Panther Users Can Now Manage S3 Log Sources with Terraform

We’re thrilled to announce that Panther has joined HashiCorp’s Partner Network with the development of a Panther Terraform provider, solidifying our commitment to seamless, integrated security and infrastructure management. This will empower Panther users to create an S3 bucket and associated infrastructure in AWS, and onboard it to your Panther instance – all in Terraform.

Detection-as-Code & Infrastructure-as-Code

At its core, Panther’s philosophy has always revolved around “Detection-as-Code” (DaC). This transformative approach allows for agile, version-controlled, and precise threat detection. Similarly, Terraform’s Infrastructure-as-Code (IaC) methodology revolutionizes resource provisioning and system management.

DaC and IaC are kindred spirits, both stemming from the desire to introduce automation, precision, and scalability. When combined, they offer unparalleled robustness in security and infrastructure orchestration.

Shared Virtues of DaC & IaC

  1. Automation: Eliminate manual errors and streamline operations.
  2. Version Control: Every alteration, every change is meticulously logged.
  3. Scalability: Respond to demands effortlessly, whether it’s scaling threat detection or resources.
  4. Consistency: Ensure deployments, detections, and configurations remain uniform.

Managing S3 Log Sources with Terraform

To manage a Panther S3 Log Source using Terraform, use the published panther_s3_source provider. This Terraform provider is built on top of our Public API and requires an API token with permissions scoped to “Manage Log Sources”.

terraform {
  required_providers {
    panther = {
      source = "panther-labs/terraform-provider-panther"
    }
  }
}

provider "panther" {
  token = var.panther_api_token
  url   = var.panther_api_url
}Code language: Python (python)

To create and manage an S3 Log Source for AWS CloudTrail logs from “Log Source Bucket”:

resource "panther_s3_source" "demo_source" {
  aws_account_id                = var.aws_account_id
  name                          = "AWS S3 Source"
  log_processing_role_arn       = vars.log_processing_role_arn
  log_stream_type               = "JSON"
  bucket_name                   = "Log Source Bucket"
  prefix_log_types = [{
    excluded_prefixes = []
    log_types         = ["AWS.CloudTrail"]
    prefix            = ""
  }]
}Code language: Python (python)

For detailed guidance on managing S3 Sources through Terraform, visit our official documentation.

Embrace the synergy of Panther and Terraform, and reshape your security and infrastructure ecosystem.

Table of Contents

Recommended Resources

Escape Cloud Noise. Detect Security Signal.
Request a Demo