Infrastructure
  • 16 Jan 2025
  • 3 Minutes to read
  • Contributors
  • Dark
    Light

Infrastructure

  • Dark
    Light

Article summary

The Infrastructure Extension allows you to perform infrastructure-as-code (IaC) modifications to your Organization. IaC modifications can be made in the web UI or via the LimaCharlie CLI tool. Users can create new organizations from known templates or maintain a common configuration across multiple organizations.

Scaling Organization Management

If you’re an managed service company or need to manage a large number of Organizations, consider LimaCharlie’s MSSP setup. You can find more information about this here.

Enabling the Infrastructure Extension

To enable the Infrastructure extension, navigate to the Infrastructure extension page in the marketplace. Select the organization you wish to enable the extension for, and select Subscribe.

After clicking Subscribe, the Infrastructure extension should be available almost immediately.

Where to start?

IaC can be a powerful tool for rapidly deploying and managing Organizations within LimaCharlie. To help you discover more possibilities, we have provided several example templates/configurations here.

Using the Infrastructure Extension

Once enabled, you will see an Infrastructure as Code option under the Organization Settings within the LimaCharlie web UI. The extension also becomes available via the REST API.

Within the Infrastructure As Code module, you can:

  • Apply a New Config to an existing Organization (see red arrow in screenshot below). Changes are made additively, and are good for merging new configuration parameters into your Organization.

  • Edit the Entire Configuration for an existing Organization (see red arrow in screenshot below). This is your current configuration, and can be modified directly in the web UI.

  • Perform Fetch, Push, or Push-from-file operations (see red box in screenshot below).

Actions via REST API

The REST interface for the Infrastructure extension mimics the CLI tool. The following REST API actions can be sent to interact with the Infrastructure extension:

{
  "params": {
    "sync_artifacts": {
      "type": "bool",
      "desc": "applies to artifacts"
    },
    "is_force": {
      "type": "bool",
      "desc": "make the org an exact copy of the configuration provided."
    },
    "is_dry_run": {
      "type": "bool",
      "desc": "do not apply config, just simulate."
    },
    "sync_integrity": {
      "type": "bool",
      "desc": "applies to integrity"
    },
    "action": {
      "is_required": true,
      "values": [
        "push",
        "fetch"
      ],
      "type": "enum",
      "desc": "action to take."
    },
    "sync_org_values": {
      "type": "bool",
      "desc": "applies to org_values"
    },
    "sync_resources": {
      "type": "bool",
      "desc": "applies to resources"
    },
    "config": {
      "type": "str",
      "desc": "configuration to apply."
    },
    "config_source": {
      "type": "str",
      "desc": "ARL where configs to apply are located."
    },
    "ignore_inaccessible": {
      "desc": "ignore resources which are inaccessible like locked or segmented.",
      "type": "bool"
    },
    "sync_fp": {
      "type": "bool",
      "desc": "applies to fp"
    },
    "sync_exfil": {
      "desc": "applies to exfil",
      "type": "bool"
    },
    "sync_dr": {
      "type": "bool",
      "desc": "applies to dr"
    },
    "sync_outputs": {
      "type": "bool",
      "desc": "applies to outputs"
    },
    "config_root": {
      "type": "str",
      "desc": "file name of the root config within config_source to apply."
    }
  }
}


Was this article helpful?


What's Next