aws vpn

JamesWoolfenden · Jun 13, 2024 · 9fca110 · 9fca110
1 parent c823ad2
commit 9fca110
Show file tree

Hide file tree

Showing 18 changed files with 312 additions and 43 deletions.
diff --git a/src/aws.go b/src/aws.go
@@ -797,6 +797,13 @@ func AwsLookup(name string) interface{} {
 		"aws_sagemaker_user_profile":                               awsSagemakerUserProfile,
 		"aws_sagemaker_workforce":                                  awsSagemakerWorkforce,
 		"aws_sagemaker_workteam":                                   awsSagemakerWorkteam,
+		"aws_ec2_carrier_gateway":                                  awsEc2CarrierGateway,
+		"aws_ec2_client_vpn_authorization_rule":                    awsEc2ClientvpnAuthorizationRule,
+		"aws_ec2_client_vpn_endpoint":                              awsEc2ClientVpnEndpoint,
+		"aws_ec2_client_vpn_network_association":                   awsEc2ClientVpnNetworkAssociation,
+		"aws_ec2_client_vpn_route":                                 awsEc2ClientVpnRoute,
+		"aws_ec2_fleet":                                            awsEc2Fleet,
+		"aws_ec2_host":                                             awsEc2Host,
 	}
 
 	return TFLookup[name]

diff --git a/src/coverage/aws.md b/src/coverage/aws.md
@@ -1,6 +1,6 @@
 # todo aws
 
-Resource percentage coverage   51.31
+Resource percentage coverage   53.07
 Datasource percentage coverage 100.00
 
 ./resource.ps1 aws_accessanalyzer_archive_rule
@@ -160,13 +160,6 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_dynamodb_table_replica
 ./resource.ps1 aws_ebs_fast_snapshot_restore
 ./resource.ps1 aws_ebs_snapshot_import
-./resource.ps1 aws_ec2_carrier_gateway
-./resource.ps1 aws_ec2_client_vpn_authorization_rule
-./resource.ps1 aws_ec2_client_vpn_endpoint
-./resource.ps1 aws_ec2_client_vpn_network_association
-./resource.ps1 aws_ec2_client_vpn_route
-./resource.ps1 aws_ec2_fleet
-./resource.ps1 aws_ec2_host
 ./resource.ps1 aws_ec2_image_block_public_access
 ./resource.ps1 aws_ec2_instance
 ./resource.ps1 aws_ec2_instance_connect_endpoint
@@ -532,6 +525,8 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_s3control_object_lambda_access_point_policy
 ./resource.ps1 aws_s3control_storage_lens_configuration
 ./resource.ps1 aws_s3outposts_endpoint
+./resource.ps1 aws_sagemaker_flow_definition
+./resource.ps1 aws_sagemaker_human_task_ui
 ./resource.ps1 aws_scheduler_schedule
 ./resource.ps1 aws_scheduler_schedule_group
 ./resource.ps1 aws_schemas_discoverer

diff --git a/src/files.go b/src/files.go
@@ -2031,3 +2031,24 @@ var awsSagemakerWorkforce []byte
 
 //go:embed mapping/aws/resource/sagemaker/aws_sagemaker_workteam.json
 var awsSagemakerWorkteam []byte
+
+//go:embed mapping/aws/resource/ec2/aws_ec2_carrier_gateway.json
+var awsEc2CarrierGateway []byte
+
+//go:embed mapping/aws/resource/ec2/aws_ec2_client_vpn_authorization_rule.json
+var awsEc2ClientvpnAuthorizationRule []byte
+
+//go:embed mapping/aws/resource/ec2/aws_ec2_client_vpn_endpoint.json
+var awsEc2ClientVpnEndpoint []byte
+
+//go:embed mapping/aws/resource/ec2/aws_ec2_client_vpn_network_association.json
+var awsEc2ClientVpnNetworkAssociation []byte
+
+//go:embed mapping/aws/resource/ec2/aws_ec2_client_vpn_route.json
+var awsEc2ClientVpnRoute []byte
+
+//go:embed mapping/aws/resource/ec2/aws_ec2_fleet.json
+var awsEc2Fleet []byte
+
+//go:embed mapping/aws/resource/ec2/aws_ec2_host.json
+var awsEc2Host []byte
diff --git a/src/mapping/aws/resource/ec2/aws_ec2_carrier_gateway.json b/src/mapping/aws/resource/ec2/aws_ec2_carrier_gateway.json
@@ -0,0 +1,18 @@
+[
+  {
+    "apply": [
+      "ec2:CreateCarrierGateway",
+      "ec2:DeleteCarrierGateway",
+      "ec2:DescribeCarrierGateways"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ]
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_ec2_client_vpn_authorization_rule.json b/src/mapping/aws/resource/ec2/aws_ec2_client_vpn_authorization_rule.json
@@ -0,0 +1,15 @@
+[
+  {
+    "apply": [
+      "ec2:DescribeClientVpnAuthorizationRules"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "ec2:DescribeClientVpnAuthorizationRules"
+    ]
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_ec2_client_vpn_endpoint.json b/src/mapping/aws/resource/ec2/aws_ec2_client_vpn_endpoint.json
@@ -0,0 +1,20 @@
+[
+  {
+    "apply": [
+      "ec2:CreateClientVpnEndpoint",
+      "ec2:DeleteClientVpnEndpoint",
+      "ec2:DescribeClientVpnEndpoints",
+      "ec2:ModifyClientVpnEndpoint",
+      "iam:CreateServiceLinkedRole"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ]
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_ec2_client_vpn_network_association.json b/src/mapping/aws/resource/ec2/aws_ec2_client_vpn_network_association.json
@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "ec2:AssociateClientVpnTargetNetwork",
+      "ec2:DisassociateClientVpnTargetNetwork"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_ec2_client_vpn_route.json b/src/mapping/aws/resource/ec2/aws_ec2_client_vpn_route.json
@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "ec2:CreateClientVpnRoute",
+      "ec2:DescribeClientVpnRoutes",
+      "ec2:DeleteClientVpnRoute"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "ec2:DeleteClientVpnRoute"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_ec2_fleet.json b/src/mapping/aws/resource/ec2/aws_ec2_fleet.json
@@ -0,0 +1,21 @@
+[
+  {
+    "apply": [
+      "ec2:CreateFleet",
+      "ec2:RunInstances",
+      "ec2:DescribeFleets",
+      "ec2:DeleteFleets"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ]
+    },
+    "destroy": [
+      "ec2:DeleteFleets"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_ec2_host.json b/src/mapping/aws/resource/ec2/aws_ec2_host.json
@@ -0,0 +1,20 @@
+[
+  {
+    "apply": [
+      "ec2:AllocateHosts",
+      "ec2:DescribeHosts",
+      "ec2:ReleaseHosts"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ]
+    },
+    "destroy": [
+      "ec2:ReleaseHosts"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/terraform/aws/backup/aws_ec2_carrier_gateway.tf b/terraform/aws/backup/aws_ec2_carrier_gateway.tf
@@ -0,0 +1,6 @@
+resource "aws_ec2_carrier_gateway" "pike" {
+  vpc_id = "ami-078a289ddf4b09ae0"
+  tags = {
+    pike = "permissions"
+  }
+}
diff --git a/terraform/aws/backup/aws_ec2_client_vpn_authorization_rule.tf b/terraform/aws/backup/aws_ec2_client_vpn_authorization_rule.tf
@@ -0,0 +1,5 @@
+resource "aws_ec2_client_vpn_authorization_rule" "pike" {
+  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.pike.id
+  target_network_cidr    = aws_subnet.example.cidr_block
+  authorize_all_groups   = true
+}
diff --git a/terraform/aws/backup/aws_ec2_client_vpn_endpoint.tf b/terraform/aws/backup/aws_ec2_client_vpn_endpoint.tf
@@ -0,0 +1,39 @@
+resource "aws_ec2_client_vpn_endpoint" "pike" {
+  description            = "terraform-clientvpn-example"
+  server_certificate_arn = aws_acm_certificate.pike.arn
+  client_cidr_block      = "10.0.0.0/16"
+
+  authentication_options {
+    type                       = "certificate-authentication"
+    root_certificate_chain_arn = aws_acm_certificate.pike.arn
+  }
+
+  connection_log_options {
+    enabled               = true
+    cloudwatch_log_group  = aws_cloudwatch_log_group.lg.name
+    cloudwatch_log_stream = aws_cloudwatch_log_stream.ls.name
+  }
+}
+
+resource "aws_acm_certificate" "pike" {
+  domain_name       = "pike.freebeer.site"
+  validation_method = "EMAIL"
+
+  tags = {
+    pike = "permissions"
+    #    Environment = "test"
+  }
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_cloudwatch_log_group" "lg" {
+  name = "pike"
+}
+
+resource "aws_cloudwatch_log_stream" "ls" {
+  log_group_name = aws_cloudwatch_log_group.lg.name
+  name           = "pike"
+}
diff --git a/terraform/aws/backup/aws_ec2_client_vpn_network_association.tf b/terraform/aws/backup/aws_ec2_client_vpn_network_association.tf
@@ -0,0 +1,12 @@
+resource "aws_ec2_client_vpn_network_association" "pike" {
+  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.pike.id
+  subnet_id              = aws_subnet.example.id
+}
+resource "aws_subnet" "example" {
+  vpc_id     = "vpc-06074a092930bc809" #vpc-0c9622709bb598517"
+  cidr_block = "10.0.1.0/24"
+
+  #   tags = {
+  #     Name = "Main"
+  #   }
+}
diff --git a/terraform/aws/backup/aws_ec2_client_vpn_route.tf b/terraform/aws/backup/aws_ec2_client_vpn_route.tf
@@ -0,0 +1,5 @@
+resource "aws_ec2_client_vpn_route" "pike" {
+  client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.pike.id
+  destination_cidr_block = "0.0.0.0/0"
+  target_vpc_subnet_id   = aws_ec2_client_vpn_network_association.pike.subnet_id
+}
diff --git a/terraform/aws/backup/aws_ec2_fleet.tf b/terraform/aws/backup/aws_ec2_fleet.tf
@@ -0,0 +1,20 @@
+resource "aws_ec2_fleet" "pike" {
+  launch_template_config {
+    launch_template_specification {
+      launch_template_id = aws_launch_template.example.id
+      version            = aws_launch_template.example.latest_version
+    }
+  }
+
+  target_capacity_specification {
+    default_target_capacity_type = "spot"
+    total_target_capacity        = 5
+  }
+}
+
+resource "aws_launch_template" "example" {
+  name          = "pike"
+  image_id      = "ami-078a289ddf4b09ae0"
+  instance_type = "t2.micro"
+
+}
diff --git a/terraform/aws/backup/aws_ec2_host.tf b/terraform/aws/backup/aws_ec2_host.tf
@@ -0,0 +1,9 @@
+resource "aws_ec2_host" "pike" {
+  availability_zone = "eu-west-2a"
+  host_recovery     = "on"
+  auto_placement    = "on"
+  instance_type     = "t3.micro"
+  tags = {
+    pike = "permissions"
+  }
+}