Cloudbeat analyzes cloud assets for security compliance and sends findings to Elasticsearch as part of the Cloud Security Posture plugin in Kibana.

To get started with Cloud Security Posture on your cluster, see our documentation.

• Setup KSPM for Amazon EKS clusters

• Setup KSPM for unmanaged Kubernetes clusters

• Local Deployment
  • Deploying Cloudbeat as a process
    • Self-Managed Kubernetes (Kind)
    • Amazon Elastic Kubernetes Service (EKS)
• Deploying Cloudbeat with Elastic-Agent

Deploying Cloudbeat locally either as a process, or through elastic-agent can be done with elastic-package - a tool that spins up en entire elastic stack locally. depending on the deployment platform (Self-Managed kubernetes / EKS) you may need to set up different environment.

1. We use Hermit to keep all our tooling in check. See our README for more details. Install it with the following commands:

   curl -fsSL https://github.com/cashapp/hermit/releases/download/stable/install.sh | /bin/bash
   . ./bin/activate-hermit

   Note This will download and install hermit into ~/bin. You should add this to your $PATH if it isn't already.

   It is also recommended to add hermit's shell integration

2. Elastic stack running locally, preferably using elastic-package (you may need to authenticate) For example, spinning up 8.6.0 stack locally:

   eval "$(elastic-package stack shellinit --shell $(basename $SHELL))" # load stack environment variables
   elastic-package stack up --version 8.6.0 -v -d

Cloudbeat can be deployed as a process, and will not be managed by Elastic Agent. (the fastest way to get started, getting findings)

We use Kind to spin up a local kubernetes cluster, and deploy Cloudbeat as a process. Build and deploying cloudbeat into your local kind cluster:

if you don't already have a Kind cluster, you can create one with:

just create-kind-cluster
just elastic-stack-connect-kind # connect it to local elastic stack

Build and deploy cloudbeat on your local kind cluster:

just build-deploy-cloudbeat

Note By default, cloudbeat binary will be built based on GOOS and GOARCH environment variables. If you want to build cloudbeat for a different platform you can set them as following:

# just build-deploy-cloudbeat <Target OS> <Target Arch>
just build-deploy-cloudbeat linux amd64

Another deployment option is to deploy cloudbeat as a process on EKS. This is useful for testing and development purposes.

Export AWS creds as env vars, kustomize will use these to populate your cloudbeat deployment.

export AWS_ACCESS_KEY="<YOUR_AWS_KEY>"
export AWS_SECRET_ACCESS_KEY="<YOUR_AWS_SECRET>"

Set your default cluster to your EKS cluster

kubectl config use-context <your-eks-cluster>

Deploy cloudbeat on your EKS cluster

just deploy-eks-cloudbeat

1. Spin up Elastic stack (using cloud/staging is recommended, but using elastic-package is also supported, see Local Deployment)
2. Create an agent policy and install the CSP integration (KSPM).
3. Now, when adding a new agent, you will get the K8s deployment instructions of elastic-agent.

Note Are you a developer/contributor or just looking for more information check out our dev docs