diff --git a/.run/go build github.com_jameswoolfenden_pike.run.xml b/.run/go build github.com_jameswoolfenden_pike.run.xml index 1c73e91d..626a8c61 100644 --- a/.run/go build github.com_jameswoolfenden_pike.run.xml +++ b/.run/go build github.com_jameswoolfenden_pike.run.xml @@ -2,7 +2,7 @@ - + diff --git a/src/aws.go b/src/aws.go index 1ac13b46..44cd84aa 100644 --- a/src/aws.go +++ b/src/aws.go @@ -320,6 +320,8 @@ func GetAWSResourcePermissions(result ResourceV2) ([]string, error) { "aws_ec2_network_insights_analysis": awsEc2NetworkInsightsAnalysis, "aws_ec2_transit_gateway_vpc_attachment": awsEc2TransitGatewayVpcAttachment, "aws_vpc_endpoint_route_table_association": awsVpcEndpointRouteTableAssociation, + "aws_appconfig_configuration_profile": awsAppconfigConfigurationProfile, + "aws_appconfig_application": awsAppconfigApplication, } var Permissions []string diff --git a/src/aws_datasource.go b/src/aws_datasource.go index 2730963f..c01ef682 100644 --- a/src/aws_datasource.go +++ b/src/aws_datasource.go @@ -102,6 +102,12 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) { "aws_location_tracker_associations": dataAwsLocationTrackerAssociations, "aws_workspaces_bundle": dataAwsWorkspacesBundle, "aws_route_table": dataAwsRouteTable, + "aws_appconfig_configuration_profiles": dataAwsAppconfigConfigurationProfiles, + "aws_appconfig_environment": dataAwsAppconfigEnvironment, + "aws_appconfig_environments": dataAwsAppconfigEnvironments, + "aws_kms_custom_key_store": dataAwsKmsCustomKeyStore, + "aws_vpc_ipam_pool_cidrs": dataAwsVpcIpamPoolCidrs, + "aws_vpc_ipam_pool": dataAwsVpcIpamPoolCidrs, } var Permissions []string diff --git a/src/files.go b/src/files.go index e9d74626..a7c3749c 100644 --- a/src/files.go +++ b/src/files.go @@ -810,3 +810,9 @@ var awsEc2NetworkInsightsPath []byte //go:embed mapping/aws/resource/ec2/aws_ec2_network_insights_analysis.json var awsEc2NetworkInsightsAnalysis []byte + +//go:embed mapping/aws/resource/appconfig/aws_appconfig_configuration_profile.json +var awsAppconfigConfigurationProfile []byte + +//go:embed mapping/aws/resource/appconfig/aws_appconfig_application.json +var awsAppconfigApplication []byte diff --git a/src/files_datasource.go b/src/files_datasource.go index b693b43a..630f785b 100644 --- a/src/files_datasource.go +++ b/src/files_datasource.go @@ -231,3 +231,18 @@ var dataAwsWorkspacesBundle []byte //go:embed mapping/aws/data/ec2/aws_route_table.json var dataAwsRouteTable []byte + +//go:embed mapping/aws/data/appconfig/aws_appconfig_configuration_profiles.json +var dataAwsAppconfigConfigurationProfiles []byte + +//go:embed mapping/aws/data/appconfig/aws_appconfig_environment.json +var dataAwsAppconfigEnvironment []byte + +//go:embed mapping/aws/data/appconfig/aws_appconfig_environments.json +var dataAwsAppconfigEnvironments []byte + +//go:embed mapping/aws/data/kms/aws_kms_custom_key_store.json +var dataAwsKmsCustomKeyStore []byte + +//go:embed mapping/aws/data/ec2/aws_vpc_ipam_pool_cidrs.json +var dataAwsVpcIpamPoolCidrs []byte diff --git a/src/mapping/aws/data/appconfig/aws_appconfig_configuration_profiles.json b/src/mapping/aws/data/appconfig/aws_appconfig_configuration_profiles.json new file mode 100644 index 00000000..fd727a84 --- /dev/null +++ b/src/mapping/aws/data/appconfig/aws_appconfig_configuration_profiles.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "AppConfig:ListConfigurationProfiles" + ] + } +] diff --git a/src/mapping/aws/data/appconfig/aws_appconfig_environment.json b/src/mapping/aws/data/appconfig/aws_appconfig_environment.json new file mode 100644 index 00000000..eaf92dac --- /dev/null +++ b/src/mapping/aws/data/appconfig/aws_appconfig_environment.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "AppConfig:GetEnvironment" + ] + } +] diff --git a/src/mapping/aws/data/appconfig/aws_appconfig_environments.json b/src/mapping/aws/data/appconfig/aws_appconfig_environments.json new file mode 100644 index 00000000..b7dfd70b --- /dev/null +++ b/src/mapping/aws/data/appconfig/aws_appconfig_environments.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "AppConfig:ListEnvironments" + ] + } +] diff --git a/src/mapping/aws/data/ec2/aws_vpc_ipam_pool_cidrs.json b/src/mapping/aws/data/ec2/aws_vpc_ipam_pool_cidrs.json new file mode 100644 index 00000000..2b5767cb --- /dev/null +++ b/src/mapping/aws/data/ec2/aws_vpc_ipam_pool_cidrs.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "ec2:DescribeIpamPools" + ] + } +] diff --git a/src/mapping/aws/data/kms/aws_kms_custom_key_store.json b/src/mapping/aws/data/kms/aws_kms_custom_key_store.json new file mode 100644 index 00000000..cf87bc47 --- /dev/null +++ b/src/mapping/aws/data/kms/aws_kms_custom_key_store.json @@ -0,0 +1,13 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [ + "kms:DescribeCustomKeyStores" + ] + } +] diff --git a/src/mapping/aws/resource/appconfig/aws_appconfig_application.json b/src/mapping/aws/resource/appconfig/aws_appconfig_application.json new file mode 100644 index 00000000..b437ade8 --- /dev/null +++ b/src/mapping/aws/resource/appconfig/aws_appconfig_application.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "appconfig:DeleteApplication", + "appconfig:GetApplication", + "ec2:DescribeAccountAttributes", + "appconfig:ListTagsForResource", + "appconfig:CreateApplication" + ], + "attributes": { + "tags": [ + "appconfig:TagResource", + "appconfig:UntagResource" + ] + }, + "destroy": [ + "appconfig:DeleteApplication" + ], + "modify": [ + "appconfig:UpdateApplication" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appconfig/aws_appconfig_configuration_profile.json b/src/mapping/aws/resource/appconfig/aws_appconfig_configuration_profile.json new file mode 100644 index 00000000..0c630449 --- /dev/null +++ b/src/mapping/aws/resource/appconfig/aws_appconfig_configuration_profile.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "ec2:DescribeAccountAttributes", + "appconfig:CreateConfigurationProfile", + "appconfig:GetConfigurationProfile", + "appconfig:DeleteConfigurationProfile" + ], + "attributes": { + "tags": [ + "appconfig:TagResource", + "appconfig:UntagResource" + ] + }, + "destroy": [ + "appconfig:DeleteConfigurationProfile" + ], + "modify": [ + "appconfig:UpdateConfigurationProfile" + ], + "plan": [] + } +] diff --git a/terraform/aws/aws_autoscaling_schedule.tf b/terraform/aws/aws_autoscaling_schedule.tf index 69a36577..91e89008 100644 --- a/terraform/aws/aws_autoscaling_schedule.tf +++ b/terraform/aws/aws_autoscaling_schedule.tf @@ -1,4 +1,4 @@ -resource "aws_autoscaling_schedule" "pike" { - autoscaling_group_name = "" - scheduled_action_name = "" -} +#resource "aws_autoscaling_schedule" "pike" { +# autoscaling_group_name = "" +# scheduled_action_name = "" +#} diff --git a/terraform/aws/backup/aws_appconfig_configuration_profile.tf b/terraform/aws/backup/aws_appconfig_configuration_profile.tf new file mode 100644 index 00000000..18f0cad7 --- /dev/null +++ b/terraform/aws/backup/aws_appconfig_configuration_profile.tf @@ -0,0 +1,25 @@ +resource "aws_appconfig_configuration_profile" "pike" { + application_id = aws_appconfig_application.pike.id + description = "Example Configuration Profile" + name = "pike" + location_uri = "hosted" + + validator { + content = "arn:aws:lambda:eu-west-2:680235478471:function:message-processor" + type = "LAMBDA" + } + + tags = { + pike = "permissions" + } +} + +resource "aws_appconfig_application" "pike" { + name = "pike-tf" + description = "Pike is permissions" + + tags = { + pike = "Permissions" + delete = "me" + } +} diff --git a/terraform/aws/backup/data.aws_appconfig_configuration_profiles.tf b/terraform/aws/backup/data.aws_appconfig_configuration_profiles.tf new file mode 100644 index 00000000..cc6b0ffe --- /dev/null +++ b/terraform/aws/backup/data.aws_appconfig_configuration_profiles.tf @@ -0,0 +1,3 @@ +data "aws_appconfig_configuration_profiles" "pike" { + application_id = "b5d5gpj" +} diff --git a/terraform/aws/backup/data.aws_appconfig_environment.tf b/terraform/aws/backup/data.aws_appconfig_environment.tf new file mode 100644 index 00000000..d9fcc5e9 --- /dev/null +++ b/terraform/aws/backup/data.aws_appconfig_environment.tf @@ -0,0 +1,4 @@ +data "aws_appconfig_environment" "pike" { + application_id = "b5d5gpj" + environment_id = "qrbb1c1" +} diff --git a/terraform/aws/backup/data.aws_appconfig_environments.tf b/terraform/aws/backup/data.aws_appconfig_environments.tf new file mode 100644 index 00000000..a4d3f4bc --- /dev/null +++ b/terraform/aws/backup/data.aws_appconfig_environments.tf @@ -0,0 +1,3 @@ +data "aws_appconfig_environments" "pike" { + application_id = "b5d5gpj" +} diff --git a/terraform/aws/backup/data.aws_kms_custom_key_store.tf b/terraform/aws/backup/data.aws_kms_custom_key_store.tf new file mode 100644 index 00000000..c04e6b71 --- /dev/null +++ b/terraform/aws/backup/data.aws_kms_custom_key_store.tf @@ -0,0 +1,3 @@ +data "aws_kms_custom_key_store" "pike" { + custom_key_store_name = "my_cloudhsm" +} diff --git a/terraform/aws/backup/data.aws_vpc_ipam_pool_cidrs.tf b/terraform/aws/backup/data.aws_vpc_ipam_pool_cidrs.tf new file mode 100644 index 00000000..994c0675 --- /dev/null +++ b/terraform/aws/backup/data.aws_vpc_ipam_pool_cidrs.tf @@ -0,0 +1,15 @@ +data "aws_vpc_ipam_pool_cidrs" "pike" { + ipam_pool_id = data.aws_vpc_ipam_pool.p.id +} + +data "aws_vpc_ipam_pool" "p" { + filter { + name = "description" + values = ["*mypool*"] + } + + filter { + name = "address-family" + values = ["ipv4"] + } +} diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf index 75ba5e0f..eb77635a 100644 --- a/terraform/aws/role/aws_iam_policy.basic.tf +++ b/terraform/aws/role/aws_iam_policy.basic.tf @@ -7,79 +7,21 @@ resource "aws_iam_policy" "basic" { "Sid" : "0", "Effect" : "Allow", "Action" : [ - "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface", - + "appconfig:DeleteApplication", + "appconfig:TagResource", + "appconfig:UpdateApplication", + "appconfig:UntagResource", + "appconfig:GetApplication", "ec2:DescribeAccountAttributes", - "ec2:CreateNetworkInsightsPath", - "ec2:DescribeNetworkInsightsPaths", - "ec2:DeleteNetworkInsightsPath", - "ec2:CreateTags", - "ec2:DeleteTags", - - "ec2:StartNetworkInsightsAnalysis", - "ec2:DescribeNetworkInsightsAnalyses", - "ec2:DeleteNetworkInsightsAnalysis", + "appconfig:ListTagsForResource", + "appconfig:CreateApplication", - "tiros:CreateQuery", - "tiros:GetQueryAnswer", - "ec2:CreateTags", - "ec2:DeleteTags", - "cloudformation:DescribeStacks", - "cloudformation:ListStackResources", - "ec2:CreateNetworkInsightsAccessScope", - "ec2:DeleteNetworkInsightsAccessScopeAnalysis", - "ec2:DeleteNetworkInsightsAccessScope", - "ec2:DescribeAvailabilityZones", - "ec2:DescribeCustomerGateways", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeManagedPrefixLists", - "ec2:DescribeNatGateways", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInsightsAccessScopeAnalyses", - "ec2:DescribeNetworkInsightsAccessScopes", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePrefixLists", - "ec2:DescribeRegions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeTransitGatewayAttachments", - "ec2:DescribeTransitGatewayConnects", - "ec2:DescribeTransitGatewayPeeringAttachments", - "ec2:DescribeTransitGatewayRouteTables", - "ec2:DescribeTransitGatewayVpcAttachments", - "ec2:DescribeTransitGateways", - "ec2:DescribeVpcEndpointServiceConfigurations", - "ec2:DescribeVpcEndpoints", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeVpcs", - "ec2:DescribeVpnConnections", - "ec2:DescribeVpnGateways", - "ec2:GetManagedPrefixListEntries", - "ec2:GetNetworkInsightsAccessScopeAnalysisFindings", - "ec2:GetNetworkInsightsAccessScopeContent", - "ec2:GetTransitGatewayRouteTablePropagations", - "ec2:SearchTransitGatewayRoutes", - "ec2:StartNetworkInsightsAccessScopeAnalysis", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTags", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "network-firewall:DescribeFirewall", - "network-firewall:DescribeFirewallPolicy", - "network-firewall:DescribeResourcePolicy", - "network-firewall:DescribeRuleGroup", - "network-firewall:ListFirewallPolicies", - "network-firewall:ListFirewalls", - "network-firewall:ListRuleGroups", - "resource-groups:ListGroupResources", - "tag:GetResources", + "ec2:DescribeAccountAttributes", + "appconfig:CreateConfigurationProfile", + "appconfig:GetConfigurationProfile", + "appconfig:DeleteConfigurationProfile", + "appconfig:TagResource", + "appconfig:UntagResource", ] "Resource" : "*" } diff --git a/todo.md b/todo.md index c725f78d..f273afae 100644 --- a/todo.md +++ b/todo.md @@ -248,7 +248,10 @@ aws_route_table resources -aws_ec2_transit_gateway_vpc_attachment -./resource.ps1 aws_eks_fargate_profile -./resource.ps1 aws_eks_node_group -./resource.ps1 aws_autoscaling_schedule + +./resource.ps1 aws_evidently_project +./resource.ps1 aws_identitystore_group +./resource.ps1 aws_identitystore_group_membership +./resource.ps1 aws_identitystore_user +./resource.ps1 aws_inspector2_organization_configuration +./resource.ps1 aws_kms_custom_key_store