diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..16e4651
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,28 @@
+provider "aws" {
+  alias  = "us-east-1"
+  region = "us-east-1"
+}
+
+module "single-account-cspm" {
+  providers = {
+    aws = aws.us-east-1
+  }
+  source           = "draios/secure-for-cloud/aws//modules/services/trust-relationship"
+  role_name        = "sysdig-secure-j2rx"
+  trusted_identity = "arn:aws:iam::761931097553:role/us-east-1-production-secure-assume-role"
+  external_id      = "37db198a94d1b7770f36244f1fda20ca"
+}
+
+module "single-account-threat-detection-us-east-1" {
+  providers = {
+    aws = aws.us-east-1
+  }
+  source                  = "draios/secure-for-cloud/aws//modules/services/event-bridge"
+  target_event_bus_arn    = "arn:aws:events:us-east-1:761931097553:event-bus/us-east-1-production-falco-1"
+  trusted_identity        = "arn:aws:iam::761931097553:role/us-east-1-production-secure-assume-role"
+  external_id             = "37db198a94d1b7770f36244f1fda20ca"
+  name                    = "sysdig-secure-cloudtrail-tgf2"
+  deploy_global_resources = true
+}
+
+
diff --git a/sysdig-agent-clusterrole.yaml b/sysdig-agent-clusterrole.yaml
new file mode 100644
index 0000000..cd42be0
--- /dev/null
+++ b/sysdig-agent-clusterrole.yaml
@@ -0,0 +1,72 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: sysdig-agent
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - replicationcontrollers
+  - services
+  - events
+  - limitranges
+  - namespaces
+  - nodes
+  #- nodes/metrics
+  - resourcequotas
+  - persistentvolumes
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  - deployments
+  - replicasets
+  - statefulsets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - autoscaling
+  resources:
+  - horizontalpodautoscalers
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - batch
+  resources:
+  - cronjobs
+  - jobs
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - extensions
+  resources:
+  - daemonsets
+  - deployments
+  - ingresses
+  - replicasets
+  verbs:
+  - get
+  - list
+  - watch
+metadata:
+  labels:
+    app: monitor
+    component: server
+  name: monitor
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get