From 125bcedeb91558b9f24831af1468a64dd6133d0c Mon Sep 17 00:00:00 2001 From: James Woolfenden Date: Fri, 3 Feb 2023 15:29:38 +0000 Subject: [PATCH] datasources --- .markdownlint.json | 7 ++- .pre-commit-config.yaml | 8 ++-- Makefile | 2 +- README.md | 26 +++++----- src/aws_datasource.go | 8 ++++ src/files_datasource.go | 24 ++++++++++ .../aws_auditmanager_control.json | 13 +++++ .../aws_auditmanager_framework.json | 13 +++++ .../aws_connect_instance_storage_config.json | 13 +++++ .../aws_controltower_controls.json | 13 +++++ .../aws/data/ec2/aws_vpc_ipam_pool_cidrs.json | 2 +- .../aws/data/ec2/aws_vpc_ipam_pools.json | 13 +++++ .../aws/data/rds/aws_db_instances.json | 13 +++++ .../aws_servicequotas_service.json | 4 +- .../aws_servicequotas_service_quota.json | 4 +- .../data/ses/aws_sesv2_dedicated_ip_pool.json | 13 +++++ src/mapping/aws/data/sqs/aws_sqs_queues.json | 13 +++++ .../aws_elasticache_user_group.json | 9 ++-- .../aws_lb_listener_rule.json | 48 +++++++++---------- .../iam/aws_iam_user_group_membership.json | 6 ++- .../lambda/aws_lambda_invocation.json | 4 +- .../resource/s3/aws_s3_bucket_inventory.json | 3 +- .../aws_servicequotas_service_quota.json | 3 +- terraform/aws/backup/aws_elasticache_user.tf | 6 +-- .../aws/backup/aws_elasticache_user_group.tf | 4 +- .../backup/aws_iam_user_group_membership.tf | 2 +- terraform/aws/backup/aws_lambda_invocation.tf | 2 +- .../aws/backup/aws_s3_bucket_inventory.tf | 4 +- .../backup/aws_servicequotas_service_quota.tf | 2 - .../backup/data.aws_auditmanager_control.tf | 4 ++ .../backup/data.aws_auditmanager_framework.tf | 4 ++ ...ata.aws_connect_instance_storage_config.tf | 5 ++ .../backup/data.aws_controltower_controls.tf | 3 ++ terraform/aws/backup/data.aws_db_instances.tf | 1 + .../backup/data.aws_servicequotas_service.tf | 4 +- .../data.aws_servicequotas_service_quota.tf | 4 +- .../data.aws_sesv2_dedicated_ip_pool.tf | 3 ++ terraform/aws/backup/data.aws_sqs_queues.tf | 1 + .../aws/backup/data.aws_vpc_ipam_pools.tf | 1 + terraform/aws/role/aws_iam_policy.basic.tf | 3 +- todo_aws.md | 16 +++++++ 41 files changed, 261 insertions(+), 70 deletions(-) create mode 100644 src/mapping/aws/data/auditmanager/aws_auditmanager_control.json create mode 100644 src/mapping/aws/data/auditmanager/aws_auditmanager_framework.json create mode 100644 src/mapping/aws/data/connect/aws_connect_instance_storage_config.json create mode 100644 src/mapping/aws/data/controltower/aws_controltower_controls.json create mode 100644 src/mapping/aws/data/ec2/aws_vpc_ipam_pools.json create mode 100644 src/mapping/aws/data/rds/aws_db_instances.json create mode 100644 src/mapping/aws/data/ses/aws_sesv2_dedicated_ip_pool.json create mode 100644 src/mapping/aws/data/sqs/aws_sqs_queues.json create mode 100644 terraform/aws/backup/data.aws_auditmanager_control.tf create mode 100644 terraform/aws/backup/data.aws_auditmanager_framework.tf create mode 100644 terraform/aws/backup/data.aws_connect_instance_storage_config.tf create mode 100644 terraform/aws/backup/data.aws_controltower_controls.tf create mode 100644 terraform/aws/backup/data.aws_db_instances.tf create mode 100644 terraform/aws/backup/data.aws_sesv2_dedicated_ip_pool.tf create mode 100644 terraform/aws/backup/data.aws_sqs_queues.tf create mode 100644 terraform/aws/backup/data.aws_vpc_ipam_pools.tf diff --git a/.markdownlint.json b/.markdownlint.json index 67d2ae55..ae6d0c2b 100644 --- a/.markdownlint.json +++ b/.markdownlint.json @@ -1,3 +1,8 @@ { - "MD013": false + "MD013": false, + "MD033": { + "allowed_elements": [ + "cloud" + ] + } } diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7808f5aa..3bbfdfd6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -18,7 +18,7 @@ repos: - id: detect-aws-credentials - id: detect-private-key - repo: https://github.com/Lucas-C/pre-commit-hooks - rev: v1.3.1 + rev: v1.4.2 hooks: - id: forbid-tabs exclude_types: [python, javascript, dtd, markdown, makefile, xml] @@ -28,7 +28,7 @@ repos: hooks: - id: shell-lint - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.32.2 + rev: v0.33.0 hooks: - id: markdownlint exclude: src/testdata|testdata @@ -38,13 +38,13 @@ repos: - id: terraform-fmt language_version: python3.9 - repo: https://github.com/gruntwork-io/pre-commit - rev: v0.1.17 + rev: v0.1.18 hooks: - id: gofmt - id: goimports - id: golint - repo: https://github.com/golangci/golangci-lint - rev: v1.50.1 + rev: v1.51.0 hooks: - id: golangci-lint - repo: https://github.com/syntaqx/git-hooks diff --git a/Makefile b/Makefile index f799ffe6..2e32671d 100644 --- a/Makefile +++ b/Makefile @@ -69,4 +69,4 @@ psbump: update: go get -u - go mod tidy \ No newline at end of file + go mod tidy diff --git a/README.md b/README.md index ae9ac72a..6fabf988 100644 --- a/README.md +++ b/README.md @@ -85,7 +85,7 @@ scoop bucket add iac https://github.com/JamesWoolfenden/scoop.git Then you can install a tool: -``` +```bash scoop install pike ``` @@ -539,29 +539,29 @@ e.g. *aws_security_group.json* ### How Datasources are the easiest to start with, I have a script (resource.ps1 - add pwsh with **brew install --cask powershell**) -that creates a blank mapping file and tf +that creates a blank mapping file and tf resource, but you've seen the example json file - make one without any entries. -You also need to create a minimal resource/datasource, that you are trying to figure out the permissions for, and place it in the correct dir +You also need to create a minimal resource/datasource, that you are trying to figure out the permissions for, and place it in the correct dir e.g../terraform/aws, I have a script for making a profile for the profile in the role directory. -You can then tf using the empty role against the resource/datasource with no permissions. +You can then tf using the empty role against the resource/datasource with no permissions. The debug output from the tf run will help you figure out the permissions you need to add to your basic role. -You then update your "basic" role. +You then update your "basic" role. -Issues? -The providers don't always tell you want you need to add, -you will need to check the IAM docs and the online IAM policymakers. -Not all resource are as easy as others, anything that make/scripts CF internally. +Issues? +The providers don't always tell you want you need to add, +you will need to check the IAM docs and the online IAM policymakers. +Not all resource are as easy as others, anything that make/scripts CF internally. Some roles require *Passrole* and *CreateLinkedRole* but won't say so. Trail and error #### What about "attributes" ? -Some cloud providers require extra permissions depending on the attributes you add, this is how this is handled. -Build out your tf resources to cover all reasonable scenarios. +Some cloud providers require extra permissions depending on the attributes you add, this is how this is handled. +Build out your tf resources to cover all reasonable scenarios. #### Eventual consistency -Some cloud providers follow this model which means your test IAM role will take time after you change it to be -changed, how long? This seems to vary on time of day and the resource. Whilst other providers like +Some cloud providers follow this model which means your test IAM role will take time after you change it to be +changed, how long? This seems to vary on time of day and the resource. Whilst other providers like Azure just take a long time for the TF to change. ### Add Import mapping file diff --git a/src/aws_datasource.go b/src/aws_datasource.go index cad08b56..c36cdeed 100644 --- a/src/aws_datasource.go +++ b/src/aws_datasource.go @@ -153,6 +153,14 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) { "aws_lb": dataAwsLb, "aws_secretsmanager_secret": dataAwsSecretsmanagerSecret, "aws_secretsmanager_secret_version": dataAwsSecretsmanagerSecretVersion, + "aws_sesv2_dedicated_ip_pool": dataAwsSesv2DedicatedIPPool, + "aws_sqs_queues": dataAwsSqsQueues, + "aws_vpc_ipam_pools": dataAwsVpcIpamPools, + "aws_auditmanager_control": dataAwsAuditmanagerControl, + "aws_auditmanager_framework": dataAwsAuditmanagerFramework, + "aws_connect_instance_storage_config": dataAwsConnectInstanceStorageConfig, + "aws_controltower_controls": dataAwsControltowerControls, + "aws_db_instances": dataAwsDbInstances, } var Permissions []string diff --git a/src/files_datasource.go b/src/files_datasource.go index 4a355066..8a288e86 100644 --- a/src/files_datasource.go +++ b/src/files_datasource.go @@ -342,3 +342,27 @@ var dataAwsSecretsmanagerSecret []byte //go:embed mapping/aws/data/secretsmanager/aws_secretsmanager_secret_version.json var dataAwsSecretsmanagerSecretVersion []byte + +//go:embed mapping/aws/data/ses/aws_sesv2_dedicated_ip_pool.json +var dataAwsSesv2DedicatedIPPool []byte + +//go:embed mapping/aws/data/sqs/aws_sqs_queues.json +var dataAwsSqsQueues []byte + +//go:embed mapping/aws/data/ec2/aws_vpc_ipam_pools.json +var dataAwsVpcIpamPools []byte + +//go:embed mapping/aws/data/auditmanager/aws_auditmanager_control.json +var dataAwsAuditmanagerControl []byte + +//go:embed mapping/aws/data/auditmanager/aws_auditmanager_framework.json +var dataAwsAuditmanagerFramework []byte + +//go:embed mapping/aws/data/connect/aws_connect_instance_storage_config.json +var dataAwsConnectInstanceStorageConfig []byte + +//go:embed mapping/aws/data/controltower/aws_controltower_controls.json +var dataAwsControltowerControls []byte + +//go:embed mapping/aws/data/rds/aws_db_instances.json +var dataAwsDbInstances []byte diff --git a/src/mapping/aws/data/auditmanager/aws_auditmanager_control.json b/src/mapping/aws/data/auditmanager/aws_auditmanager_control.json new file mode 100644 index 00000000..4afa1b07 --- /dev/null +++ b/src/mapping/aws/data/auditmanager/aws_auditmanager_control.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "auditmanager:ListControls" + ] + } +] diff --git a/src/mapping/aws/data/auditmanager/aws_auditmanager_framework.json b/src/mapping/aws/data/auditmanager/aws_auditmanager_framework.json new file mode 100644 index 00000000..6925f9fd --- /dev/null +++ b/src/mapping/aws/data/auditmanager/aws_auditmanager_framework.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "auditmanager:ListAssessmentFrameworks" + ] + } +] diff --git a/src/mapping/aws/data/connect/aws_connect_instance_storage_config.json b/src/mapping/aws/data/connect/aws_connect_instance_storage_config.json new file mode 100644 index 00000000..15796978 --- /dev/null +++ b/src/mapping/aws/data/connect/aws_connect_instance_storage_config.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "connect:DescribeInstanceStorageConfig" + ] + } +] diff --git a/src/mapping/aws/data/controltower/aws_controltower_controls.json b/src/mapping/aws/data/controltower/aws_controltower_controls.json new file mode 100644 index 00000000..79264259 --- /dev/null +++ b/src/mapping/aws/data/controltower/aws_controltower_controls.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "controltower:ListEnabledControls" + ] + } +] diff --git a/src/mapping/aws/data/ec2/aws_vpc_ipam_pool_cidrs.json b/src/mapping/aws/data/ec2/aws_vpc_ipam_pool_cidrs.json index 2b5767cb..2fe07aec 100644 --- a/src/mapping/aws/data/ec2/aws_vpc_ipam_pool_cidrs.json +++ b/src/mapping/aws/data/ec2/aws_vpc_ipam_pool_cidrs.json @@ -7,7 +7,7 @@ "destroy": [], "modify": [], "plan": [ - "ec2:DescribeIpamPools" + "ec2:GetIpamPoolCidrs" ] } ] diff --git a/src/mapping/aws/data/ec2/aws_vpc_ipam_pools.json b/src/mapping/aws/data/ec2/aws_vpc_ipam_pools.json new file mode 100644 index 00000000..2b5767cb --- /dev/null +++ b/src/mapping/aws/data/ec2/aws_vpc_ipam_pools.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "ec2:DescribeIpamPools" + ] + } +] diff --git a/src/mapping/aws/data/rds/aws_db_instances.json b/src/mapping/aws/data/rds/aws_db_instances.json new file mode 100644 index 00000000..0df2a5ad --- /dev/null +++ b/src/mapping/aws/data/rds/aws_db_instances.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "rds:DescribeDBInstances" + ] + } +] diff --git a/src/mapping/aws/data/servicequota/aws_servicequotas_service.json b/src/mapping/aws/data/servicequota/aws_servicequotas_service.json index b7c13bba..163b09cd 100644 --- a/src/mapping/aws/data/servicequota/aws_servicequotas_service.json +++ b/src/mapping/aws/data/servicequota/aws_servicequotas_service.json @@ -6,6 +6,8 @@ }, "destroy": [], "modify": [], - "plan": [ "servicequotas:ListServices"] + "plan": [ + "servicequotas:ListServices" + ] } ] diff --git a/src/mapping/aws/data/servicequota/aws_servicequotas_service_quota.json b/src/mapping/aws/data/servicequota/aws_servicequotas_service_quota.json index b7c13bba..163b09cd 100644 --- a/src/mapping/aws/data/servicequota/aws_servicequotas_service_quota.json +++ b/src/mapping/aws/data/servicequota/aws_servicequotas_service_quota.json @@ -6,6 +6,8 @@ }, "destroy": [], "modify": [], - "plan": [ "servicequotas:ListServices"] + "plan": [ + "servicequotas:ListServices" + ] } ] diff --git a/src/mapping/aws/data/ses/aws_sesv2_dedicated_ip_pool.json b/src/mapping/aws/data/ses/aws_sesv2_dedicated_ip_pool.json new file mode 100644 index 00000000..f9277852 --- /dev/null +++ b/src/mapping/aws/data/ses/aws_sesv2_dedicated_ip_pool.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "ses:GetDedicatedIpPool" + ] + } +] diff --git a/src/mapping/aws/data/sqs/aws_sqs_queues.json b/src/mapping/aws/data/sqs/aws_sqs_queues.json new file mode 100644 index 00000000..7ca6da1d --- /dev/null +++ b/src/mapping/aws/data/sqs/aws_sqs_queues.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "sqs:ListQueues" + ] + } +] diff --git a/src/mapping/aws/resource/elasticache/aws_elasticache_user_group.json b/src/mapping/aws/resource/elasticache/aws_elasticache_user_group.json index a8404be5..04bb5d5b 100644 --- a/src/mapping/aws/resource/elasticache/aws_elasticache_user_group.json +++ b/src/mapping/aws/resource/elasticache/aws_elasticache_user_group.json @@ -4,7 +4,8 @@ "elasticache:ListTagsForResource", "elasticache:CreateUserGroup", "elasticache:DescribeUserGroups", - "elasticache:DeleteUserGroup"], + "elasticache:DeleteUserGroup" + ], "attributes": { "tags": [ "elasticache:AddTagsToResource", @@ -12,9 +13,11 @@ ] }, "destroy": [ - "elasticache:DeleteUserGroup"], + "elasticache:DeleteUserGroup" + ], "modify": [ - "elasticache:ModifyUserGroup"], + "elasticache:ModifyUserGroup" + ], "plan": [] } ] diff --git a/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_rule.json b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_rule.json index 78b68660..8d3753cb 100644 --- a/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_rule.json +++ b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_rule.json @@ -1,24 +1,24 @@ -[ - { - "apply": [ - "elasticloadbalancing:CreateRule", - "elasticloadbalancing:SetRulePriorities" - ], - "attributes": { - "tags": [ - "elasticloadbalancing:AddTags", - "elasticloadbalancing:RemoveTags", - "elasticloadbalancing:DescribeTags" - ] - }, - "destroy": [ - "elasticloadbalancing:DeleteRule" - ], - "modify": [ - "elasticloadbalancing:ModifyRule" - ], - "plan": [ - "elasticloadbalancing:DescribeRules" - ] - } -] \ No newline at end of file +[ + { + "apply": [ + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:SetRulePriorities" + ], + "attributes": { + "tags": [ + "elasticloadbalancing:AddTags", + "elasticloadbalancing:RemoveTags", + "elasticloadbalancing:DescribeTags" + ] + }, + "destroy": [ + "elasticloadbalancing:DeleteRule" + ], + "modify": [ + "elasticloadbalancing:ModifyRule" + ], + "plan": [ + "elasticloadbalancing:DescribeRules" + ] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_user_group_membership.json b/src/mapping/aws/resource/iam/aws_iam_user_group_membership.json index fc4a1acd..788b647d 100644 --- a/src/mapping/aws/resource/iam/aws_iam_user_group_membership.json +++ b/src/mapping/aws/resource/iam/aws_iam_user_group_membership.json @@ -3,12 +3,14 @@ "apply": [ "iam:AddUserToGroup", "iam:ListGroupsForUser", - "iam:RemoveUserFromGroup"], + "iam:RemoveUserFromGroup" + ], "attributes": { "tags": [] }, "destroy": [ - "iam:RemoveUserFromGroup"], + "iam:RemoveUserFromGroup" + ], "modify": [], "plan": [] } diff --git a/src/mapping/aws/resource/lambda/aws_lambda_invocation.json b/src/mapping/aws/resource/lambda/aws_lambda_invocation.json index 473b2019..161c546f 100644 --- a/src/mapping/aws/resource/lambda/aws_lambda_invocation.json +++ b/src/mapping/aws/resource/lambda/aws_lambda_invocation.json @@ -1,6 +1,8 @@ [ { - "apply": ["lambda:InvokeAsync"], + "apply": [ + "lambda:InvokeAsync" + ], "attributes": { "tags": [] }, diff --git a/src/mapping/aws/resource/s3/aws_s3_bucket_inventory.json b/src/mapping/aws/resource/s3/aws_s3_bucket_inventory.json index 6274fb50..b329e4e7 100644 --- a/src/mapping/aws/resource/s3/aws_s3_bucket_inventory.json +++ b/src/mapping/aws/resource/s3/aws_s3_bucket_inventory.json @@ -2,7 +2,8 @@ { "apply": [ "s3:GetInventoryConfiguration", - "s3:PutInventoryConfiguration"], + "s3:PutInventoryConfiguration" + ], "attributes": { "tags": [] }, diff --git a/src/mapping/aws/resource/servicequota/aws_servicequotas_service_quota.json b/src/mapping/aws/resource/servicequota/aws_servicequotas_service_quota.json index 8a96ba0d..6e752eee 100644 --- a/src/mapping/aws/resource/servicequota/aws_servicequotas_service_quota.json +++ b/src/mapping/aws/resource/servicequota/aws_servicequotas_service_quota.json @@ -5,7 +5,8 @@ "servicequotas:GetServiceQuota", "servicequotas:RequestServiceQuotaIncrease", "servicequotas:GetRequestedServiceQuotaChange", - "iam:CreateServiceLinkedRole"], + "iam:CreateServiceLinkedRole" + ], "attributes": { "tags": [] }, diff --git a/terraform/aws/backup/aws_elasticache_user.tf b/terraform/aws/backup/aws_elasticache_user.tf index d4a99c8a..430f9aef 100644 --- a/terraform/aws/backup/aws_elasticache_user.tf +++ b/terraform/aws/backup/aws_elasticache_user.tf @@ -5,7 +5,7 @@ resource "aws_elasticache_user" "pike" { engine = "REDIS" passwords = ["password123456789"] tags = { - pike="permissions" -# another="tag" + pike = "permissions" + # another="tag" } -} \ No newline at end of file +} diff --git a/terraform/aws/backup/aws_elasticache_user_group.tf b/terraform/aws/backup/aws_elasticache_user_group.tf index a46c3519..cb58ea4d 100644 --- a/terraform/aws/backup/aws_elasticache_user_group.tf +++ b/terraform/aws/backup/aws_elasticache_user_group.tf @@ -3,6 +3,6 @@ resource "aws_elasticache_user_group" "pike" { user_group_id = "pike" user_ids = ["testuserid"] tags = { - pike="permissions" + pike = "permissions" } -} \ No newline at end of file +} diff --git a/terraform/aws/backup/aws_iam_user_group_membership.tf b/terraform/aws/backup/aws_iam_user_group_membership.tf index d8fc1823..da1e9713 100644 --- a/terraform/aws/backup/aws_iam_user_group_membership.tf +++ b/terraform/aws/backup/aws_iam_user_group_membership.tf @@ -5,4 +5,4 @@ resource "aws_iam_user_group_membership" "pike" { "test", "pike" ] -} \ No newline at end of file +} diff --git a/terraform/aws/backup/aws_lambda_invocation.tf b/terraform/aws/backup/aws_lambda_invocation.tf index 87d2d594..712f46ef 100644 --- a/terraform/aws/backup/aws_lambda_invocation.tf +++ b/terraform/aws/backup/aws_lambda_invocation.tf @@ -5,4 +5,4 @@ resource "aws_lambda_invocation" "pike" { key1 = "value1" key2 = "value2" }) -} \ No newline at end of file +} diff --git a/terraform/aws/backup/aws_s3_bucket_inventory.tf b/terraform/aws/backup/aws_s3_bucket_inventory.tf index e2414800..24a812aa 100644 --- a/terraform/aws/backup/aws_s3_bucket_inventory.tf +++ b/terraform/aws/backup/aws_s3_bucket_inventory.tf @@ -2,7 +2,7 @@ resource "aws_s3_bucket_inventory" "pike" { bucket = "config-store-jgw" included_object_versions = "Current" name = "EntireBucketDaily" - enabled = true + enabled = true destination { bucket { account_id = "680235478471" @@ -21,4 +21,4 @@ resource "aws_s3_bucket_inventory" "pike" { #data aws_s3_bucket "config" { # # bucket = "config-store-jgw" -#} \ No newline at end of file +#} diff --git a/terraform/aws/backup/aws_servicequotas_service_quota.tf b/terraform/aws/backup/aws_servicequotas_service_quota.tf index cc9788ca..4fbf7fec 100644 --- a/terraform/aws/backup/aws_servicequotas_service_quota.tf +++ b/terraform/aws/backup/aws_servicequotas_service_quota.tf @@ -3,5 +3,3 @@ resource "aws_servicequotas_service_quota" "pike" { service_code = "vpc" value = 5 } - - diff --git a/terraform/aws/backup/data.aws_auditmanager_control.tf b/terraform/aws/backup/data.aws_auditmanager_control.tf new file mode 100644 index 00000000..5970c8ae --- /dev/null +++ b/terraform/aws/backup/data.aws_auditmanager_control.tf @@ -0,0 +1,4 @@ +data "aws_auditmanager_control" "pike" { + type = "Standard" + name = "pike" +} diff --git a/terraform/aws/backup/data.aws_auditmanager_framework.tf b/terraform/aws/backup/data.aws_auditmanager_framework.tf new file mode 100644 index 00000000..a81bb569 --- /dev/null +++ b/terraform/aws/backup/data.aws_auditmanager_framework.tf @@ -0,0 +1,4 @@ +data "aws_auditmanager_framework" "pike" { + name = "pike" + framework_type = "Standard" +} diff --git a/terraform/aws/backup/data.aws_connect_instance_storage_config.tf b/terraform/aws/backup/data.aws_connect_instance_storage_config.tf new file mode 100644 index 00000000..167a38b0 --- /dev/null +++ b/terraform/aws/backup/data.aws_connect_instance_storage_config.tf @@ -0,0 +1,5 @@ +data "aws_connect_instance_storage_config" "pike" { + instance_id = "asdadasd" + resource_type = "CHAT_TRANSCRIPTS" + association_id = "asdasd" +} diff --git a/terraform/aws/backup/data.aws_controltower_controls.tf b/terraform/aws/backup/data.aws_controltower_controls.tf new file mode 100644 index 00000000..261bd133 --- /dev/null +++ b/terraform/aws/backup/data.aws_controltower_controls.tf @@ -0,0 +1,3 @@ +data "aws_controltower_controls" "pike" { + target_identifier = "arn:aws:organizations::123456789101:ou/o-qqaejywet/ou-qg5o-ufbhdtv3,arn:aws:controltower:us-east-1::control/WTDSMKDKDNLE" +} diff --git a/terraform/aws/backup/data.aws_db_instances.tf b/terraform/aws/backup/data.aws_db_instances.tf new file mode 100644 index 00000000..271e6742 --- /dev/null +++ b/terraform/aws/backup/data.aws_db_instances.tf @@ -0,0 +1 @@ +data "aws_db_instances" "pike" {} diff --git a/terraform/aws/backup/data.aws_servicequotas_service.tf b/terraform/aws/backup/data.aws_servicequotas_service.tf index 9333d87b..81f7c2b4 100644 --- a/terraform/aws/backup/data.aws_servicequotas_service.tf +++ b/terraform/aws/backup/data.aws_servicequotas_service.tf @@ -3,6 +3,6 @@ data "aws_servicequotas_service" "pike" { } output "quota" { - value=data.aws_servicequotas_service.pike + value = data.aws_servicequotas_service.pike } -//servicequotas:ListServices \ No newline at end of file +//servicequotas:ListServices diff --git a/terraform/aws/backup/data.aws_servicequotas_service_quota.tf b/terraform/aws/backup/data.aws_servicequotas_service_quota.tf index 2499efee..b2e1575b 100644 --- a/terraform/aws/backup/data.aws_servicequotas_service_quota.tf +++ b/terraform/aws/backup/data.aws_servicequotas_service_quota.tf @@ -4,5 +4,5 @@ data "aws_servicequotas_service_quota" "by_quota_code" { } output "service_quota" { - value=data.aws_servicequotas_service_quota.by_quota_code -} \ No newline at end of file + value = data.aws_servicequotas_service_quota.by_quota_code +} diff --git a/terraform/aws/backup/data.aws_sesv2_dedicated_ip_pool.tf b/terraform/aws/backup/data.aws_sesv2_dedicated_ip_pool.tf new file mode 100644 index 00000000..b55a92d6 --- /dev/null +++ b/terraform/aws/backup/data.aws_sesv2_dedicated_ip_pool.tf @@ -0,0 +1,3 @@ +data "aws_sesv2_dedicated_ip_pool" "pike" { + pool_name = "pike" +} diff --git a/terraform/aws/backup/data.aws_sqs_queues.tf b/terraform/aws/backup/data.aws_sqs_queues.tf new file mode 100644 index 00000000..d771db62 --- /dev/null +++ b/terraform/aws/backup/data.aws_sqs_queues.tf @@ -0,0 +1 @@ +data "aws_sqs_queues" "pike" {} diff --git a/terraform/aws/backup/data.aws_vpc_ipam_pools.tf b/terraform/aws/backup/data.aws_vpc_ipam_pools.tf new file mode 100644 index 00000000..0a194a93 --- /dev/null +++ b/terraform/aws/backup/data.aws_vpc_ipam_pools.tf @@ -0,0 +1 @@ +data "aws_vpc_ipam_pools" "pike" {} diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf index 8441203f..45bc549d 100644 --- a/terraform/aws/role/aws_iam_policy.basic.tf +++ b/terraform/aws/role/aws_iam_policy.basic.tf @@ -7,7 +7,8 @@ resource "aws_iam_policy" "basic" { "Sid" : "0", "Effect" : "Allow", "Action" : [ - "ec2:DescribeTransitGateways", + "rds:DescribeDBInstances", + ], "Resource" : "*", } diff --git a/todo_aws.md b/todo_aws.md index 2774b862..f1a3da8b 100644 --- a/todo_aws.md +++ b/todo_aws.md @@ -221,3 +221,19 @@ data.aws_eks_addon_version ./resource.ps1 aws_vpc_endpoint_subnet_association ./resource.ps1 aws_wafv2_web_acl_association ./resource.ps1 aws_wafv2_web_acl_logging_configuration + +./resource.ps1 aws_dx_router_configuration -type data +./resource.ps1 aws_dynamodb_table_item -type data +./resource.ps1 aws_elasticache_subnet_group -type data +./resource.ps1 aws_glue_catalog_table -type data +./resource.ps1 aws_ivs_stream_key -type data +./resource.ps1 aws_kms_custom_key_store -type data +./resource.ps1 aws_lbs -type data +./resource.ps1 aws_rds_reserved_instance_offering -type data +./resource.ps1 aws_redshiftserverless_credentials -type data +./resource.ps1 aws_route53_resolver_firewall_config -type data +./resource.ps1 aws_route53_resolver_firewall_domain_list -type data +./resource.ps1 aws_route53_resolver_firewall_rule_group -type data +./resource.ps1 aws_route53_resolver_firewall_rule_group_association -type data +./resource.ps1 aws_route53_resolver_firewall_rules -type data +./resource.ps1 aws_s3control_multi_region_access_point -type data