[AGENTLESS] Allow scanner to set desired capacity of ASG

DataDog · Sep 20, 2024 · 2c496b8 · 2c496b8
1 parent ed7b680
commit 2c496b8
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/aws_quickstart/datadog_agentless_scanning.yaml b/aws_quickstart/datadog_agentless_scanning.yaml
@@ -425,6 +425,10 @@ Resources:
       PolicyDocument:
         Version: '2012-10-17'
         Statement:
+          - Sid: DatadogAgentlessScannerAutoScaling
+            Action: 'autoscaling:SetDesiredCapacity'
+            Effect: Allow
+            Resource: !Ref 'ScannerAutoScalingGroup'
           - Sid: DatadogAgentlessScannerResourceTagging
             Action: 'ec2:CreateTags'
             Effect: Allow
@@ -638,6 +642,7 @@ Resources:
             Condition:
               StringEquals:
                 'aws:ResourceTag/DatadogAgentlessScanner': 'true'
+
       MaxSessionDuration: 3600
       ManagedPolicyArns:
         - !Ref 'ScannerAgentPolicy'
@@ -684,8 +689,8 @@ Resources:
       LaunchTemplate:
         LaunchTemplateId: !Ref 'ScannerLaunchTemplate'
         Version: !GetAtt 'ScannerLaunchTemplate.LatestVersionNumber'
-      MinSize: !Ref 'ScannerAutoScalingGroupSize'
-      MaxSize: !Ref 'ScannerAutoScalingGroupSize'
+      MinSize: 0
+      MaxSize: 20
       DesiredCapacity: !Ref 'ScannerAutoScalingGroupSize'
       Cooldown: 300
       HealthCheckType: EC2