Open amirbenun opened 1 year ago
An elastic-agent deployment is composed of 2 parts:
The current deployment method is designed to test the manual deployment offered to the user. However, it is cumbersome and doesn't sufficiently mimic a real user's behavior:
Adding CloudFormation deployment will provide full coverage of the automated deployment offered to the user. Additionally, the manual flow will be covered similarly to today:
If we had the CloudFormation deployment, I don't see any reason to maintain another deployment method that doesn't sufficiently cover the manual deployment.
Would love to hear your thoughts @oren-zohar @gurevichdmitry @tehilashn
@amirbenun, I think it's a great initiative to add CloudFormation deployment for CSPM. Doing so will definitely increase our testing coverage.
However, I have reservations about completely removing the current deployment which mimics Linux tab deployment. Currently, we use a customized script to deploy the elastic-agent, but the script essentially contains the same instructions as the original one. The only difference is the EC2 instance type, which we can manage within the CloudFormation template through a selection from a combobox. On the other hand, with the current deployment, we have more flexibility in choosing any EC2 machine in Linux. I couldn't find any documentation that specifically recommends which EC2 machine type to use for this deployment. In theory, it might even be installed on a t2.micro instance.
Instead of entirely discarding the "old case," I suggest the following approach:
I don't think that the instance type makes a lot of difference for the two flows. However, I thought about another reason that is important enough to support that deployment method. The two deployment methods use different authentication:
I suggest supporting both deployment methods. Instead of a new configuration to select a deployment method for CSPM, we can deploy two agents and verify that we get findings from both of them.
Motivation
The Create-Environment Github workflow creates an EC2 instance with Terraform. Later on, after the creation of agent policy, it ssh into the instance and installs the agent with the required fleet-url and enrollment-token parameters. Instead, we can use the cloudformation to deploy the CSPM instance as a whole unit. It will give us more coverage around that flow and we will be able to delete custom code on the test that runs the agent in the instance.
Definition of done
Related tasks/epics