Elastic Defend Integration using Terraform

Hi,
Working in creating an agent policy with 3 integrations using terraform, first 2 integrations are completed, however the defend integration is giving issues. Can someone correct/advise how to defined the defend integration in TF? See below the code which is not working.

resource "elasticstack_fleet_integration_policy" "fleet_defend_integration_policy" {
  name                = endpoint_integrations"
  namespace           = "my_namespace"
  description         = "my_description"
  agent_policy_id     = elasticstack_fleet_agent_policy.default_agent_policy.policy_id
  integration_name    = elasticstack_fleet_integration.endpoint_integration.name
  integration_version = elasticstack_fleet_integration.endpoint_integration.version

  input {
    input_id = "endpoint"
    vars_json = jsonencode(
      {
          "config.integration_config.value": {
            "type": "endpoint", 
            "endpointConfig.preset": "EDRComplete"
          }
      }
    )

  }
}

Which version are you deploying? Elastic Endpoint, the endpoint service for Elastic Defend has been deprecated for containers. You might be interested in the replacement product Defend for Containers | Documentation (elastic.co)

Version is 8.14. Also, the terraform I'm building is not for containers, it just builds an agent policy with a defend integration.

Thank you for the clarification, then I'll let others speak here as I'm not familiar with this area.

I think there is a misalignment in between the Terraform fleet_integration_policy parameters and the full scope of options supported by the Fleet API.

To resolve this we need to enhance the Terraform resource to allow for parameters like config and type to be specified. Would you want to open a request for that in GitHub - elastic/terraform-provider-elasticstack: Terraform provider for Elastic Stack if there isn't already one?

References

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.