Configuration compliance modules when deployed with TF do not trigger a first run of an assessment. As a result, users need to run kick off the assessment manually after creating the integration.
Expected Behavior
When deploying a configuration compliance integration via a TF module, shortly after the integration is deployed and validated, an assessment should run to provide the first assessment report.
Actual Behavior
Integration will remain in pending state until manually triggering assessment or until the next scheduled assessment (usually 24 hours later).
Suggested Solution
Build a post-apply hook that triggers the configuration compliance assessment to run as a part of the deployment using the Lacework providers credentials.
Summary
Configuration compliance modules when deployed with TF do not trigger a first run of an assessment. As a result, users need to run kick off the assessment manually after creating the integration.
Expected Behavior
When deploying a configuration compliance integration via a TF module, shortly after the integration is deployed and validated, an assessment should run to provide the first assessment report.
Actual Behavior
Integration will remain in pending state until manually triggering assessment or until the next scheduled assessment (usually 24 hours later).
Suggested Solution
Build a post-apply hook that triggers the configuration compliance assessment to run as a part of the deployment using the Lacework providers credentials.