Elastic Defend Integration using Terraform

alextg · August 27, 2024, 3:18am

Hi,
Working in creating an agent policy with 3 integrations using terraform, first 2 integrations are completed, however the defend integration is giving issues. Can someone correct/advise how to defined the defend integration in TF? See below the code which is not working.

resource "elasticstack_fleet_integration_policy" "fleet_defend_integration_policy" {
  name                = endpoint_integrations"
  namespace           = "my_namespace"
  description         = "my_description"
  agent_policy_id     = elasticstack_fleet_agent_policy.default_agent_policy.policy_id
  integration_name    = elasticstack_fleet_integration.endpoint_integration.name
  integration_version = elasticstack_fleet_integration.endpoint_integration.version

  input {
    input_id = "endpoint"
    vars_json = jsonencode(
      {
          "config.integration_config.value": {
            "type": "endpoint", 
            "endpointConfig.preset": "EDRComplete"
          }
      }
    )

  }
}

lesio · August 27, 2024, 1:13pm

Which version are you deploying? Elastic Endpoint, the endpoint service for Elastic Defend has been deprecated for containers. You might be interested in the replacement product Defend for Containers | Documentation (elastic.co)

alextg · August 27, 2024, 3:07pm

Version is 8.14. Also, the terraform I'm building is not for containers, it just builds an agent policy with a defend integration.

lesio · August 27, 2024, 8:01pm

Thank you for the clarification, then I'll let others speak here as I'm not familiar with this area.

andrewkroh · August 27, 2024, 9:23pm

I think there is a misalignment in between the Terraform fleet_integration_policy parameters and the full scope of options supported by the Fleet API.

To resolve this we need to enhance the Terraform resource to allow for parameters like config and type to be specified. Would you want to open a request for that in GitHub - elastic/terraform-provider-elasticstack: Terraform provider for Elastic Stack if there isn't already one?

References

Fleet API (see POST /package_policies): MrinDoc OpenAPI Spec Viewer
Terraform interface: Terraform Registry

system · September 24, 2024, 9:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic-endpoint installed although defend integration is not applied to policy Endpoint Security	5	399	March 7, 2024
Defend API integration Endpoint Security	5	665	May 30, 2023
Integration Endpoint Security	8	953	March 31, 2023
Elastic Defend integration failing on eck-agent helm chart pods Elastic Agent elastic-stack-security	2	21	September 11, 2024
Fleet - Managing Elastic Agent Policies Elastic Agent	0	12	October 23, 2024

Elastic Defend Integration using Terraform

References

Related topics