diff --git a/src/aws.go b/src/aws.go index a7b9af84..3641d195 100644 --- a/src/aws.go +++ b/src/aws.go @@ -141,6 +141,10 @@ func GetAWSResourcePermissions(result ResourceV2) []string { "aws_glue_catalog_table": awsGlueCatalogTable, "aws_glue_classifier": awsGlueClassifier, "aws_glue_crawler": awsGlueCrawler, + "aws_glue_connection": awsGlueConnection, + "aws_glue_data_catalog_encryption_settings": awsGlueDataCatalogEncryptionSettings, + "aws_glue_ml_transform": awsGlueMlTransform, + "aws_glue_trigger": awsGlueTrigger, } var Permissions []string diff --git a/src/files.go b/src/files.go index c068ef1f..4b148829 100644 --- a/src/files.go +++ b/src/files.go @@ -313,5 +313,17 @@ var awsGlueCatalogDatabase []byte //go:embed mapping/aws/resource/aws_glue_catalog_table.json var awsGlueCatalogTable []byte +//go:embed mapping/aws/resource/aws_glue_connection.json +var awsGlueConnection []byte + +//go:embed mapping/aws/resource/aws_glue_data_catalog_encryption_settings.json +var awsGlueDataCatalogEncryptionSettings []byte + +//go:embed mapping/aws/resource/aws_glue_ml_transform.json +var awsGlueMlTransform []byte + +//go:embed mapping/aws/resource/aws_glue_trigger.json +var awsGlueTrigger []byte + //go:embed mapping/gcp/google_compute_instance.json var googleComputeInstance []byte diff --git a/src/mapping/aws/resource/aws_glue_connection.json b/src/mapping/aws/resource/aws_glue_connection.json new file mode 100644 index 00000000..56d35b62 --- /dev/null +++ b/src/mapping/aws/resource/aws_glue_connection.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "glue:DeleteConnection", + "glue:GetConnection", + "glue:CreateConnection", + "glue:GetTags" + ], + "attributes": { + "tags": [ + "glue:TagResource", + "glue:UntagResource" + ] + }, + "destroy": [ + "glue:DeleteConnection" + ], + "modify": [ + "glue:UpdateConnection" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/aws_glue_data_catalog_encryption_settings.json b/src/mapping/aws/resource/aws_glue_data_catalog_encryption_settings.json new file mode 100644 index 00000000..96f62d07 --- /dev/null +++ b/src/mapping/aws/resource/aws_glue_data_catalog_encryption_settings.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "glue:PutDataCatalogEncryptionSettings", + "glue:GetDataCatalogEncryptionSettings" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/aws_glue_ml_transform.json b/src/mapping/aws/resource/aws_glue_ml_transform.json new file mode 100644 index 00000000..ea8f602d --- /dev/null +++ b/src/mapping/aws/resource/aws_glue_ml_transform.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "glue:DeleteMLTransform", + "glue:GetMLTransform", + "glue:CreateMLTransform" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "glue:DeleteMLTransform" + ], + "modify": [ + "glue:UpdateMLTransform" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/aws_glue_trigger.json b/src/mapping/aws/resource/aws_glue_trigger.json new file mode 100644 index 00000000..a32a03f3 --- /dev/null +++ b/src/mapping/aws/resource/aws_glue_trigger.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "glue:GetTrigger", + "glue:CreateTrigger", + "glue:DeleteTrigger" + ], + "attributes": { + "tags": [ + "TagResource", + "UntagResource" + ] + }, + "destroy": [ + "glue:DeleteTrigger" + ], + "modify": [ + "glue:UpdateTrigger" + ], + "plan": [] + } +] diff --git a/terraform/backup/aws_glue_connection.tf b/terraform/backup/aws_glue_connection.tf new file mode 100644 index 00000000..ae76713f --- /dev/null +++ b/terraform/backup/aws_glue_connection.tf @@ -0,0 +1,12 @@ +resource "aws_glue_connection" "example" { + connection_properties = { + JDBC_CONNECTION_URL = "jdbc:mysql://example.com/exampledatabase" + PASSWORD = "examplepassword" + USERNAME = "exampleusername" + } + + name = "example" + tags = { + pike = "permissions" + } +} diff --git a/terraform/backup/aws_glue_data_catalog_encryption_settings.tf b/terraform/backup/aws_glue_data_catalog_encryption_settings.tf new file mode 100644 index 00000000..d93239b8 --- /dev/null +++ b/terraform/backup/aws_glue_data_catalog_encryption_settings.tf @@ -0,0 +1,13 @@ +resource "aws_glue_data_catalog_encryption_settings" "example" { + data_catalog_encryption_settings { + connection_password_encryption { + aws_kms_key_id = "arn:aws:kms:eu-west-2:680235478471:key/34cdce9a-2322-427c-91bb-b572f435c032" + return_connection_password_encrypted = true + } + + encryption_at_rest { + catalog_encryption_mode = "SSE-KMS" + sse_aws_kms_key_id = "arn:aws:kms:eu-west-2:680235478471:key/34cdce9a-2322-427c-91bb-b572f435c032" + } + } +} diff --git a/terraform/backup/aws_glue_ml_transform.tf b/terraform/backup/aws_glue_ml_transform.tf new file mode 100644 index 00000000..b085fa7a --- /dev/null +++ b/terraform/backup/aws_glue_ml_transform.tf @@ -0,0 +1,19 @@ +resource "aws_glue_ml_transform" "test" { + name = "example" + role_arn = aws_iam_role.test.arn + + input_record_tables { + database_name = aws_glue_catalog_table.test.database_name + table_name = aws_glue_catalog_table.test.name + } + + parameters { + transform_type = "FIND_MATCHES" + + find_matches_parameters { + primary_key_column_name = "my_column_1" + } + } + + depends_on = [aws_iam_role_policy_attachment.test] +} diff --git a/terraform/backup/aws_glue_trigger.tf b/terraform/backup/aws_glue_trigger.tf new file mode 100644 index 00000000..7bc09f92 --- /dev/null +++ b/terraform/backup/aws_glue_trigger.tf @@ -0,0 +1,15 @@ +resource "aws_glue_trigger" "example" { + name = "example" + type = "CONDITIONAL" + + actions { + job_name = aws_glue_job.example1.name + } + + predicate { + conditions { + job_name = aws_glue_job.example2.name + state = "SUCCEEDED" + } + } +} diff --git a/terraform/role/aws_iam_policy.basic.tf b/terraform/role/aws_iam_policy.basic.tf index 8098470e..604988f7 100644 --- a/terraform/role/aws_iam_policy.basic.tf +++ b/terraform/role/aws_iam_policy.basic.tf @@ -7,10 +7,8 @@ resource "aws_iam_policy" "basic" { "Sid" : "0", "Effect" : "Allow", "Action" : [ - "glue:DeleteClassifier", - "glue:CreateClassifier", - "glue:UpdateClassifier", - "glue:GetClassifier" + "glue:PutDataCatalogEncryptionSettings", + "glue:GetDataCatalogEncryptionSettings" ], "Resource" : "*" } diff --git a/todo.md b/todo.md index 7852dc4d..2392a456 100644 --- a/todo.md +++ b/todo.md @@ -101,11 +101,7 @@ aws_fsx_openzfs_file_system not implemented aws_fsx_openzfs_snapshot not implemented aws_fsx_openzfs_volume not implemented - aws_glue_connection not implemented - aws_glue_connection not implemented - aws_glue_data_catalog_encryption_settings not implemented aws_glue_job not implemented - aws_glue_ml_transform not implemented aws_glue_partition not implemented aws_glue_partition_index not implemented aws_glue_registry not implemented @@ -113,13 +109,6 @@ aws_glue_schema not implemented aws_glue_security_configuration not implemented aws_glue_security_configuration not implemented - aws_glue_trigger not implemented - aws_glue_trigger not implemented - aws_glue_trigger not implemented - aws_glue_trigger not implemented - aws_glue_trigger not implemented - aws_glue_trigger not implemented - aws_glue_trigger not implemented aws_glue_user_defined_function not implemented aws_glue_workflow not implemented aws_guardduty_detector not implemented