cloud_aws_account

This resource registers an AWS account or organization in Falcon Cloud Security.

API Scopes

The following API scopes are required:

• Cloud security AWS registration: READ
• Cloud security AWS registration: WRITE

Example Usage

terraform {
  required_providers {
    crowdstrike = {
      source = "registry.terraform.io/crowdstrike/crowdstrike"
    }
  }
}

provider "crowdstrike" {
  cloud = "us-2"
}

resource "crowdstrike_cloud_aws_account" "org" {
  account_id      = "123456789012"
  organization_id = "o-1234567890"

  realtime_visibility = {
    enabled           = true
    cloudtrail_region = "us-east-1"
  }

  dspm = {
    enabled = true
  }

  vulnerability_scanning = {
    enabled = true
  }

  idp = {
    enabled = true
  }

  sensor_management = {
    enabled = true
  }
}

Schema

Required

• account_id (String) The AWS Account ID

Optional

• account_type (String) The AWS account type. Value is ‘commercial’ for Commercial cloud accounts. For GovCloud environments, value can be either ‘commercial’ or ‘gov’ depending on the account type
• asset_inventory (Attributes) (see below for nested schema)
• deployment_method (String) How the account was deployed. Valid values are ‘terraform-native’, ‘terraform-cft’, and ‘cft’. This value cannot be changed after the account is created.
• dspm (Attributes) (see below for nested schema)
• idp (Attributes) (see below for nested schema)
• organization_id (String) The AWS Organization ID (starts with o-). When specified, accounts within the organization will be registered. If target_ous is empty, all accounts in the organization will be registered. The account_id must be the organization’s management account ID.
• realtime_visibility (Attributes) Configuration for real-time visibility and detection. When not specified, defaults to disabled (enabled=false) with cloudtrail_region set based on account_type (us-gov-west-1 for gov accounts, us-east-1 for commercial accounts) and use_existing_cloudtrail=true (see below for nested schema)
• resource_name_prefix (String) The prefix to be added to all resource names
• resource_name_suffix (String) The suffix to be added to all resource names
• sensor_management (Attributes) (see below for nested schema)
• target_ous (List of String) The list of target Organizational Units
• vulnerability_scanning (Attributes) (see below for nested schema)

Read-Only

• agentless_scanning_role_name (String) The name of the IAM role to be used by CrowdStrike Agentless Scanning (DSPM/Vulnerability scanning). If both are configured, the DSPM role takes precedence.
• cloudtrail_bucket_name (String) The name of the CloudTrail S3 bucket used for real-time visibility
• dspm_role_arn (String) The ARN of the IAM role to be used by CrowdStrike Data Security Posture Management
• dspm_role_name (String) The name of the IAM role to be used by CrowdStrike Data Security Posture Management
• eventbus_arn (String) The ARN of the Amazon EventBridge used by CrowdStrike to forward messages
• eventbus_name (String) The name of the Amazon EventBridge used by CrowdStrike to forward messages
• external_id (String) The external ID used to assume the AWS IAM role
• iam_role_arn (String) The ARN of the AWS IAM role used to access this AWS account
• iam_role_name (String) The name of the AWS IAM role used to access this AWS account
• intermediate_role_arn (String) The ARN of the intermediate role used to assume the AWS IAM role
• is_organization_management_account (Boolean) Indicates whether this is the management account (formerly known as the root account) of an AWS Organization
• vulnerability_scanning_role_arn (String) The ARN of the IAM role to be used by CrowdStrike Vulnerability Scanning
• vulnerability_scanning_role_name (String) The name of the IAM role to be used by CrowdStrike Vulnerability Scanning

Nested Schema for asset_inventory

Required:

• enabled (Boolean) Enable asset inventory

Optional:

• role_name (String) Custom AWS IAM role name

Nested Schema for dspm

Required:

• enabled (Boolean) Enable Data Security Posture Management

Optional:

• role_name (String) Custom AWS IAM role name for Data Security Posture Management

Nested Schema for idp

Required:

• enabled (Boolean) Enable Identity Protection

Read-Only:

• status (String, Deprecated) Current status of the Identity Protection integration

Nested Schema for realtime_visibility

Required:

• cloudtrail_region (String) The AWS region of the CloudTrail bucket
• enabled (Boolean) Enable real-time visibility and detection

Optional:

• log_ingestion_kms_key_arn (String) Optional KMS key ARN for S3 bucket encryption when log_ingestion_method is ‘s3’
• log_ingestion_method (String) Log ingestion method for real-time visibility. Valid values are ‘eventbridge’ or ‘s3’
• log_ingestion_s3_bucket_name (String) S3 bucket name for CloudTrail log ingestion when log_ingestion_method is ‘s3’. Required when using S3 method
• log_ingestion_s3_bucket_prefix (String) Optional S3 bucket prefix (a prefix used for filter log files with the prefix present in their key) for CloudTrail logs when log_ingestion_method is ‘s3’
• log_ingestion_sns_topic_arn (String) SNS topic ARN for S3 CloudTrail log notifications when log_ingestion_method is ‘s3’. Required when using S3 method
• regions (List of String) List of AWS regions for Real-Time Visibility and Detection. If not specified, defaults to all regions
• use_existing_cloudtrail (Boolean) Set to true if a CloudTrail already exists

Nested Schema for sensor_management

Required:

• enabled (Boolean) Enable 1-click sensor deployment

Nested Schema for vulnerability_scanning

Required:

• enabled (Boolean) Enable Vulnerability Scanning

Optional:

• role_name (String) Custom AWS IAM role name for Vulnerability Scanning

Import

Import is supported using the following syntax:

# A previously registered cloud aws account can be imported by account id.
terraform import crowdstrike_cloud_aws_account.account 12345678910