Add "Evaluate Compliance of Terraform Resources" Tutorial #14068
Conversation
|
Your site preview for commit d86aeb8 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-14068-d86aeb80.s3-website.us-west-2.amazonaws.com. |
|
Your site preview for commit 8817de6 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-14068-8817de6a.s3-website.us-west-2.amazonaws.com. |
| @@ -0,0 +1,250 @@ | |||
| --- | |||
| title: "Evaluate Compliance of Terraform Resources" | |||
There was a problem hiding this comment.
I think the use case of "discover and evaluate cloud resources for compliance with Insights" should be the title/focus, having the tutorial depend on having TF installed and making TF the primary use case seems unnecessarily limiting. The great part of insights is it can find things created with AWS tools, click ops etc. Also by not including "insights" in the title I wouldnt have thought that's what the tutorial was about.
There was a problem hiding this comment.
My understanding was that the focus of this particular tutorial should be on Terraform which is why I wrote it this way. @aaronkao Can you weigh in here?
There was a problem hiding this comment.
Yeah we are importing in non-Pulumi managed resources and using Insights, Compliance, and Copilot on it.
Is there already a tutorial that does Insights on Pulumi managed resources? If so, we may need to have a qualifier that explains this is for non-Pulumi managed.
I sorta like Terraform in the name because it really clearly calls out that you can use Insights on Terraform
|
|
||
| # A brief summary of the tutorial. It appears at the top of the tutorial page. Markdown is fine. | ||
| summary: | | ||
| In this tutorial, you will learn how to use Pulumi Insights to discover and evaluate cloud resources for compliance, regardless of how they were deployed. While Pulumi is often used for infrastructure as code (IaC), [Pulumi Insights](/docs/insights/) can scan resources provisioned by any IaC tool, or even resources that were deployed manually. This tutorial will focus on scanning and evaluating AWS resources that are deployed using Terraform in particular, but the same approach applies to other major cloud providers and deployment methods. |
There was a problem hiding this comment.
You might say "Pulumi IaC is used to" .... then , Pulumi insights can scan ... vs having the wording of "often used"
| # - some-non-existent-collection | ||
| --- | ||
|
|
||
| ## Deploy Terraform resources |
There was a problem hiding this comment.
Rather than create resources using TF: could the AWS cli be used to create an insecure ingress rule attached to a security group?
|
|
||
| ## Deploy Terraform resources | ||
|
|
||
| This step is optional if you already have Terraform resources deployed in your AWS account. Otherwise, you can start by creating a new project folder and Terraform file: |
There was a problem hiding this comment.
per notes above, I'd say we drop "Terraform resources" and make It "AWS resources"
| region = "us-west-2" | ||
| } | ||
|
|
||
| resource "aws_instance" "app_server" { |
There was a problem hiding this comment.
to demonstrate the policy you've created below, does the user need to create a app server and S3 bucket?
|
|
||
| {{< video title="Navigating to Pulumi Insights accounts page" src="/tutorials/eval-compliance-terraform/assets/insights-nav-to-accounts.mp4" autoplay="true" loop="true" >}} | ||
|
|
||
| Once there, click on the **Actions** dropdown and select the `Scan` radio button, then click **Scan**. You will see a status message that says ""Scan started a few seconds ago" once the scan has started. |
There was a problem hiding this comment.
| Once there, click on the **Actions** dropdown and select the `Scan` radio button, then click **Scan**. You will see a status message that says ""Scan started a few seconds ago" once the scan has started. | |
| Once there, click on the **Actions** dropdown and select the `Scan` radio button, then click **Scan**. You will see a status message that says "Scan started a few seconds ago" once the scan has started. |
|
|
||
| {{< video title="View sub-account scans" src="/tutorials/eval-compliance-terraform/assets/insights-view-sub-acct-scan.mp4" autoplay="true" loop="true" >}} | ||
|
|
||
| Once the scan has completed, the outline color of the scan will change to green, and the status will change to say "Scan #X succeeded in X minutes". |
There was a problem hiding this comment.
| Once the scan has completed, the outline color of the scan will change to green, and the status will change to say "Scan #X succeeded in X minutes". | |
| Once the scan has completed, the outline color of the scan will change to green, and the status will change to say "Scan #X succeeded in X minutes". |
It be more accessible to describe the icon button change, from the in progress to complete state.
|
|
||
|  | ||
|
|
||
| > If you have multiple Insights accounts, you can filter by your account name using the **Project** column filter. You can learn more about querying and filtering your resources by reviewing the [Pulumi Insights: Using Resources Explorer](/docs/insights/get-started/using-resource-explorer/) documentation |
There was a problem hiding this comment.
| > If you have multiple Insights accounts, you can filter by your account name using the **Project** column filter. You can learn more about querying and filtering your resources by reviewing the [Pulumi Insights: Using Resources Explorer](/docs/insights/get-started/using-resource-explorer/) documentation | |
| > If you have multiple Insights accounts, you can filter by your account name using the **Project** column filter. You can learn more about querying and filtering your resources by reviewing the [Pulumi Insights: Using Resources Explorer](/docs/insights/get-started/using-resource-explorer/) documentation. |
| pulumi policy publish | ||
| ``` | ||
|
|
||
| ### Add policy pack to Account |
There was a problem hiding this comment.
| ### Add policy pack to Account | |
| ### Add policy pack to an Insights Account |
|
|
||
| > If you want to learn more about creating custom Policy Packs in Pulumi, you can refer to our [Creating a Custom Policy Pack](/tutorials/custom-policy-pack/) tutorial series. | ||
|
|
||
| ## Evaluate Terraform resources |
There was a problem hiding this comment.
| ## Evaluate Terraform resources | |
| ## Evaluate AWS resources |
|
|
||
| ## Evaluate Terraform resources | ||
|
|
||
| Now that your policy pack has been deployed and your account has been associated with it, you can now evaluate your discovered AWS resources against the policy. To do so, navigate back to the **Accounts** section and select your account. Click the **Actions** dropdown button, select the **Scan** radio button, and then click **Scan**. |
There was a problem hiding this comment.
| Now that your policy pack has been deployed and your account has been associated with it, you can now evaluate your discovered AWS resources against the policy. To do so, navigate back to the **Accounts** section and select your account. Click the **Actions** dropdown button, select the **Scan** radio button, and then click **Scan**. | |
| Now that your policy pack has been deployed and your account has been associated with it, you can evaluate your discovered AWS resources against the policy. To do so, navigate back to the **Accounts** section and select your account. Click the **Actions** dropdown button, select the **Scan** radio button, and then click **Scan**. |
This PR adds the content for the Evaluate Compliance of Terraform Resources tutorial.