Cloudbeat

Cloudbeat analyzes cloud assets for security compliance and sends findings to Elasticsearch as part of the Cloud Security Posture plugin in Kibana.

Getting Started

To get started with Cloud Security Posture on your cluster, see our documentation.

• Setup KSPM for Amazon EKS clusters

• Setup KSPM for unmanaged Kubernetes clusters

---

Development

Table of contents

• Prerequisites
• Deploying Cloudbeat as a process
  • Unmanaged Kubernetes
  • Amazon Elastic Kubernetes Service (EKS)
• Deploying Cloudbeat with Elastic-Agent

Prerequisites

1. We use Hermit to keep all our tooling in check. See our README for more details. Install it with the following command:

   curl -fsSL https://github.com/cashapp/hermit/releases/download/stable/install.sh | /bin/bash
   . ./bin/activate-hermit

   Note This will download and install hermit into ~/bin. You should add this to your $PATH if it isn't already.

   It is also recommended to add hermit's shell integration

2. Elastic stack running locally, preferably using Elastic-Package (you may need to authenticate) For example, spinning up 8.5.0 stack locally:

   eval "$(elastic-package stack shellinit)" # load stack environment variables
   elastic-package stack up --version 8.5.0 -v -d

• optional: Create local kind cluster to test against

  just create-kind-cluster
  just elastic-stack-connect-kind # connect it to local elastic stack

Deployment

Running Cloudbeat as a process

Self-Managed Kubernetes

Build and deploying cloudbeat into your local kind cluster:

just build-deploy-cloudbeat

Amazon Elastic Kubernetes Service (EKS)

Export AWS creds as env vars, kustomize will use these to populate your cloudbeat deployment.

export AWS_ACCESS_KEY="<YOUR_AWS_KEY>"
export AWS_SECRET_ACCESS_KEY="<YOUR_AWS_SECRET>"

Set your default cluster to your EKS cluster

kubectl config use-context {your-eks-cluster}

Deploy cloudbeat on your EKS cluster

just deploy-eks-cloudbeat

Advanced

If you need to change the default values in the configuration(ES_HOST, ES_PORT, ES_USERNAME, ES_PASSWORD), you can also create the deployment file yourself.

Self-Managed Kubernetes

just create-vanilla-deployment-file

EKS

just create-eks-deployment-file

To validate check the logs:

just logs-cloudbeat

Now go and check out the data on your Kibana!

Clean up

To stop this example and clean up the pod, run:

just delete-cloudbeat

Remote Debugging

Build & Deploy remote debug docker:

just build-deploy-cloudbeat-debug

After running the pod, expose the relevant ports:

just expose-ports

The app will wait for the debugger to connect before starting

Note Use your favorite IDE to connect to the debugger on localhost:40000 (for example Goland)

Running Cloudbeat with Elastic Agent

Cloudbeat is only supported on managed Elastic-Agents. It means, that in order to run the setup, you will be required to have a Kibana running. Create an agent policy and install the CSP integration. Now, when adding a new agent, you will get the K8s deployment instructions of elastic-agent.

Note Are you a developer/contributor or just looking for more deployment types? check out our dev docs