Skip to content

rubrikinc/terraform-aws-polaris-cloud-native

BranchesTags

Repository files navigation

Terraform Module - AWS Rubrik Cloud Native

This module adds an AWS account to Rubrik Security Cloud (RSC/Polaris).

Usage

module "cloud_native" {
  source  = "rubrikinc/polaris-cloud-native/aws"

  aws_account_id   = "123456789012"
  aws_account_name = "my_aws_account_hosted_exocompute"
  aws_regions      = ["us-west-2","us-east-1"]

  rsc_aws_features = [
    {
      name              = "CLOUD_NATIVE_ARCHIVAL",
      permission_groups = ["BASIC"]
    },
    {
      name              = "CLOUD_NATIVE_PROTECTION"
      permission_groups = ["BASIC"]
    },
    {
      name              = "CLOUD_NATIVE_S3_PROTECTION"
      permission_groups = ["BASIC"]
    },
    {
      name              = "EXOCOMPUTE"
      permission_groups = ["BASIC", "RSC_MANAGED_CLUSTER"]
    },
    {
      name              = "RDS_PROTECTION",
      permission_groups = ["BASIC"]
    },
  ]
}

Examples

Changelog

v0.5.2

  • Update changelog.

v0.5.1

  • Make use of the permissions field in the polaris_aws_cnp_account_attachments resource to trigger an update of the resource whenever the permissions changes. This update will move the RSC cloud account from the missing permissions state. See the RSC (polaris) provider upgrade guide for additional information.

v0.5.0

  • Relax the AWS provider version constraint to >=5.26.0.
  • Relax the RSC (Polaris) provider version constraint to >=1.0.0.
  • Remove the AWS and RSC (Polaris) provider blocks from the module. These must now be provided in the Terraform root module.
  • Add module usage examples.
  • Mark the aws_profile and rsc_credentials variables as deprecated. They are no longer used by the module and have no replacements.
  • Add aws_iam_role_type input variable to support different ways to attach policies to the IAM roles created. Possible values are legacy, inline and managed. Defaults to managed. legacy should only be used for backwards compatibility with previously onboarded AWS accounts.
  • Add support for specifying additional tags to the resources being created in AWS.

Upgrading

Before upgrading the module, be sure to read through the changelog to understand the changes in the new version and any upgrade instructions for the version you are upgrading to.

To upgrade the module to a new version, use the following steps:

  1. Update the version field in the module block to the version you want to upgrade to, e.g. version = "0.5.0".
  2. Run terraform init --upgrade to update the providers and modules in your configuration.
  3. Run terraform plan and check the output carefully to ensure that there are no unexpected changes caused by the upgrade.
  4. Run terraform apply if there are expected changes that you want to apply.

Note, as variables in the module are deprecated, you may see warnings in the output of terraform plan. It's recommended that you follow the instructions in the deprecation message. Eventually deprecated variables will be removed.

Requirements

Name Version
terraform >=1.5.6
aws >=5.26.0
polaris >=1.0.0

Providers

Name Version
aws >=5.26.0
polaris >=1.0.0

Resources

Name Type
aws_iam_instance_profile.profile resource
aws_iam_policy.customer_managed resource
aws_iam_role.customer_inline resource
aws_iam_role.customer_managed resource
aws_iam_role.rsc_roles resource
aws_iam_role_policy.customer_inline resource
aws_iam_role_policy_attachment.customer_managed resource
aws_iam_role_policy_attachments_exclusive.customer_inline resource
aws_iam_role_policy_attachments_exclusive.customer_managed resource
polaris_aws_cnp_account.account resource
polaris_aws_cnp_account_attachments.attachments resource
polaris_aws_cnp_account_trust_policy.trust_policy resource
polaris_aws_cnp_artifacts.artifacts data source
polaris_aws_cnp_permissions.permissions data source

Modules

No modules.

Inputs

Name Description Type Default Required
aws_account_id AWS account ID to protect with Rubrik Security Cloud. string n/a yes
aws_account_name AWS account name to protect with Rubrik Security Cloud. string n/a yes
aws_ec2_recovery_role_path EC2 recovery role path for the cross account role. string "" no
aws_external_id External ID for the AWS cross account role. If left empty, RSC will automatically generate an external ID. string "" no
aws_iam_role_type How the AWS policies should be attached to the IAM roles created for RSC. Possible values: managed, inline and legacy. legacy should only be used for backwards compatibility with previously onboarded AWS accounts. string "managed" no
aws_profile AWS profile to use for the Rubrik Security Cloud account. string null no
aws_regions AWS regions to protect with Rubrik Security Cloud. set(string) n/a yes
aws_role_path AWS role path for cross account role. string "/" no
rsc_aws_delete_snapshots_on_destroy Delete snapshots in AWS when account is removed from Rubrik Security Cloud. bool false no
rsc_aws_features RSC features with permission groups to enable for the AWS account to be protected. 
set(object({
    name              = string
    permission_groups = set(string)
  }))
 n/a yes
rsc_cloud_type AWS cloud type in RSC. string "STANDARD" no
rsc_credentials Path to the Rubrik Security Cloud service account file. string null no
tags Tags to apply to AWS resources created. map(string) null no

Outputs

Name Description
aws_eks_worker_node_role_arn n/a
aws_iam_cross_account_role_arn n/a
cluster_master_role_arn n/a
rsc_aws_cnp_account_id n/a
worker_instance_profile n/a

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

3 forks
Report repository

Releases 7

v0.5.2 Latest
Sep 19, 2025
+ 6 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages