Setting up Agentless Scanning using Terraform

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

If you’ve already set up Cloud Security Management and want to add a new cloud account or enable Agentless Scanning on an existing integrated cloud account, you can use either Terraform, AWS CloudFormation, or Azure Resource Manager. This article provides detailed instructions for the Terraform approach.

If you're setting up Cloud Security Management for the first time, you can follow the quick start workflow, which uses AWS CloudFormation to enable Agentless Scanning.
    1. On the Cloud Security Management Setup page, click Cloud Integrations > AWS.
    2. At the bottom of the AWS section, click Add AWS accounts by following these steps. The Add New AWS Account(s) dialog is displayed.
    3. Under Choose a method for adding your AWS account, select Manually.
    4. Follow the instructions for installing the Datadog Agentless Scanner module.
    5. Select the I confirm that the Datadog IAM Role has been added to the AWS Account checkbox.
    6. Enter the AWS Account ID and AWS Role Name.
    7. Click Save.
    1. On the Cloud Security Management Setup page, click Cloud Integrations > AWS.
    2. Click the Edit scanning button for the AWS account where you want to deploy the Agentless scanner.
    3. Enable Resource Scanning should already be toggled on. If it isn’t, toggle Enable Resource Scanning to the on position.
    4. In the How would you like to set up Agentless Scanning? section, select Terraform.
    5. Follow the instructions for installing the Datadog Agentless Scanner module.
    6. In the Agentless Scanning section, toggle Host Vulnerability Scanning, Container Vulnerability Scanning, Lambda Vulnerability Scanning, and Data Security Scanning to the on position.
    7. Click Done.
    1. On the Cloud Security Management Setup page, click Cloud Integrations > Azure.
    2. Expand the Tenant containing the subscription where you want to deploy the Agentless scanner.
    3. Click the Enable button for the Azure subscription where you want to deploy the Agentless scanner.
    4. Toggle Vulnerability Scanning to the on position.
    5. In the How would you like to set up Agentless Scanning? section, select Terraform.
    6. Follow the instructions for installing the Datadog Agentless Scanner module.
    7. Click Done.

    Exclude resources from scans

    To exclude hosts, containers, and functions from scans, apply the tag DatadogAgentlessScanner:false to each resource. For detailed instructions, refer to the Resource Filters documentation.

    Disable Agentless Scanning

    1. On the Cloud Security Management Setup page, click Cloud Integrations, and then expand the AWS or Azure section.
    2. To disable Agentless Scanning for an account, click the Edit button and toggle Vulnerability Scanning to the off position.
    3. Click Done.

    Uninstall with Terraform

    Follow the instructions for Terraform uninstallation.

    Update the Terraform modules version

    Update the source reference for the Agentless Scanner modules to the latest release. You can find the latest version on GitHub Releases.

    For usage examples, refer to our Github repository.

    Further Reading

    Documentation, liens et articles supplémentaires utiles:

    Cloud Security Management Agentless ScanningDOCUMENTATION more more Agentless Scanning Quick Start for Cloud Security ManagementDOCUMENTATION more more Setting up Agentless Scanning using AWS CloudFormationDOCUMENTATION more more