aws odds

JamesWoolfenden · Jun 14, 2024 · 3354b52 · 3354b52
1 parent 9fca110
commit 3354b52
Show file tree

Hide file tree

Showing 25 changed files with 308 additions and 83 deletions.
diff --git a/src/aws.go b/src/aws.go
@@ -804,6 +804,16 @@ func AwsLookup(name string) interface{} {
 		"aws_ec2_client_vpn_route":                                 awsEc2ClientVpnRoute,
 		"aws_ec2_fleet":                                            awsEc2Fleet,
 		"aws_ec2_host":                                             awsEc2Host,
+		"aws_accessanalyzer_archive_rule":                          awsAccessAnalyzerArchiveRule,
+		"aws_account_region":                                       awsAccountRegion,
+		"aws_acmpca_permission":                                    awsAcmpcaPermission,
+		"aws_acmpca_policy":                                        awsAcmpcaPolicy,
+		"aws_simpledb_domain":                                      awsSimpledbDomain,
+		"aws_snapshot_create_volume_permission":                    awsSnapshotCreateVolumePermission,
+		"aws_sns_platform_application":                             awsSnsPlatformApplication,
+		"aws_synthetics_canary":                                    awsSyntheticsCanary,
+		"aws_synthetics_group":                                     awsSyntheticsGroup,
+		"aws_synthetics_group_association":                         awsSyntheticsGroupAssociation,
 	}
 
 	return TFLookup[name]

diff --git a/src/coverage/aws.md b/src/coverage/aws.md
@@ -1,12 +1,8 @@
 # todo aws
 
-Resource percentage coverage   53.07
+Resource percentage coverage   54.31
 Datasource percentage coverage 100.00
 
-./resource.ps1 aws_accessanalyzer_archive_rule
-./resource.ps1 aws_account_region
-./resource.ps1 aws_acmpca_permission
-./resource.ps1 aws_acmpca_policy
 ./resource.ps1 aws_amplify_app
 ./resource.ps1 aws_amplify_backend_environment
 ./resource.ps1 aws_amplify_branch
@@ -577,9 +573,6 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_shield_protection
 ./resource.ps1 aws_shield_protection_group
 ./resource.ps1 aws_shield_protection_health_check_association
-./resource.ps1 aws_simpledb_domain
-./resource.ps1 aws_snapshot_create_volume_permission
-./resource.ps1 aws_sns_platform_application
 ./resource.ps1 aws_spot_datafeed_subscription
 ./resource.ps1 aws_spot_fleet_request
 ./resource.ps1 aws_ssm_activation
@@ -601,9 +594,6 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_ssoadmin_permission_set_inline_policy
 ./resource.ps1 aws_ssoadmin_permissions_boundary_attachment
 ./resource.ps1 aws_ssoadmin_trusted_token_issuer
-./resource.ps1 aws_synthetics_canary
-./resource.ps1 aws_synthetics_group
-./resource.ps1 aws_synthetics_group_association
 ./resource.ps1 aws_transcribe_language_model
 ./resource.ps1 aws_transcribe_medical_vocabulary
 ./resource.ps1 aws_transcribe_vocabulary

diff --git a/src/files.go b/src/files.go
@@ -2052,3 +2052,33 @@ var awsEc2Fleet []byte
 
 //go:embed mapping/aws/resource/ec2/aws_ec2_host.json
 var awsEc2Host []byte
+
+//go:embed mapping/aws/resource/access-analyzer/aws_accessanalyzer_archive_rule.json
+var awsAccessAnalyzerArchiveRule []byte
+
+//go:embed mapping/aws/resource/account/aws_account_region.json
+var awsAccountRegion []byte
+
+//go:embed mapping/aws/resource/acm-pa/aws_acmpca_permission.json
+var awsAcmpcaPermission []byte
+
+//go:embed mapping/aws/resource/acm-pa/aws_acmpca_policy.json
+var awsAcmpcaPolicy []byte
+
+//go:embed mapping/aws/resource/sdb/aws_simpledb_domain.json
+var awsSimpledbDomain []byte
+
+//go:embed mapping/aws/resource/ec2/aws_snapshot_create_volume_permission.json
+var awsSnapshotCreateVolumePermission []byte
+
+//go:embed mapping/aws/resource/sns/aws_sns_platform_application.json
+var awsSnsPlatformApplication []byte
+
+//go:embed mapping/aws/resource/synthetics/aws_synthetics_canary.json
+var awsSyntheticsCanary []byte
+
+//go:embed mapping/aws/resource/synthetics/aws_synthetics_group.json
+var awsSyntheticsGroup []byte
+
+//go:embed mapping/aws/resource/synthetics/aws_synthetics_group_association.json
+var awsSyntheticsGroupAssociation []byte
diff --git a/src/mapping/aws/resource/access-analyzer/aws_accessanalyzer_analyzer.json b/src/mapping/aws/resource/access-analyzer/aws_accessanalyzer_analyzer.json
@@ -5,7 +5,7 @@
       "access-analyzer:DeleteAnalyzer",
       "access-analyzer:GetAnalyzer",
       "access-analyzer:ListAnalyzers",
-      "access-analyzer:UpdateAnalyzer"
+      "iam:CreateServiceLinkedRole"
     ],
     "attributes": {
       "tags": [
@@ -16,9 +16,7 @@
     "destroy": [
       "access-analyzer:DeleteAnalyzer"
     ],
-    "modify": [
-      "access-analyzer:UpdateAnalyzer"
-    ],
+    "modify": [],
     "plan": []
   }
 ]
diff --git a/src/mapping/aws/resource/access-analyzer/aws_accessanalyzer_archive_rule.json b/src/mapping/aws/resource/access-analyzer/aws_accessanalyzer_archive_rule.json
@@ -0,0 +1,20 @@
+[
+  {
+    "apply": [
+      "access-analyzer:DeleteArchiveRule",
+      "access-analyzer:CreateArchiveRule",
+      "access-analyzer:GetArchiveRule",
+      "access-analyzer:UpdateArchiveRule"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "access-analyzer:DeleteArchiveRule"
+    ],
+    "modify": [
+      "access-analyzer:UpdateArchiveRule"
+    ],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/account/aws_account_region.json b/src/mapping/aws/resource/account/aws_account_region.json
@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "account:EnableRegion",
+      "account:DisableRegion"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/acm-pa/aws_acmpca_permission.json b/src/mapping/aws/resource/acm-pa/aws_acmpca_permission.json
@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "acm-pca:CreatePermission",
+      "acm-pca:DeletePermission",
+      "acm-pca:ListPermissions"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "acm-pca:DeletePermission"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/acm-pa/aws_acmpca_policy.json b/src/mapping/aws/resource/acm-pa/aws_acmpca_policy.json
@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "acm-pca:GetPolicy",
+      "acm-pca:DeletePolicy",
+      "acm-pca:PutPolicy"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "acm-pca:DeletePolicy"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_snapshot_create_volume_permission.json b/src/mapping/aws/resource/ec2/aws_snapshot_create_volume_permission.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [
+      "ec2:ModifySnapshotAttribute"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/sdb/aws_simpledb_domain.json b/src/mapping/aws/resource/sdb/aws_simpledb_domain.json
@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "sdb:CreateDomain",
+      "sdb:DomainMetadata",
+      "sdb:DeleteDomain"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "sdb:DeleteDomain"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/sns/aws_sns_platform_application.json b/src/mapping/aws/resource/sns/aws_sns_platform_application.json
@@ -0,0 +1,18 @@
+[
+  {
+    "apply": [
+      "sns:CreatePlatformApplication",
+      "sns:DeletePlatformApplication",
+      "sns:SetPlatformApplicationAttributes",
+      "sns:GetPlatformApplicationAttributes"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "sns:DeletePlatformApplication"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/synthetics/aws_synthetics_canary.json b/src/mapping/aws/resource/synthetics/aws_synthetics_canary.json
@@ -0,0 +1,20 @@
+[
+  {
+    "apply": [
+      "synthetics:GetCanary",
+      "synthetics:CreateCanary",
+      "synthetics:DeleteCanary",
+      "synthetics:UpdateCanary"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "synthetics:DeleteCanary"
+    ],
+    "modify": [
+      "synthetics:UpdateCanary"
+    ],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/synthetics/aws_synthetics_group.json b/src/mapping/aws/resource/synthetics/aws_synthetics_group.json
@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "synthetics:CreateGroup",
+      "synthetics:GetGroup",
+      "synthetics:DeleteGroup"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "synthetics:DeleteGroup"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/synthetics/aws_synthetics_group_association.json b/src/mapping/aws/resource/synthetics/aws_synthetics_group_association.json
@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "synthetics:AssociateResource",
+      "synthetics:DisassociateResource"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/terraform/aws/backup/aws_accessanalyzer_archive_rule.tf b/terraform/aws/backup/aws_accessanalyzer_archive_rule.tf
@@ -0,0 +1,23 @@
+resource "aws_accessanalyzer_archive_rule" "pike" {
+  analyzer_name = aws_accessanalyzer_analyzer.pike.analyzer_name
+  rule_name     = "example-rule"
+
+  filter {
+    criteria = "condition.aws:UserId"
+    eq       = ["userid"]
+  }
+
+  filter {
+    criteria = "error"
+    exists   = true
+  }
+
+  filter {
+    criteria = "isPublic"
+    eq       = ["false"]
+  }
+}
+
+resource "aws_accessanalyzer_analyzer" "pike" {
+  analyzer_name = "pike"
+}
diff --git a/terraform/aws/backup/aws_account_region.tf b/terraform/aws/backup/aws_account_region.tf
@@ -0,0 +1,4 @@
+resource "aws_account_region" "pike" {
+  region_name = "eu-west-2"
+  enabled     = true
+}
diff --git a/terraform/aws/backup/aws_acmpca_permission.tf b/terraform/aws/backup/aws_acmpca_permission.tf
@@ -0,0 +1,3 @@
+resource "aws_acmpca_permission" "pike" {
+
+}
diff --git a/terraform/aws/backup/aws_acmpca_policy.tf b/terraform/aws/backup/aws_acmpca_policy.tf
@@ -0,0 +1,2 @@
+resource "aws_acmpca_policy" "pike" {
+}
diff --git a/terraform/aws/backup/aws_simpledb_domain.tf b/terraform/aws/backup/aws_simpledb_domain.tf
@@ -0,0 +1,4 @@
+resource "aws_simpledb_domain" "pike" {
+  provider = aws.central
+  name     = "pike"
+}
diff --git a/terraform/aws/backup/aws_snapshot_create_volume_permission.tf b/terraform/aws/backup/aws_snapshot_create_volume_permission.tf
@@ -0,0 +1,15 @@
+resource "aws_snapshot_create_volume_permission" "pike" {
+  account_id  = "1234567890"
+  snapshot_id = aws_ebs_snapshot.example_snapshot.id
+}
+
+resource "aws_ebs_volume" "example" {
+  availability_zone = "eu-west-2a"
+  size              = 40
+}
+
+resource "aws_ebs_snapshot" "example_snapshot" {
+  volume_id = aws_ebs_volume.example.id
+}
+
+#data "aws_caller_identity" "current" {}
diff --git a/terraform/aws/backup/aws_sns_platform_application.tf b/terraform/aws/backup/aws_sns_platform_application.tf
@@ -0,0 +1,5 @@
+resource "aws_sns_platform_application" "pike" {
+  name                = "pike"
+  platform            = "GCM"
+  platform_credential = "<GCM API KEY>"
+}
diff --git a/terraform/aws/backup/aws_synthetics_canary.tf b/terraform/aws/backup/aws_synthetics_canary.tf
@@ -0,0 +1,14 @@
+resource "aws_synthetics_canary" "pike" {
+  name = "pike"
+  schedule {
+    expression = ""
+  }
+
+  artifact_s3_location = ""
+  handler              = ""
+  runtime_version      = ""
+  execution_role_arn   = ""
+  tags = {
+    pike = "permissions"
+  }
+}
diff --git a/terraform/aws/backup/aws_synthetics_group.tf b/terraform/aws/backup/aws_synthetics_group.tf
@@ -0,0 +1,3 @@
+resource "aws_synthetics_group" "pike" {
+  name = "pike"
+}
diff --git a/terraform/aws/backup/aws_synthetics_group_association.tf b/terraform/aws/backup/aws_synthetics_group_association.tf
@@ -0,0 +1,4 @@
+resource "aws_synthetics_group_association" "pike" {
+  group_name = "pike"
+  canary_arn = aws_synthetics_canary.pike.arn
+}