latest aws

.run/go build github.com_jameswoolfenden_pike.run.xml

@@ -2,15 +2,15 @@
   <configuration default="false" name="go build github.com/jameswoolfenden/pike" type="GoApplicationRunConfiguration" factoryName="Go Application" nameIsGenerated="true">
     <module name="pike" />
     <working_directory value="$PROJECT_DIR$" />
-    <parameters value="-d terraform/aws/backup scan" />
+    <parameters value="scan -d terraform/aws/backup" />
     <EXTENSION ID="net.ashald.envfile">
       <option name="IS_ENABLED" value="false" />
       <option name="IS_SUBST" value="false" />
       <option name="IS_PATH_MACRO_SUPPORTED" value="false" />
       <option name="IS_IGNORE_MISSING_FILES" value="false" />
       <option name="IS_ENABLE_EXPERIMENTAL_INTEGRATIONS" value="false" />
       <ENTRIES>
-        <ENTRY IS_ENABLED="true" PARSER="runconfig" />
+        <ENTRY IS_ENABLED="true" PARSER="runconfig" IS_EXECUTABLE="false" />
       </ENTRIES>
     </EXTENSION>
     <kind value="PACKAGE" />

src/aws.go

@@ -320,6 +320,8 @@ func GetAWSResourcePermissions(result ResourceV2) ([]string, error) {
 		"aws_ec2_network_insights_analysis":                  awsEc2NetworkInsightsAnalysis,
 		"aws_ec2_transit_gateway_vpc_attachment":             awsEc2TransitGatewayVpcAttachment,
 		"aws_vpc_endpoint_route_table_association":           awsVpcEndpointRouteTableAssociation,
+		"aws_appconfig_configuration_profile":                awsAppconfigConfigurationProfile,
+		"aws_appconfig_application":                          awsAppconfigApplication,
 	}
 
 	var Permissions []string

src/aws_datasource.go

@@ -102,6 +102,12 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) {
 		"aws_location_tracker_associations":         dataAwsLocationTrackerAssociations,
 		"aws_workspaces_bundle":                     dataAwsWorkspacesBundle,
 		"aws_route_table":                           dataAwsRouteTable,
+		"aws_appconfig_configuration_profiles":      dataAwsAppconfigConfigurationProfiles,
+		"aws_appconfig_environment":                 dataAwsAppconfigEnvironment,
+		"aws_appconfig_environments":                dataAwsAppconfigEnvironments,
+		"aws_kms_custom_key_store":                  dataAwsKmsCustomKeyStore,
+		"aws_vpc_ipam_pool_cidrs":                   dataAwsVpcIpamPoolCidrs,
+		"aws_vpc_ipam_pool":                         dataAwsVpcIpamPoolCidrs,
 	}
 
 	var Permissions []string

src/files.go

@@ -810,3 +810,9 @@ var awsEc2NetworkInsightsPath []byte
 
 //go:embed mapping/aws/resource/ec2/aws_ec2_network_insights_analysis.json
 var awsEc2NetworkInsightsAnalysis []byte
+
+//go:embed mapping/aws/resource/appconfig/aws_appconfig_configuration_profile.json
+var awsAppconfigConfigurationProfile []byte
+
+//go:embed mapping/aws/resource/appconfig/aws_appconfig_application.json
+var awsAppconfigApplication []byte

src/files_datasource.go

@@ -231,3 +231,18 @@ var dataAwsWorkspacesBundle []byte
 
 //go:embed mapping/aws/data/ec2/aws_route_table.json
 var dataAwsRouteTable []byte
+
+//go:embed mapping/aws/data/appconfig/aws_appconfig_configuration_profiles.json
+var dataAwsAppconfigConfigurationProfiles []byte
+
+//go:embed mapping/aws/data/appconfig/aws_appconfig_environment.json
+var dataAwsAppconfigEnvironment []byte
+
+//go:embed mapping/aws/data/appconfig/aws_appconfig_environments.json
+var dataAwsAppconfigEnvironments []byte
+
+//go:embed mapping/aws/data/kms/aws_kms_custom_key_store.json
+var dataAwsKmsCustomKeyStore []byte
+
+//go:embed mapping/aws/data/ec2/aws_vpc_ipam_pool_cidrs.json
+var dataAwsVpcIpamPoolCidrs []byte

src/mapping/aws/data/appconfig/aws_appconfig_configuration_profiles.json

@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "AppConfig:ListConfigurationProfiles"
+    ]
+  }
+]

src/mapping/aws/data/appconfig/aws_appconfig_environment.json

@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "AppConfig:GetEnvironment"
+    ]
+  }
+]

src/mapping/aws/data/appconfig/aws_appconfig_environments.json

@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "AppConfig:ListEnvironments"
+    ]
+  }
+]

src/mapping/aws/data/ec2/aws_vpc_ipam_pool_cidrs.json

@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "ec2:DescribeIpamPools"
+    ]
+  }
+]

src/mapping/aws/data/kms/aws_kms_custom_key_store.json

@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "kms:DescribeCustomKeyStores"
+    ]
+  }
+]

src/mapping/aws/resource/appconfig/aws_appconfig_application.json

@@ -0,0 +1,24 @@
+[
+  {
+    "apply": [
+      "appconfig:DeleteApplication",
+      "appconfig:GetApplication",
+      "ec2:DescribeAccountAttributes",
+      "appconfig:ListTagsForResource",
+      "appconfig:CreateApplication"
+    ],
+    "attributes": {
+      "tags": [
+        "appconfig:TagResource",
+        "appconfig:UntagResource"
+      ]
+    },
+    "destroy": [
+      "appconfig:DeleteApplication"
+    ],
+    "modify": [
+      "appconfig:UpdateApplication"
+    ],
+    "plan": []
+  }
+]

src/mapping/aws/resource/appconfig/aws_appconfig_configuration_profile.json

@@ -0,0 +1,23 @@
+[
+  {
+    "apply": [
+      "ec2:DescribeAccountAttributes",
+      "appconfig:CreateConfigurationProfile",
+      "appconfig:GetConfigurationProfile",
+      "appconfig:DeleteConfigurationProfile"
+    ],
+    "attributes": {
+      "tags": [
+        "appconfig:TagResource",
+        "appconfig:UntagResource"
+      ]
+    },
+    "destroy": [
+      "appconfig:DeleteConfigurationProfile"
+    ],
+    "modify": [
+      "appconfig:UpdateConfigurationProfile"
+    ],
+    "plan": []
+  }
+]

terraform/aws/aws_autoscaling_schedule.tf

@@ -1,4 +1,4 @@
-resource "aws_autoscaling_schedule" "pike" {
-  autoscaling_group_name = ""
-  scheduled_action_name  = ""
-}
+#resource "aws_autoscaling_schedule" "pike" {
+#  autoscaling_group_name = ""
+#  scheduled_action_name  = ""
+#}

terraform/aws/backup/aws_appconfig_configuration_profile.tf

@@ -0,0 +1,25 @@
+resource "aws_appconfig_configuration_profile" "pike" {
+  application_id = aws_appconfig_application.pike.id
+  description    = "Example Configuration Profile"
+  name           = "pike"
+  location_uri   = "hosted"
+
+  validator {
+    content = "arn:aws:lambda:eu-west-2:680235478471:function:message-processor"
+    type    = "LAMBDA"
+  }
+
+  tags = {
+    pike = "permissions"
+  }
+}
+
+resource "aws_appconfig_application" "pike" {
+  name        = "pike-tf"
+  description = "Pike is permissions"
+
+  tags = {
+    pike   = "Permissions"
+    delete = "me"
+  }
+}

terraform/aws/backup/data.aws_appconfig_configuration_profiles.tf

@@ -0,0 +1,3 @@
+data "aws_appconfig_configuration_profiles" "pike" {
+  application_id = "b5d5gpj"
+}

terraform/aws/backup/data.aws_appconfig_environment.tf

@@ -0,0 +1,4 @@
+data "aws_appconfig_environment" "pike" {
+  application_id = "b5d5gpj"
+  environment_id = "qrbb1c1"
+}

terraform/aws/backup/data.aws_appconfig_environments.tf

@@ -0,0 +1,3 @@
+data "aws_appconfig_environments" "pike" {
+  application_id = "b5d5gpj"
+}

terraform/aws/backup/data.aws_kms_custom_key_store.tf

@@ -0,0 +1,3 @@
+data "aws_kms_custom_key_store" "pike" {
+  custom_key_store_name = "my_cloudhsm"
+}

terraform/aws/backup/data.aws_vpc_ipam_pool_cidrs.tf

@@ -0,0 +1,15 @@
+data "aws_vpc_ipam_pool_cidrs" "pike" {
+  ipam_pool_id = data.aws_vpc_ipam_pool.p.id
+}
+
+data "aws_vpc_ipam_pool" "p" {
+  filter {
+    name   = "description"
+    values = ["*mypool*"]
+  }
+
+  filter {
+    name   = "address-family"
+    values = ["ipv4"]
+  }
+}

terraform/aws/role/aws_iam_policy.basic.tf

@@ -7,79 +7,21 @@ resource "aws_iam_policy" "basic" {
         "Sid" : "0",
         "Effect" : "Allow",
         "Action" : [
-          "ec2:CreateNetworkInterface",
-          "ec2:DescribeNetworkInterfaces",
-          "ec2:DeleteNetworkInterface",
-
+          "appconfig:DeleteApplication",
+          "appconfig:TagResource",
+          "appconfig:UpdateApplication",
+          "appconfig:UntagResource",
+          "appconfig:GetApplication",
           "ec2:DescribeAccountAttributes",
-          "ec2:CreateNetworkInsightsPath",
-          "ec2:DescribeNetworkInsightsPaths",
-          "ec2:DeleteNetworkInsightsPath",
-          "ec2:CreateTags",
-          "ec2:DeleteTags",
-
-          "ec2:StartNetworkInsightsAnalysis",
-          "ec2:DescribeNetworkInsightsAnalyses",
-          "ec2:DeleteNetworkInsightsAnalysis",
+          "appconfig:ListTagsForResource",
+          "appconfig:CreateApplication",
 
-          "tiros:CreateQuery",
-          "tiros:GetQueryAnswer",
-          "ec2:CreateTags",
-          "ec2:DeleteTags",
-          "cloudformation:DescribeStacks",
-          "cloudformation:ListStackResources",
-          "ec2:CreateNetworkInsightsAccessScope",
-          "ec2:DeleteNetworkInsightsAccessScopeAnalysis",
-          "ec2:DeleteNetworkInsightsAccessScope",
-          "ec2:DescribeAvailabilityZones",
-          "ec2:DescribeCustomerGateways",
-          "ec2:DescribeInstances",
-          "ec2:DescribeInternetGateways",
-          "ec2:DescribeManagedPrefixLists",
-          "ec2:DescribeNatGateways",
-          "ec2:DescribeNetworkAcls",
-          "ec2:DescribeNetworkInsightsAccessScopeAnalyses",
-          "ec2:DescribeNetworkInsightsAccessScopes",
-          "ec2:DescribeNetworkInterfaces",
-          "ec2:DescribePrefixLists",
-          "ec2:DescribeRegions",
-          "ec2:DescribeRouteTables",
-          "ec2:DescribeSecurityGroups",
-          "ec2:DescribeSubnets",
-          "ec2:DescribeTransitGatewayAttachments",
-          "ec2:DescribeTransitGatewayConnects",
-          "ec2:DescribeTransitGatewayPeeringAttachments",
-          "ec2:DescribeTransitGatewayRouteTables",
-          "ec2:DescribeTransitGatewayVpcAttachments",
-          "ec2:DescribeTransitGateways",
-          "ec2:DescribeVpcEndpointServiceConfigurations",
-          "ec2:DescribeVpcEndpoints",
-          "ec2:DescribeVpcPeeringConnections",
-          "ec2:DescribeVpcs",
-          "ec2:DescribeVpnConnections",
-          "ec2:DescribeVpnGateways",
-          "ec2:GetManagedPrefixListEntries",
-          "ec2:GetNetworkInsightsAccessScopeAnalysisFindings",
-          "ec2:GetNetworkInsightsAccessScopeContent",
-          "ec2:GetTransitGatewayRouteTablePropagations",
-          "ec2:SearchTransitGatewayRoutes",
-          "ec2:StartNetworkInsightsAccessScopeAnalysis",
-          "elasticloadbalancing:DescribeListeners",
-          "elasticloadbalancing:DescribeLoadBalancerAttributes",
-          "elasticloadbalancing:DescribeLoadBalancers",
-          "elasticloadbalancing:DescribeRules",
-          "elasticloadbalancing:DescribeTags",
-          "elasticloadbalancing:DescribeTargetGroups",
-          "elasticloadbalancing:DescribeTargetHealth",
-          "network-firewall:DescribeFirewall",
-          "network-firewall:DescribeFirewallPolicy",
-          "network-firewall:DescribeResourcePolicy",
-          "network-firewall:DescribeRuleGroup",
-          "network-firewall:ListFirewallPolicies",
-          "network-firewall:ListFirewalls",
-          "network-firewall:ListRuleGroups",
-          "resource-groups:ListGroupResources",
-          "tag:GetResources",
+          "ec2:DescribeAccountAttributes",
+          "appconfig:CreateConfigurationProfile",
+          "appconfig:GetConfigurationProfile",
+          "appconfig:DeleteConfigurationProfile",
+          "appconfig:TagResource",
+          "appconfig:UntagResource",
         ]
         "Resource" : "*"
       }

todo.md

@@ -248,7 +248,10 @@
 aws_route_table
 
 resources
-aws_ec2_transit_gateway_vpc_attachment
-./resource.ps1 aws_eks_fargate_profile
-./resource.ps1 aws_eks_node_group
-./resource.ps1 aws_autoscaling_schedule
+
+./resource.ps1 aws_evidently_project
+./resource.ps1 aws_identitystore_group
+./resource.ps1 aws_identitystore_group_membership
+./resource.ps1 aws_identitystore_user
+./resource.ps1 aws_inspector2_organization_configuration
+./resource.ps1 aws_kms_custom_key_store