sysdiglabs
diff --git a/‎examples/organizational/README.md
+2-3 b/‎examples/organizational/README.md
+2-3
diff --git a/‎examples/organizational/main.tf
+1-6 b/‎examples/organizational/main.tf
+1-6
diff --git a/‎examples/organizational/variables.tf
+1-5 b/‎examples/organizational/variables.tf
+1-5
diff --git a/‎examples/single-account-apprunner/README.md
-1 b/‎examples/single-account-apprunner/README.md
-1
diff --git a/‎examples/single-account-apprunner/main.tf
+1-7 b/‎examples/single-account-apprunner/main.tf
+1-7
diff --git a/‎examples/single-account-apprunner/variables.tf
-6 b/‎examples/single-account-apprunner/variables.tf
-6
diff --git a/‎examples/single-account-ecs/README.md
-1 b/‎examples/single-account-ecs/README.md
-1
diff --git a/‎examples/single-account-ecs/main.tf
+1-6 b/‎examples/single-account-ecs/main.tf
+1-6
diff --git a/‎examples/single-account-ecs/variables.tf
-5 b/‎examples/single-account-ecs/variables.tf
-5
diff --git a/‎examples/single-account-k8s/README.md
+1-2 b/‎examples/single-account-k8s/README.md
+1-2
diff --git a/‎examples/single-account-k8s/cloud-connector.tf
+9-24 b/‎examples/single-account-k8s/cloud-connector.tf
+9-24
diff --git a/‎examples/single-account-k8s/credentials.tf
+1-2 b/‎examples/single-account-k8s/credentials.tf
+1-2
diff --git a/‎examples/single-account-k8s/variables.tf
-5 b/‎examples/single-account-k8s/variables.tf
-5
diff --git a/‎examples/trigger-events/README.md
+1-1 b/‎examples/trigger-events/README.md
+1-1
diff --git a/‎modules/infrastructure/cloudtrail/README.md
+1-1 b/‎modules/infrastructure/cloudtrail/README.md
+1-1
diff --git a/‎modules/infrastructure/cloudtrail_s3-sns-sqs/README.md
+1-1 b/‎modules/infrastructure/cloudtrail_s3-sns-sqs/README.md
+1-1
diff --git a/‎modules/infrastructure/codebuild/README.md
+1-1 b/‎modules/infrastructure/codebuild/README.md
+1-1
diff --git a/‎modules/infrastructure/ecs-vpc/README.md
+1-1 b/‎modules/infrastructure/ecs-vpc/README.md
+1-1
diff --git a/‎modules/infrastructure/permissions/cloud-connector/README.md
+1-1 b/‎modules/infrastructure/permissions/cloud-connector/README.md
+1-1
diff --git a/‎modules/infrastructure/permissions/cloud-scanning/README.md
+1-2 b/‎modules/infrastructure/permissions/cloud-scanning/README.md
+1-2
diff --git a/‎modules/infrastructure/permissions/cloud-scanning/main.tf
+8-11 b/‎modules/infrastructure/permissions/cloud-scanning/main.tf
+8-11
diff --git a/‎modules/infrastructure/permissions/cloud-scanning/variables.tf
-5 b/‎modules/infrastructure/permissions/cloud-scanning/variables.tf
-5
diff --git a/‎modules/infrastructure/permissions/general/README.md
+1-1 b/‎modules/infrastructure/permissions/general/README.md
+1-1
diff --git a/‎modules/infrastructure/permissions/iam-user/README.md
+1-2 b/‎modules/infrastructure/permissions/iam-user/README.md
+1-2
@@ -145,8 +145,8 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
-| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
+| <a name="provider_aws.member"></a> [aws.member](#provider\_aws.member) | 4.20.1 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
 
 ## Modules
@@ -195,7 +195,6 @@ $ terraform apply
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
 | <a name="input_organizational_member_default_admin_role"></a> [organizational\_member\_default\_admin\_role](#input\_organizational\_member\_default\_admin\_role) | Default role created by AWS for management-account users to be able to admin member accounts.<br/>https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html | `string` | `"OrganizationAccountAccessRole"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
-| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 
 ## Outputs
 
 
@@ -1,7 +1,3 @@
-locals {
-  deploy_image_scanning = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs
-  deploy_scanning_infra = local.deploy_image_scanning && !var.use_standalone_scanner
-}
 #-------------------------------------
 # resources deployed always in management account
 # with default provider
@@ -40,7 +36,7 @@ module "ssm" {
 # cloud-connector
 #-------------------------------------
 module "codebuild" {
-  count = local.deploy_scanning_infra ? 1 : 0
+  count = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs ? 1 : 0
 
   providers = {
     aws = aws.member
@@ -66,7 +62,6 @@ module "cloud_connector" {
 
   deploy_image_scanning_ecr = var.deploy_image_scanning_ecr
   deploy_image_scanning_ecs = var.deploy_image_scanning_ecs
-  use_standalone_scanner    = var.use_standalone_scanner
 
   is_organizational = true
   organizational_config = {
 
@@ -69,11 +69,7 @@ variable "deploy_image_scanning_ecs" {
   default     = false
 }
 
-variable "use_standalone_scanner" {
-  type        = bool
-  description = "true/false whether use inline scanner or not"
-  default     = false
-}
+
 #
 # benchmark configuration
 #
 
@@ -104,7 +104,6 @@ $ terraform apply
 | <a name="input_deploy_image_scanning_ecs"></a> [deploy\_image\_scanning\_ecs](#input\_deploy\_image\_scanning\_ecs) | true/false whether to deploy the image scanning on ECS running images | `bool` | `false` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
-| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 
 ## Outputs
 
 
@@ -1,8 +1,3 @@
-locals {
-  deploy_image_scanning = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs
-  deploy_scanning_infra = local.deploy_image_scanning && !var.use_standalone_scanner
-}
-
 #-------------------------------------
 # general resources
 #-------------------------------------
@@ -24,7 +19,7 @@ module "ssm" {
 # cloud-connector
 #-------------------------------------
 module "codebuild" {
-  count = local.deploy_scanning_infra ? 1 : 0
+  count = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs ? 1 : 0
 
   source                       = "../../modules/infrastructure/codebuild"
   name                         = "${var.name}-codebuild"
@@ -50,7 +45,6 @@ module "cloud_connector" {
   cloudconnector_ecr_image_uri = var.cloudconnector_ecr_image_uri
   deploy_image_scanning_ecr    = var.deploy_image_scanning_ecr
   deploy_image_scanning_ecs    = var.deploy_image_scanning_ecs
-  use_standalone_scanner       = var.use_standalone_scanner
 
   cloudtrail_sns_arn = local.cloudtrail_sns_arn
   tags               = var.tags
 
@@ -42,12 +42,6 @@ variable "deploy_image_scanning_ecs" {
   default     = false
 }
 
-variable "use_standalone_scanner" {
-  type        = bool
-  description = "true/false whether use inline scanner or not"
-  default     = false
-}
-
 #
 # benchmark configuration
 #
 
@@ -110,7 +110,6 @@ $ terraform apply
 | <a name="input_ecs_vpc_subnets_private_ids"></a> [ecs\_vpc\_subnets\_private\_ids](#input\_ecs\_vpc\_subnets\_private\_ids) | List of VPC subnets where workload is to be deployed. Defaulted to be created when 'ecs\_cluster\_name' is not provided. | `list(string)` | `[]` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
-| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 
 ## Outputs
 
 
@@ -1,7 +1,3 @@
-locals {
-  deploy_image_scanning = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs
-  deploy_scanning_infra = local.deploy_image_scanning && !var.use_standalone_scanner
-}
 #-------------------------------------
 # general resources
 #-------------------------------------
@@ -25,7 +21,7 @@ module "ssm" {
 #
 
 module "codebuild" {
-  count = local.deploy_scanning_infra ? 1 : 0
+  count = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs ? 1 : 0
 
   source                       = "../../modules/infrastructure/codebuild"
   name                         = "${var.name}-codebuild"
@@ -49,7 +45,6 @@ module "cloud_connector" {
 
   deploy_image_scanning_ecr = var.deploy_image_scanning_ecr
   deploy_image_scanning_ecs = var.deploy_image_scanning_ecs
-  use_standalone_scanner    = var.use_standalone_scanner
 
   is_organizational = false
 
 
@@ -85,11 +85,6 @@ variable "deploy_image_scanning_ecs" {
   default     = false
 }
 
-variable "use_standalone_scanner" {
-  type        = bool
-  description = "true/false whether use inline scanner or not"
-  default     = false
-}
 
 #
 # benchmark configuration
 
@@ -84,7 +84,7 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | 2.6.0 |
 | <a name="provider_sysdig"></a> [sysdig](#provider\_sysdig) | 0.5.37 |
 
@@ -121,7 +121,6 @@ $ terraform apply
 | <a name="input_deploy_image_scanning_ecs"></a> [deploy\_image\_scanning\_ecs](#input\_deploy\_image\_scanning\_ecs) | true/false whether to deploy the image scanning on ECS running images | `bool` | `false` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | sysdig secure-for-cloud tags. always include 'product' default tag for resource-group proper functioning | `map(string)` | <pre>{<br>  "product": "sysdig-secure-for-cloud"<br>}</pre> | no |
-| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 
 ## Outputs
 
 
@@ -1,10 +1,5 @@
 locals {
-  deploy_image_scanning   = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs
-  deploy_scanning_infra   = local.deploy_image_scanning && !var.use_standalone_scanner
-  ecr_standalone_scanning = var.deploy_image_scanning_ecr && var.use_standalone_scanner
-  ecs_standalone_scanning = var.deploy_image_scanning_ecs && var.use_standalone_scanner
-  ecr_scanning_with_infra = var.deploy_image_scanning_ecr && !var.use_standalone_scanner
-  ecs_scanning_with_infra = var.deploy_image_scanning_ecs && !var.use_standalone_scanner
+  deploy_image_scanning = var.deploy_image_scanning_ecr || var.deploy_image_scanning_ecs
 }
 
 #-------------------------------------
@@ -19,7 +14,7 @@ module "cloud_connector_sqs" {
 }
 
 module "codebuild" {
-  count  = local.deploy_scanning_infra ? 1 : 0
+  count  = local.deploy_image_scanning ? 1 : 0
   source = "../../modules/infrastructure/codebuild"
 
   name                         = var.name
@@ -73,8 +68,6 @@ resource "helm_release" "cloud_connector" {
 
   values = [
     yamlencode({
-      logging = "info"
-      rules   = []
       ingestors = [
         {
           cloudtrail-sns-sqs = {
@@ -83,26 +76,18 @@ resource "helm_release" "cloud_connector" {
         }
       ]
       scanners = local.deploy_image_scanning ? [
-        merge(
-          local.ecr_scanning_with_infra ? {
-            aws-ecr = {
-              codeBuildProject         = module.codebuild[0].project_name
-              secureAPITokenSecretName = module.ssm.secure_api_token_secret_name
-            }
+        merge(var.deploy_image_scanning_ecr ? {
+          aws-ecr = {
+            codeBuildProject         = module.codebuild[0].project_name
+            secureAPITokenSecretName = module.ssm.secure_api_token_secret_name
+          }
           } : {},
-          local.ecs_scanning_with_infra ? {
+          var.deploy_image_scanning_ecs ? {
             aws-ecs = {
               codeBuildProject         = module.codebuild[0].project_name
               secureAPITokenSecretName = module.ssm.secure_api_token_secret_name
             }
-          } : {},
-          local.ecr_standalone_scanning ? {
-            aws-ecr-inline = {},
-          } : {},
-          local.ecs_standalone_scanning ? {
-            aws-ecs-inline = {},
-          } : {},
-        )
+        } : {})
       ] : []
     })
   ]
 
@@ -2,8 +2,7 @@ module "iam_user" {
   source = "../../modules/infrastructure/permissions/iam-user"
   name   = var.name
 
-  deploy_image_scanning  = local.deploy_image_scanning
-  use_standalone_scanner = var.use_standalone_scanner
+  deploy_image_scanning = local.deploy_image_scanning
 
   ssm_secure_api_token_arn       = module.ssm.secure_api_token_secret_arn
   cloudtrail_s3_bucket_arn       = length(module.cloudtrail) > 0 ? module.cloudtrail[0].s3_bucket_arn : "*"
 
@@ -54,11 +54,6 @@ variable "deploy_image_scanning_ecs" {
   default     = false
 }
 
-variable "use_standalone_scanner" {
-  type        = bool
-  description = "true/false whether use inline scanner or not"
-  default     = false
-}
 
 #
 # benchmark configuration
 
@@ -49,7 +49,7 @@ $ terraform apply
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
 
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
 
@@ -46,7 +46,7 @@ EVENT FILTER/fine-tunning, regarding what we want to send to Sysdig Cloud-Connec
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
 
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
 
@@ -13,7 +13,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
 
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
 
@@ -12,7 +12,7 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
@@ -34,7 +34,6 @@ No modules.
 | <a name="input_scanning_codebuild_project_arn"></a> [scanning\_codebuild\_project\_arn](#input\_scanning\_codebuild\_project\_arn) | ARN of codebuild to launch the image scanning process | `string` | n/a | yes |
 | <a name="input_sfc_user_name"></a> [sfc\_user\_name](#input\_sfc\_user\_name) | Name of the IAM user to provision permissions | `string` | n/a | yes |
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
-| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 
 ## Outputs
 
 
@@ -1,5 +1,4 @@
 resource "aws_iam_user_policy" "cloud_scanner" {
-
   name   = "${var.name}-cs"
   user   = data.aws_iam_user.this.user_name
   policy = data.aws_iam_policy_document.cloud_scanner.json
@@ -18,18 +17,16 @@ data "aws_iam_policy_document" "cloud_scanner" {
     resources = [var.cloudtrail_subscribed_sqs_arn]
   }
 
-  dynamic "statement" {
-    for_each = var.use_standalone_scanner ? [1] : []
-    content {
-      sid    = "AllowScanningCodeBuildStartBuild"
-      effect = "Allow"
-      actions = [
-        "codebuild:StartBuild"
-      ]
-      resources = [var.scanning_codebuild_project_arn]
-    }
+  statement {
+    sid    = "AllowScanningCodeBuildStartBuild"
+    effect = "Allow"
+    actions = [
+      "codebuild:StartBuild"
+    ]
+    resources = [var.scanning_codebuild_project_arn]
   }
 
+
   statement {
     sid    = "AllowScanningECRRead"
     effect = "Allow"
 
@@ -14,11 +14,6 @@ variable "scanning_codebuild_project_arn" {
   description = "ARN of codebuild to launch the image scanning process"
 }
 
-variable "use_standalone_scanner" {
-  type        = bool
-  description = "true/false whether use inline scanner or not"
-  default     = false
-}
 
 #---------------------------------
 # optionals - with default
 
@@ -15,7 +15,7 @@ General permissions that apply to both cloud-connector and cloud-scanning module
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
 
@@ -45,7 +45,7 @@ Note: Contact us if this authentication system does not match your requirement.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.19.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.20.1 |
 
 ## Modules
 
@@ -72,7 +72,6 @@ Note: Contact us if this authentication system does not match your requirement.
 | <a name="input_name"></a> [name](#input\_name) | Name to be assigned to all child resources. A suffix may be added internally when required. Use default value unless you need to install multiple instances | `string` | `"sfc"` | no |
 | <a name="input_scanning_codebuild_project_arn"></a> [scanning\_codebuild\_project\_arn](#input\_scanning\_codebuild\_project\_arn) | ARN of codebuild to launch the image scanning process | `string` | `"*"` | no |
 | <a name="input_ssm_secure_api_token_arn"></a> [ssm\_secure\_api\_token\_arn](#input\_ssm\_secure\_api\_token\_arn) | ARN of the security credentials for the secure\_api\_token | `string` | `"*"` | no |
-| <a name="input_use_standalone_scanner"></a> [use\_standalone\_scanner](#input\_use\_standalone\_scanner) | true/false whether use inline scanner or not | `bool` | `false` | no |
 
 ## Outputs
Original file line number	Diff line number	Diff line change
`@@ -69,11 +69,7 @@ variable "deploy_image_scanning_ecs" {`
`69`	`69`	`default = false`
`70`	`70`	`}`
`71`	`71`
`72`		`-variable "use_standalone_scanner" {`
`73`		`- type = bool`
`74`		`- description = "true/false whether use inline scanner or not"`
`75`		`- default = false`
`76`		`-}`
	`72`	`+`
`77`	`73`	`#`
`78`	`74`	`# benchmark configuration`
`79`	`75`	`#`
Original file line number	Diff line number	Diff line change
`@@ -42,12 +42,6 @@ variable "deploy_image_scanning_ecs" {`
`42`	`42`	`default = false`
`43`	`43`	`}`
`44`	`44`
`45`		`-variable "use_standalone_scanner" {`
`46`		`- type = bool`
`47`		`- description = "true/false whether use inline scanner or not"`
`48`		`- default = false`
`49`		`-}`
`50`		`-`
`51`	`45`	`#`
`52`	`46`	`# benchmark configuration`
`53`	`47`	`#`
Original file line number	Diff line number	Diff line change
`@@ -85,11 +85,6 @@ variable "deploy_image_scanning_ecs" {`
`85`	`85`	`default = false`
`86`	`86`	`}`
`87`	`87`
`88`		`-variable "use_standalone_scanner" {`
`89`		`- type = bool`
`90`		`- description = "true/false whether use inline scanner or not"`
`91`		`- default = false`
`92`		`-}`
`93`	`88`
`94`	`89`	`#`
`95`	`90`	`# benchmark configuration`
Original file line number	Diff line number	Diff line change
`@@ -54,11 +54,6 @@ variable "deploy_image_scanning_ecs" {`
`54`	`54`	`default = false`
`55`	`55`	`}`
`56`	`56`
`57`		`-variable "use_standalone_scanner" {`
`58`		`- type = bool`
`59`		`- description = "true/false whether use inline scanner or not"`
`60`		`- default = false`
`61`		`-}`
`62`	`57`
`63`	`58`	`#`
`64`	`59`	`# benchmark configuration`