Update cloud scanner docs

deepfence · Oct 8, 2024 · 4b68b88 · 4b68b88
1 parent 20aa2e0
commit 4b68b88
Show file tree

Hide file tree

Showing 5 changed files with 84 additions and 19 deletions.
diff --git a/deepfence_agent/plugins/cloud-scanner b/deepfence_agent/plugins/cloud-scanner
diff --git a/docs/docs/cloudscanner/gcp.md b/docs/docs/cloudscanner/gcp.md
@@ -277,7 +277,7 @@ module "cloud_scanner_example_multiple_project" {
       SUCCESS_SIGNAL_URL: ""
       DF_LOG_LEVEL: info
       SCAN_INACTIVE_THRESHOLD: "21600"
-      CLOUD_SCANNER_POLICY: "arn:aws:iam::aws:policy/SecurityAudit"
+      CLOUD_SCANNER_POLICY: ""
     ```
 6. Start the cloud scanner using docker compose
     ```

diff --git a/docs/versioned_docs/version-v2.3/cloudscanner/aws.md b/docs/versioned_docs/version-v2.3/cloudscanner/aws.md
@@ -303,13 +303,34 @@ For full details, refer to the GitHub repository: https://github.com/deepfence/t
 3. Modify the EC2 instance, add the instance profile created by cloudformation script
 4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url
     ```
-    https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml 
+    https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml 
     ```
     ```bash
     mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner
-    wget https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml 
+    wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml
     ```
 5. Update the account details and console details in the docker-compose.yaml
+    ```
+    image: quay.io/deepfenceio/cloud_scanner_ce:2.3.1
+    environment:
+      MGMT_CONSOLE_URL: "<CONSOLE_URL>"
+      MGMT_CONSOLE_PORT: <CONSOLE_PORT>
+      DEEPFENCE_KEY: "<DEEPFENCE_KEY>"
+      CLOUD_PROVIDER: "aws"
+      CLOUD_REGION: "<REGION>"
+      CLOUD_ACCOUNT_ID: "<ACCOUNT_ID>"
+      DEPLOYED_ACCOUNT_ID: ""
+      CLOUD_ACCOUNT_NAME: ""
+      ORGANIZATION_DEPLOYMENT: false
+      CLOUD_ORGANIZATION_ID: ""
+      ROLE_NAME: ""
+      CLOUD_AUDIT_LOG_IDS: ""
+      HTTP_SERVER_REQUIRED: "false"
+      SUCCESS_SIGNAL_URL: ""
+      DF_LOG_LEVEL: info
+      SCAN_INACTIVE_THRESHOLD: "21600"
+      CLOUD_SCANNER_POLICY: "arn:aws:iam::aws:policy/SecurityAudit"
+    ```
 6. Start the cloud scanner using docker compose 
     ```
     docker compose up -d
@@ -321,13 +342,34 @@ For full details, refer to the GitHub repository: https://github.com/deepfence/t
 3. Modify the EC2 instance, add the instance profile created by cloudformation script
 4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url
     ```
-    https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml 
+    https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml 
     ```
     ```bash
     mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner
-    wget https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml 
+    wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml
     ```
 5. Update the organization account details and console details in the docker-compose.yaml
+    ```
+    image: quay.io/deepfenceio/cloud_scanner_ce:2.3.1
+    environment:
+      MGMT_CONSOLE_URL: "<CONSOLE_URL>"
+      MGMT_CONSOLE_PORT: <CONSOLE_PORT>
+      DEEPFENCE_KEY: "<DEEPFENCE_KEY>"
+      CLOUD_PROVIDER: "aws"
+      CLOUD_REGION: "<REGION>"
+      CLOUD_ACCOUNT_ID: "<ROOT_ACCOUNT_ID>"
+      DEPLOYED_ACCOUNT_ID: ""
+      CLOUD_ACCOUNT_NAME: ""
+      ORGANIZATION_DEPLOYMENT: true
+      CLOUD_ORGANIZATION_ID: "<ROOT_ACCOUNT_ID>"
+      ROLE_NAME: "<ROLE_NAME>"
+      CLOUD_AUDIT_LOG_IDS: ""
+      HTTP_SERVER_REQUIRED: "false"
+      SUCCESS_SIGNAL_URL: ""
+      DF_LOG_LEVEL: info
+      SCAN_INACTIVE_THRESHOLD: "21600"
+      CLOUD_SCANNER_POLICY: "arn:aws:iam::aws:policy/SecurityAudit"
+    ```
 6. Start the cloud scanner using docker compose 
     ```
     docker compose up -d

diff --git a/docs/versioned_docs/version-v2.3/cloudscanner/azure.md b/docs/versioned_docs/version-v2.3/cloudscanner/azure.md
@@ -260,37 +260,39 @@ module "test" {
     ```
 3. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url
     ```
-    https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml
+    https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml 
     ```
     ```bash
     mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner
-    wget https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml
+    wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml
     ```
 4. Update the environment vars account details and console details in the docker-compose.yaml, if deploying for multi tenants cloud scanner set `ORGANIZATION_DEPLOYMENT: true`
     ```
+    image: quay.io/deepfenceio/cloud_scanner_ce:2.3.1
     environment:
-      MGMT_CONSOLE_URL: "<Console URL>"
-      MGMT_CONSOLE_PORT: <Console PORT>
-      DEEPFENCE_KEY: "<DEEPFENCE KEY>"
+      MGMT_CONSOLE_URL: "<CONSOLE_URL>"
+      MGMT_CONSOLE_PORT: <CONSOLE_PORT>
+      DEEPFENCE_KEY: "<DEEPFENCE_KEY>"
       CLOUD_PROVIDER: "azure"
       CLOUD_REGION: "<LOCATION>"
       CLOUD_ACCOUNT_ID: "<SUBSCRIPTION_ID>"
       DEPLOYED_ACCOUNT_ID: "<SUBSCRIPTION_ID>"
       CLOUD_ACCOUNT_NAME: ""
       ORGANIZATION_DEPLOYMENT: false
-      CLOUD_ORGANIZATION_ID: "<tenant_id>"
+      CLOUD_ORGANIZATION_ID: "<TENANT_ID>"
       ROLE_NAME: ""
       CLOUD_AUDIT_LOG_IDS: ""
       HTTP_SERVER_REQUIRED: "false"
       SUCCESS_SIGNAL_URL: ""
       DF_LOG_LEVEL: info
       SCAN_INACTIVE_THRESHOLD: "21600"
       CLOUD_SCANNER_POLICY: ""
-      AZURE_TENANT_ID: "<tenant_id>"
-      AZURE_REGION: <LOCATION>
-      AZURE_CLIENT_ID: "<client_id>"
-      AZURE_CLIENT_SECRET: "<client_secret>"
-      AZURE_SUBSCRIPTION_ID: "SUBSCRIPTION_ID"
+
+      AZURE_TENANT_ID: "<TENANT_ID>"
+      AZURE_REGION: "<LOCATION>"
+      AZURE_CLIENT_ID: "<CLIENT_ID>"
+      AZURE_CLIENT_SECRET: "<CLIENT_SECRET>"
+      AZURE_SUBSCRIPTION_ID: "<SUBSCRIPTION_ID>"
     ```
 5. Start the cloud scanner using docker compose
     ```

diff --git a/docs/versioned_docs/version-v2.3/cloudscanner/gcp.md b/docs/versioned_docs/version-v2.3/cloudscanner/gcp.md
@@ -251,13 +251,34 @@ module "cloud_scanner_example_multiple_project" {
 ![gcp-vm-service-account](../img/gcp-vm-service-account.png)
 4. Create a directory **deepfence-cloud-scanner** and download docker-compose.yaml from the url
     ```
-    https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml
+    https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml 
     ```
     ```bash
     mkdir deepfence-cloud-scanner && cd deepfence-cloud-scanner
-    wget https://raw.githubusercontent.com/deepfence/cloud-scanner/main/docker-compose.yaml
+    wget https://raw.githubusercontent.com/deepfence/cloud-scanner/refs/heads/release-2.3/docker-compose.yaml
     ```
 5. Update the account details and console details in the docker-compose.yaml
+    ```
+    image: quay.io/deepfenceio/cloud_scanner_ce:2.3.1
+    environment:
+      MGMT_CONSOLE_URL: "<CONSOLE_URL>"
+      MGMT_CONSOLE_PORT: <CONSOLE_PORT>
+      DEEPFENCE_KEY: "<DEEPFENCE_KEY>"
+      CLOUD_PROVIDER: "gcp"
+      CLOUD_REGION: "<REGION>"
+      CLOUD_ACCOUNT_ID: "<PROJECT_ID>"
+      DEPLOYED_ACCOUNT_ID: "<PROJECT_ID>"
+      CLOUD_ACCOUNT_NAME: ""
+      ORGANIZATION_DEPLOYMENT: false
+      CLOUD_ORGANIZATION_ID: ""
+      ROLE_NAME: ""
+      CLOUD_AUDIT_LOG_IDS: ""
+      HTTP_SERVER_REQUIRED: "false"
+      SUCCESS_SIGNAL_URL: ""
+      DF_LOG_LEVEL: info
+      SCAN_INACTIVE_THRESHOLD: "21600"
+      CLOUD_SCANNER_POLICY: ""
+    ```
 6. Start the cloud scanner using docker compose
     ```
     docker compose up -d