.
Follow the instructions for Terraform uninstallation.
Update the source
reference for the Agentless Scanner modules to the latest release. You can find the latest version on GitHub Releases.
For usage examples, refer to our Github repository.
Further Reading
Más enlaces, artículos y documentación útiles: