Setting up Agentless Scanning using Terraform
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
If you’ve already set up Cloud Security Management and want to add a new AWS account or enable Agentless Scanning on an existing integrated AWS account, you can use either Terraform or AWS CloudFormation. This article provides detailed instructions for the Terraform approach.
If you're setting up Cloud Security Management for the first time, you can follow the
quick start workflow, which uses AWS CloudFormation to enable Agentless Scanning.
- On the Cloud Security Management Setup page, click Cloud Integrations > AWS.
- At the bottom of the AWS section, click Add AWS accounts by following these steps. The Add New AWS Account(s) dialog is displayed.
- Under Choose a method for adding your AWS account, select Manually.
- Follow the instructions for installing the Datadog Agentless Scanner module.
- Select the I confirm that the Datadog IAM Role has been added to the AWS Account checkbox.
- Enter the AWS Account ID and AWS Role Name.
- Click Save.
- On the Cloud Security Management Setup page, click Cloud Integrations > AWS.
- Click the Edit scanning button for the AWS account where you want to deploy the Agentless scanner.
- Enable Resource Scanning should already be toggled on. If it isn’t, toggle Enable Resource Scanning to the on position.
- In the How would you like to set up Agentless Scanning? section, select Terraform.
- Follow the instructions for installing the Datadog Agentless Scanner module.
- In the Agentless Scanning section, toggle Host Vulnerability Scanning, Container Vulnerability Scanning, Lambda Vulnerability Scanning, and Data Security Scanning to the on position.
- Click Done.
Exclude resources from scans
To exclude AWS hosts, containers, and Lambda functions from scans, apply the tag CompanyAgentlessScanner:false
to each resource. For detailed instructions on adding this tag, refer to the AWS documentation.
Disable Agentless Scanning
- On the Cloud Security Management Setup page, click Cloud Integrations > AWS.
- To disable Agentless Scanning for an account, click the Edit button and toggle the Agentless Scanning section to the off position.
- Click Done.
Follow the instructions for Terraform uninstallation.
Further Reading