terraform-google-cloud-registration/terraform.tfvars.example at main · CrowdStrike/terraform-google-cloud-registration · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# =============================================================================
# CrowdStrike GCP CSPM Terraform Module Configuration Example
# =============================================================================

# REQUIRED: CrowdStrike API Credentials
# Get these from Falcon Console > Support > API Clients & Keys
falcon_client_id     = "YOUR_CLIENT_ID_HERE"
falcon_client_secret = "YOUR_CLIENT_SECRET_HERE"

# REQUIRED: GCP Project for CrowdStrike Infrastructure
# Project where WIF pools, pub/sub topics, etc. will be created
infra_project_id = "your-csmp-infrastructure-project"

# REQUIRED: AWS Role ARN for Identity Federation
# Contains the CrowdStrike AWS account ID and role name
role_arn = "arn:aws:sts::111111111111:assumed-role/CrowdStrikeConnectorRoleName"

# =============================================================================
# REGISTRATION SCOPE - Choose ONE of the following three options
# =============================================================================

# OPTION 1: Project-level Registration (recommended for testing)
registration_type = "project"
project_ids       = ["project-1", "project-2", "project-3"]

# OPTION 2: Folder-level Registration (for specific organizational units)
# registration_type = "folder"
# folder_ids        = ["123456789012", "234567890123"]

# OPTION 3: Organization-level Registration (for full coverage)
# registration_type = "organization"
# organization_id   = "123456789012"

# =============================================================================
# OPTIONAL: Real Time Visibility & Detection (RTV&D)
# =============================================================================

# Enable log ingestion for real-time threat detection
enable_realtime_visibility = false

# Log ingestion configuration (only used if enable_realtime_visibility = true)
log_ingestion_settings = {
  message_retention_duration       = "1209600s"  # 14 days
  ack_deadline_seconds             = 300         # 5 minutes
  topic_message_retention_duration = "2592000s"  # 30 days
  audit_log_types                  = ["activity", "system_event", "policy"]
  enable_schema_validation         = false
  schema_type                      = "AVRO"

  # Optional: Exclude specific logs based on labels
  exclusion_filters = [
    "resource.labels.environment=\"test\"",
    "resource.labels.temporary=\"true\""
  ]
}

# =============================================================================
# OPTIONAL: Resource Naming and Organization
# =============================================================================

# Prefix and suffix for resource names (helps with organization)
# resource_prefix = "cs"
# resource_suffix = "prod"

# Labels applied to all created resources
labels = {
  environment = "production"
  owner       = "security-team"
  project     = "cspm"
  managed-by  = "terraform"
}