Fix errors in combined CloudLogs template and CI workflow

sysdiglabs · Oct 3, 2023 · bd5ac64 · bd5ac64
1 parent fe18f30
commit bd5ac64
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 21 deletions.
diff --git a/templates_cspm_cloudlogs/FullInstall.yaml b/templates_cspm_cloudlogs/FullInstall.yaml
@@ -9,7 +9,7 @@ Metadata:
         Parameters:
           - CSPMRoleName
           - CloudLogsRoleName
-          - ExternalID
+          - ExternalId
           - TrustedIdentity
           - BucketARN
 
@@ -18,7 +18,7 @@ Metadata:
         default: "CSPM Role Name (Sysdig use only)"
       CloudLogsRoleName:
         default: "CloudLogs Role Name (Sysdig use only)"
-      ExternalID:
+      ExternalId:
         default: "External ID (Sysdig use only)"
       TrustedIdentity:
         default: "Trusted Identity (Sysdig use only)"
@@ -32,12 +32,12 @@ Parameters:
   CloudLogsRoleName:
     Type: String
     Description: The name of the IAM Role that will enable access to the Cloudtrail logs.
-  EventBridgeRoleName:
-    Type: String
-    Description: A unique identifier used to create an IAM Role and EventBridge Rule
-  ExternalID:
+  ExternalId:
     Type: String
     Description: Sysdig ExternalID required for the policy creation
+  TrustedIdentity:
+    Type: String
+    Description: The name of Sysdig trusted identity.
   BucketARN:
     Type: String
     Description: The ARN of your s3 bucket associated with your Cloudtrail trail.
@@ -57,7 +57,7 @@ Resources:
             Action: "sts:AssumeRole"
             Condition:
               StringEquals:
-                sts:ExternalId: !Ref ExternalID
+                sts:ExternalId: !Ref ExternalId
       ManagedPolicyArns:
         - arn:aws:iam::aws:policy/SecurityAudit
   CloudLogsRole:
@@ -91,4 +91,4 @@ Resources:
               - !Sub '${BucketARN}'
               - !Sub '${BucketARN}/*'
       Roles:
-        - Ref: "CloudLogs"
+        - Ref: "CloudLogsRole"
diff --git a/templates_cspm_cloudlogs/OrgFullInstall.yaml b/templates_cspm_cloudlogs/OrgFullInstall.yaml
@@ -1,5 +1,5 @@
 AWSTemplateFormatVersion: "2010-09-09"
-Description: IAM Role and EventBridge resources used by Sysdig Secure
+Description: IAM Role and Cloudlogs resources used by Sysdig Secure
 
 Metadata:
   AWS::CloudFormation::Interface:
@@ -8,18 +8,17 @@ Metadata:
           default: "Sysdig Settings (Do not change)"
         Parameters:
           - CSPMRoleName
-          - ExternalID
+          - ExternalId
           - TrustedIdentity
           - BucketARN
-          - Regions
           - OrganizationUnitIDs
 
     ParameterLabels:
       CSPMRoleName:
         default: "CSPM Role Name (Sysdig use only)"
       CloudLogsRoleName:
         default: "CloudLogs Role Name (Sysdig use only)"
-      ExternalID:
+      ExternalId:
         default: "External ID (Sysdig use only)"
       BucketARN:
         default: "Bucket ARN"
@@ -35,7 +34,7 @@ Parameters:
   CloudLogsRoleName:
     Type: String
     Description: The name of the IAM Role that will enable access to the Cloudtrail logs.
-  ExternalID:
+  ExternalId:
     Type: String
     Description: Sysdig ExternalID required for the policy creation
   BucketARN:
@@ -62,7 +61,7 @@ Resources:
             Action: "sts:AssumeRole"
             Condition:
               StringEquals:
-                sts:ExternalId: !Sub ${ExternalID}
+                sts:ExternalId: !Sub ${ExternalId}
       ManagedPolicyArns:
         - arn:aws:iam::aws:policy/SecurityAudit
   CloudLogsRole:
@@ -96,7 +95,7 @@ Resources:
               - !Sub '${BucketARN}'
               - !Sub '${BucketARN}/*'
       Roles:
-        - Ref: "CloudLogs"
+        - Ref: "CloudLogsRole"
   RolesStackSet:
     Type: AWS::CloudFormation::StackSet
     Properties:
@@ -116,8 +115,8 @@ Resources:
           ParameterValue: !Ref CloudLogsRoleName
         - ParameterKey: TrustedIdentity
           ParameterValue: !Ref TrustedIdentity
-        - ParameterKey: ExternalID
-          ParameterValue: !Ref ExternalID
+        - ParameterKey: ExternalId
+          ParameterValue: !Ref ExternalId
         - ParameterKey: BucketARN
           ParameterValue: !Ref BucketARN
       StackInstancesGroup:
@@ -130,7 +129,7 @@ Resources:
         Parameters:
           CSPMRoleName:
             Type: String
-            Description: A unique identifier used to create an IAM Role and EventBridge Rule
+            Description: A unique identifier used to create an IAM Role
           CloudLogsRoleName:
             Type: String
             Description: The name of the IAM Role that will enable access to the Cloudtrail logs.
@@ -140,7 +139,7 @@ Resources:
           BucketARN:
             Type: String
             Description: The ARN of your s3 bucket associated with your Cloudtrail trail.
-          ExternalID:
+          ExternalId:
             Type: String
             Description: Sysdig ExternalID required for the policy creation
         Resources:
@@ -157,7 +156,7 @@ Resources:
                     Action: "sts:AssumeRole"
                     Condition:
                       StringEquals:
-                        sts:ExternalId: !Sub ${ExternalID}
+                        sts:ExternalId: !Sub ${ExternalId}
               ManagedPolicyArns:
                 - arn:aws:iam::aws:policy/SecurityAudit
           CloudLogsRole:
@@ -191,4 +190,4 @@ Resources:
                       - !Sub '${BucketARN}'
                       - !Sub '${BucketARN}/*'
               Roles:
-                - Ref: "CloudLogs"
+                - Ref: "CloudLogsRole"