From 04f2ce6907ef7ba34e02eed2bbfe3a65fb606171 Mon Sep 17 00:00:00 2001
From: Noah Kraemer <58708692+nkraemer-sysdig@users.noreply.github.com>
Date: Thu, 31 Aug 2023 09:57:24 -0700
Subject: [PATCH] feat(cloud-bench) Ensure CloudAccount is created after
 Lighthouse (#94)

---
 modules/services/cloud-bench/trust_relationship/main.tf | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/services/cloud-bench/trust_relationship/main.tf b/modules/services/cloud-bench/trust_relationship/main.tf
index 7eaa950..f66abba 100644
--- a/modules/services/cloud-bench/trust_relationship/main.tf
+++ b/modules/services/cloud-bench/trust_relationship/main.tf
@@ -19,6 +19,13 @@ resource "sysdig_secure_cloud_account" "cloud_account" {
   alias          = data.azurerm_subscription.subscription.display_name
   cloud_provider = "azure"
   role_enabled   = "true"
+
+  # Creating the Cloud Account object in Sysdig causes scans to begin. If lighthouse is not in place, these scans will
+  # fail. This block ensures that lighthouse is in place before any scans are triggered.
+  depends_on = [
+    azurerm_lighthouse_definition.lighthouse_definition,
+    azurerm_lighthouse_assignment.lighthouse_assignment
+  ]
 }
 
 resource "azurerm_lighthouse_definition" "lighthouse_definition" {