Migrates your visiblity information in cloudconformity.com to cloudone.trendmicro.com
MIT License
Migrates your visiblity information in cloudconformity.com to cloudone.trendmicro.com
Create or choose an empty folder where you would like to install and run the tool.
Start a shell/terminal on the folder you just created or chosen.
Create a python3 virtual environment
python3 -m venv .venv
Activate the virtual environment
source .venv/bin/activate
Install the tool
pip install conformity-migration-tool
Configure the tool
conformity-migration configure
Note: Once you finish the tool configuration once, a file called user-config.yml with the settings you configured will be generated in the same folder, in case you need to re-run the tool.
For Cloud One Conformity API endpoints, you can use the format: https://conformity.{region}.cloudone.trendmicro.com/api/
, here you can find more information about Cloud One Regions.
If you have AWS accounts to migrate, you can either manually update your Conformity Stack's ExternalID
parameter during migration on the next step or you can run this command conformity-migration-aws
first before migration.
Run this command to see all the available options:
conformity-migration-aws update-stack --help
Example command:
conformity-migration-aws update-stack --access-key <aws-access-key-here> --secret-key <aws-secret-key-here>
Using AWS_PROFILE:
conformity-migration-aws update-stack --profile <aws-profile-here>
For multiple accounts which you have cross-account role to use, you can add the option --cross-account-role-name
.
For multiple accounts which you don't have cross-account role to use or for a more granular control on each accounts' credentials, do the following steps:
a. Generate a CSV file containing all your AWS accounts and default stack information from Legacy conformity:
conformity-migration-aws generate-csv <CSV_FILE>
b. Update the CSV file with your AWS credentials or stack information when necessary.
c. Run the update-stack command with CLI option "--csv-file". You can use other options together with this option. Whatever non-empty values you put in the CSV file will override the values used in the CLI options.
conformity-migration-aws update-stack --csv-file <CSV_FILE>
Run the migration
conformity-migration run
If you already updated your AWS accounts' ExternalId
beforehand as in step 8, then you can add this
option below so it will stop prompting you to update your ExternalId manually:
conformity-migration run --skip-aws-prompt
In case you need to only migrate one or a few accounts, you can create a CSV file containing accounts that will be the only ones included in migration. In the CSV file, each row should consists of 2 fields: first is the account name and second is the environment as they appear on Conformity Dashboard. An empty file means the tool won't include any account in the migration. Here's an example:
my-aws-account-name,production
my-azure-subscription-name,development
To excute the migration simply execute:
conformity-migration run --include-accounts-file file.csv
The same concept apply to exclude accounts from the migration:
conformity-migration run --exclude-accounts-file file.csv
AWS account
ExternalId
parameter of CloudConformity stack of his/her AWS account. This can be done either manually or using the CLI conformity-migration-aws
which is part of the conformity-migration-tool package.Azure account
GCP account
If you encounter any errors in the execution, please Create a New Issue describing the steps that you went through, the results expected, and the actual results that you got.
The tool automatically generates log files when an error is found. In the same folder that you ran the tool, you will find these files:
conformity-migration-error.log
-> Specific logs about errors encountered from the last runtime.
conformity-migration.log
-> General log information about the tool the last runtime.
Note: Please don't share these files publicly, they might contain sensitive information about your environment. In case you need to share for support purposes, mask sensitive information before sending it.
If you encounter a bug, think of a useful feature, or find something confusing in the docs, please Create a New Issue!
We ❤️ pull requests. If you'd like to fix a bug, contribute to a feature or just correct a typo, please feel free to do so.
If you're thinking of adding a new feature, consider opening an issue first to discuss it to ensure it aligns with the direction of the project (and potentially save yourself some time!).