CrowdStrike
diff --git a/‎docs/data-sources/cloud_aws_account.md‎
Lines changed: 4 additions & 0 deletions b/‎docs/data-sources/cloud_aws_account.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎docs/resources/cloud_aws_account.md‎
Lines changed: 20 additions & 0 deletions b/‎docs/resources/cloud_aws_account.md‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎examples/resources/crowdstrike_cloud_aws_account/resource.tf‎
Lines changed: 4 additions & 0 deletions b/‎examples/resources/crowdstrike_cloud_aws_account/resource.tf‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎go.mod‎
Lines changed: 1 addition & 1 deletion b/‎go.mod‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎go.sum‎
Lines changed: 2 additions & 2 deletions b/‎go.sum‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎internal/cloud_security/custom_rule_resource_test.go‎
Lines changed: 24 additions & 0 deletions b/‎internal/cloud_security/custom_rule_resource_test.go‎
Lines changed: 24 additions & 0 deletions
@@ -73,6 +73,7 @@ Read-Only:
 
 - `account_id` (String) The AWS Account ID
 - `account_type` (String) The AWS account type. Value is 'commercial' for Commercial cloud accounts. For GovCloud environments, value can be either 'commercial' or 'gov' depending on the account type
+- `agentless_scanning_role_name` (String) The name of the IAM role to be used by CrowdStrike Agentless Scanning (DSPM/Vulnerability scanning). If both are configured, the DSPM role takes precedence.
 - `asset_inventory_enabled` (Boolean) Whether asset inventory is enabled
 - `cloudtrail_bucket_name` (String) The name of the CloudTrail S3 bucket used for real-time visibility
 - `cloudtrail_region` (String) The AWS region of the CloudTrail bucket
@@ -91,3 +92,6 @@ Read-Only:
 - `realtime_visibility_enabled` (Boolean) Whether real-time visibility is enabled
 - `sensor_management_enabled` (Boolean) Whether 1-click sensor deployment is enabled
 - `target_ous` (List of String) The list of AWS Organizational Units (OUs) targeted for this account
+- `vulnerability_scanning_enabled` (Boolean) Whether Vulnerability Scanning is enabled
+- `vulnerability_scanning_role_arn` (String) The ARN of the IAM role to be used by CrowdStrike Vulnerability Scanning
+- `vulnerability_scanning_role_name` (String) The name of the IAM role to be used by CrowdStrike Vulnerability Scanning
@@ -48,6 +48,10 @@ resource "crowdstrike_cloud_aws_account" "org" {
     enabled = true
   }
 
+  vulnerability_scanning = {
+    enabled = true
+  }
+
   idp = {
     enabled = true
   }
@@ -78,9 +82,11 @@ resource "crowdstrike_cloud_aws_account" "org" {
 - `resource_name_suffix` (String) The suffix to be added to all resource names
 - `sensor_management` (Attributes) (see [below for nested schema](#nestedatt--sensor_management))
 - `target_ous` (List of String) The list of target Organizational Units
+- `vulnerability_scanning` (Attributes) (see [below for nested schema](#nestedatt--vulnerability_scanning))
 
 ### Read-Only
 
+- `agentless_scanning_role_name` (String) The name of the IAM role to be used by CrowdStrike Agentless Scanning (DSPM/Vulnerability scanning). If both are configured, the DSPM role takes precedence.
 - `cloudtrail_bucket_name` (String) The name of the CloudTrail S3 bucket used for real-time visibility
 - `dspm_role_arn` (String) The ARN of the IAM role to be used by CrowdStrike Data Security Posture Management
 - `dspm_role_name` (String) The name of the IAM role to be used by CrowdStrike Data Security Posture Management
@@ -91,6 +97,8 @@ resource "crowdstrike_cloud_aws_account" "org" {
 - `iam_role_name` (String) The name of the AWS IAM role used to access this AWS account
 - `intermediate_role_arn` (String) The ARN of the intermediate role used to assume the AWS IAM role
 - `is_organization_management_account` (Boolean) Indicates whether this is the management account (formerly known as the root account) of an AWS Organization
+- `vulnerability_scanning_role_arn` (String) The ARN of the IAM role to be used by CrowdStrike Vulnerability Scanning
+- `vulnerability_scanning_role_name` (String) The name of the IAM role to be used by CrowdStrike Vulnerability Scanning
 
 <a id="nestedatt--asset_inventory"></a>
 ### Nested Schema for `asset_inventory`
@@ -148,6 +156,18 @@ Required:
 
 - `enabled` (Boolean) Enable 1-click sensor deployment
 
+
+<a id="nestedatt--vulnerability_scanning"></a>
+### Nested Schema for `vulnerability_scanning`
+
+Required:
+
+- `enabled` (Boolean) Enable Vulnerability Scanning
+
+Optional:
+
+- `role_name` (String) Custom AWS IAM role name for Vulnerability Scanning
+
 ## Import
 
 Import is supported using the following syntax:
 
@@ -23,6 +23,10 @@ resource "crowdstrike_cloud_aws_account" "org" {
     enabled = true
   }
 
+  vulnerability_scanning = {
+    enabled = true
+  }
+
   idp = {
     enabled = true
   }
 
@@ -3,7 +3,7 @@ module github.com/crowdstrike/terraform-provider-crowdstrike
 go 1.24.0
 
 require (
-	github.com/crowdstrike/gofalcon v0.18.1-0.20251101020249-526ce85b6da7
+	github.com/crowdstrike/gofalcon v0.18.1-0.20251111154050-6f6d1fc5d8ab
 	github.com/google/go-cmp v0.6.0
 	github.com/hashicorp/go-version v1.7.0
 	github.com/hashicorp/terraform-plugin-docs v0.19.1
 
@@ -33,8 +33,8 @@ github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZ
 github.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8=
 github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
 github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
-github.com/crowdstrike/gofalcon v0.18.1-0.20251101020249-526ce85b6da7 h1:1GPpMt44VamS7a9nyiZdsRJPgl5pyTY3xyOvP+joFJg=
-github.com/crowdstrike/gofalcon v0.18.1-0.20251101020249-526ce85b6da7/go.mod h1:a12GB+md+hRSgVCb3Pv6CakeTIsDIUCIVWRlJelIhY0=
+github.com/crowdstrike/gofalcon v0.18.1-0.20251111154050-6f6d1fc5d8ab h1:mSFSsRaHZTvM7TfAaFKuIbMwWbuyQmHzzcPYOZLKaOo=
+github.com/crowdstrike/gofalcon v0.18.1-0.20251111154050-6f6d1fc5d8ab/go.mod h1:a12GB+md+hRSgVCb3Pv6CakeTIsDIUCIVWRlJelIhY0=
 github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
 github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 
@@ -2,6 +2,7 @@ package cloudsecurity_test
 
 import (
 	"fmt"
+	"os"
 	"regexp"
 	"strings"
 	"testing"
@@ -12,6 +13,17 @@ import (
 	"github.com/hashicorp/terraform-plugin-testing/terraform"
 )
 
+// skipIfRegoNotEnabled skips the test if the ENABLE_REGO_TESTS environment variable is not set.
+// This is used for tests that use custom Rego logic, which requires the custom policy feature
+// flag to be enabled in the CrowdStrike environment.
+//
+// To enable these tests, set: export ENABLE_REGO_TESTS=1
+func skipIfRegoNotEnabled(t *testing.T) {
+	if os.Getenv("ENABLE_REGO_TESTS") == "" {
+		t.Skip("Skipping test: ENABLE_REGO_TESTS environment variable not set. These tests require the custom policy feature flag to be enabled for your CID.")
+	}
+}
+
 type ruleBaseConfig struct {
 	ruleNamePrefix  string
 	description     []string
@@ -122,6 +134,7 @@ func TestCloudSecurityCustomRuleResource_AWS_Copy(t *testing.T) {
 }
 
 func TestCloudSecurityCustomRuleResource_AWS_Rego(t *testing.T) {
+	skipIfRegoNotEnabled(t)
 	resource.ParallelTest(t, resource.TestCase{
 		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 		PreCheck:                 func() { acctest.PreCheck(t) },
@@ -138,6 +151,7 @@ func TestCloudSecurityCustomRuleResource_AWS_Minimal(t *testing.T) {
 }
 
 func TestCloudSecurityCustomRuleResource_AWS_MinimalRego(t *testing.T) {
+	skipIfRegoNotEnabled(t)
 	resource.ParallelTest(t, resource.TestCase{
 		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 		PreCheck:                 func() { acctest.PreCheck(t) },
@@ -154,6 +168,7 @@ func TestCloudSecurityCustomRuleResource_AWS_DefinedToOmitted(t *testing.T) {
 }
 
 func TestCloudSecurityCustomRuleResource_AWS_RegoDefinedToOmitted(t *testing.T) {
+	skipIfRegoNotEnabled(t)
 	resource.ParallelTest(t, resource.TestCase{
 		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 		PreCheck:                 func() { acctest.PreCheck(t) },
@@ -162,6 +177,7 @@ func TestCloudSecurityCustomRuleResource_AWS_RegoDefinedToOmitted(t *testing.T)
 }
 
 func TestCloudSecurityCustomRuleResource_AWS_RegoDefinedToEmpty(t *testing.T) {
+	skipIfRegoNotEnabled(t)
 	resource.ParallelTest(t, resource.TestCase{
 		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 		PreCheck:                 func() { acctest.PreCheck(t) },
@@ -211,6 +227,7 @@ func TestCloudSecurityCustomRuleResource_Azure_Copy(t *testing.T) {
 }
 
 func TestCloudSecurityCustomRuleResource_Azure_Rego(t *testing.T) {
+	skipIfRegoNotEnabled(t)
 	resource.ParallelTest(t, resource.TestCase{
 		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 		PreCheck:                 func() { acctest.PreCheck(t) },
@@ -227,6 +244,7 @@ func TestCloudSecurityCustomRuleResource_Azure_Minimal(t *testing.T) {
 }
 
 func TestCloudSecurityCustomRuleResource_Azure_MinimalRego(t *testing.T) {
+	skipIfRegoNotEnabled(t)
 	resource.ParallelTest(t, resource.TestCase{
 		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 		PreCheck:                 func() { acctest.PreCheck(t) },
@@ -243,6 +261,7 @@ func TestCloudSecurityCustomRuleResource_Azure_DefinedToOmitted(t *testing.T) {
 }
 
 func TestCloudSecurityCustomRuleResource_Azure_RegoDefinedToOmitted(t *testing.T) {
+	skipIfRegoNotEnabled(t)
 	resource.ParallelTest(t, resource.TestCase{
 		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 		PreCheck:                 func() { acctest.PreCheck(t) },
@@ -251,6 +270,7 @@ func TestCloudSecurityCustomRuleResource_Azure_RegoDefinedToOmitted(t *testing.T
 }
 
 func TestCloudSecurityCustomRuleResource_Azure_RegoDefinedToEmpty(t *testing.T) {
+	skipIfRegoNotEnabled(t)
 	resource.ParallelTest(t, resource.TestCase{
 		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 		PreCheck:                 func() { acctest.PreCheck(t) },
@@ -300,6 +320,7 @@ func TestCloudSecurityCustomRuleResource_GCP_Copy(t *testing.T) {
 }
 
 func TestCloudSecurityCustomRuleResource_GCP_Rego(t *testing.T) {
+	skipIfRegoNotEnabled(t)
 	resource.ParallelTest(t, resource.TestCase{
 		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 		PreCheck:                 func() { acctest.PreCheck(t) },
@@ -316,6 +337,7 @@ func TestCloudSecurityCustomRuleResource_GCP_Minimal(t *testing.T) {
 }
 
 func TestCloudSecurityCustomRuleResource_GCP_MinimalRego(t *testing.T) {
+	skipIfRegoNotEnabled(t)
 	resource.ParallelTest(t, resource.TestCase{
 		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 		PreCheck:                 func() { acctest.PreCheck(t) },
@@ -332,6 +354,7 @@ func TestCloudSecurityCustomRuleResource_GCP_DefinedToOmitted(t *testing.T) {
 }
 
 func TestCloudSecurityCustomRuleResource_GCP_RegoDefinedToOmitted(t *testing.T) {
+	skipIfRegoNotEnabled(t)
 	resource.ParallelTest(t, resource.TestCase{
 		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 		PreCheck:                 func() { acctest.PreCheck(t) },
@@ -340,6 +363,7 @@ func TestCloudSecurityCustomRuleResource_GCP_RegoDefinedToOmitted(t *testing.T)
 }
 
 func TestCloudSecurityCustomRuleResource_GCP_RegoDefinedToEmpty(t *testing.T) {
+	skipIfRegoNotEnabled(t)
 	resource.ParallelTest(t, resource.TestCase{
 		ProtoV6ProviderFactories: acctest.ProtoV6ProviderFactories,
 		PreCheck:                 func() { acctest.PreCheck(t) },
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,10 @@ resource "crowdstrike_cloud_aws_account" "org" {`
`23`	`23`	`enabled = true`
`24`	`24`	`}`
`25`	`25`
	`26`	`+ vulnerability_scanning = {`
	`27`	`+ enabled = true`
	`28`	`+ }`
	`29`	`+`
`26`	`30`	`idp = {`
`27`	`31`	`enabled = true`
`28`	`32`	`}`