snapshots

JamesWoolfenden · Dec 17, 2022 · 9fde4c7 · 9fde4c7
1 parent 2a84301
commit 9fde4c7
Show file tree

Hide file tree

Showing 19 changed files with 171 additions and 16 deletions.
diff --git a/.run/scan aws.run.xml b/.run/scan aws.run.xml
@@ -13,7 +13,7 @@
         <ENTRY IS_ENABLED="true" PARSER="runconfig" IS_EXECUTABLE="false" />
       </ENTRIES>
     </EXTENSION>
-    <kind value="PACKAGE" />
+    <kind value="DIRECTORY" />
     <package value="github.com/jameswoolfenden/pike" />
     <directory value="$PROJECT_DIR$" />
     <filePath value="$PROJECT_DIR$" />

diff --git a/src/aws.go b/src/aws.go
@@ -389,6 +389,8 @@ func GetAWSResourcePermissions(result ResourceV2) ([]string, error) {
 		"aws_backup_vault_lock_configuration":                awsBackupVaultLockConfiguration,
 		"aws_backup_vault_notifications":                     awsBackupVaultNotification,
 		"aws_backup_vault_policy":                            awsBackupVaultPolicy,
+		"aws_ebs_snapshot":                                   awsEbsSnapshot,
+		"aws_ebs_snapshot_copy":                              awsEbsSnapshotCopy,
 	}
 
 	var Permissions []string

diff --git a/src/aws_datasource.go b/src/aws_datasource.go
@@ -117,6 +117,10 @@ func GetAWSDataPermissions(result ResourceV2) ([]string, error) {
 		"aws_backup_plan":                           dataBackupPlan,
 		"aws_backup_report_plan":                    dataBackupReportPlan,
 		"aws_backup_selection":                      dataBackupSelection,
+		"aws_ebs_snapshot":                          dataAwsEbsSnapshot,
+		"aws_ebs_snapshot_ids":                      dataAwsEbsSnapshotIds,
+		"aws_ebs_volume":                            dataAwsEbsVolume,
+		"aws_ebs_volumes":                           dataAwsEbsVolumes,
 	}
 
 	var Permissions []string

diff --git a/src/files.go b/src/files.go
@@ -975,3 +975,9 @@ var awsBackupVaultNotification []byte
 
 //go:embed mapping/aws/resource/backup/aws_backup_vault_policy.json
 var awsBackupVaultPolicy []byte
+
+//go:embed mapping/aws/resource/ec2/aws_ebs_snapshot.json
+var awsEbsSnapshot []byte
+
+//go:embed mapping/aws/resource/ec2/aws_ebs_snapshot_copy.json
+var awsEbsSnapshotCopy []byte
diff --git a/src/files_datasource.go b/src/files_datasource.go
@@ -270,3 +270,15 @@ var dataBackupReportPlan []byte
 
 //go:embed mapping/aws/data/backup/aws_backup_selection.json
 var dataBackupSelection []byte
+
+//go:embed mapping/aws/data/ec2/aws_ebs_snapshot.json
+var dataAwsEbsSnapshot []byte
+
+//go:embed mapping/aws/data/ec2/aws_ebs_snapshot_ids.json
+var dataAwsEbsSnapshotIds []byte
+
+//go:embed mapping/aws/data/ec2/aws_ebs_volume.json
+var dataAwsEbsVolume []byte
+
+//go:embed mapping/aws/data/ec2/aws_ebs_volumes.json
+var dataAwsEbsVolumes []byte
diff --git a/src/mapping/aws/data/ec2/aws_ebs_snapshot.json b/src/mapping/aws/data/ec2/aws_ebs_snapshot.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "ec2:DescribeSnapshots"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/ec2/aws_ebs_snapshot_ids.json b/src/mapping/aws/data/ec2/aws_ebs_snapshot_ids.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "ec2:DescribeSnapshots"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/ec2/aws_ebs_volume.json b/src/mapping/aws/data/ec2/aws_ebs_volume.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "ec2:DescribeVolumes"
+    ]
+  }
+]
diff --git a/src/mapping/aws/data/ec2/aws_ebs_volumes.json b/src/mapping/aws/data/ec2/aws_ebs_volumes.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "ec2:DescribeVolumes"
+    ]
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_ebs_snapshot.json b/src/mapping/aws/resource/ec2/aws_ebs_snapshot.json
@@ -0,0 +1,19 @@
+[
+  {
+    "apply": [
+      "ec2:CreateSnapshot",
+      "ec2:DescribeVolumes",
+      "ec2:DescribeSnapshots",
+      "ec2:DeleteSnapshot"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:DeleteTags",
+        "ec2:CreateTags"
+      ]
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_ebs_snapshot_copy.json b/src/mapping/aws/resource/ec2/aws_ebs_snapshot_copy.json
@@ -0,0 +1,21 @@
+[
+  {
+    "apply": [
+      "ec2:DescribeAccountAttributes",
+      "ec2:DescribeSnapshots",
+      "ec2:CopySnapshot",
+      "ec2:DeleteSnapshot"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:DeleteTags",
+        "ec2:CreateTags"
+      ]
+    },
+    "destroy": [
+      "ec2:DeleteSnapshot"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/terraform/aws/backup/aws_ebs_snapshot.tf b/terraform/aws/backup/aws_ebs_snapshot.tf
@@ -0,0 +1,10 @@
+resource "aws_ebs_snapshot" "pike" {
+  volume_id    = data.aws_ebs_volume.pike.id
+  description  = "pike"
+  storage_tier = "standard"
+
+  tags = {
+    pike = "permissions"
+    and  = "another"
+  }
+}
diff --git a/terraform/aws/backup/aws_ebs_snapshot_copy.tf b/terraform/aws/backup/aws_ebs_snapshot_copy.tf
@@ -0,0 +1,7 @@
+resource "aws_ebs_snapshot_copy" "pike" {
+  source_region      = "eu-west-1"
+  source_snapshot_id = "snap-08f14c31fd87f4ab7"
+  tags = {
+    pike = "permission"
+  }
+}
diff --git a/terraform/aws/backup/data.aws_ebs_snapshot.tf b/terraform/aws/backup/data.aws_ebs_snapshot.tf
@@ -0,0 +1,7 @@
+data "aws_ebs_snapshot" "pike" {
+  most_recent = true
+}
+
+output "snap" {
+  value = data.aws_ebs_snapshot.pike
+}
diff --git a/terraform/aws/backup/data.aws_ebs_snapshot_ids.tf b/terraform/aws/backup/data.aws_ebs_snapshot_ids.tf
@@ -0,0 +1,5 @@
+data "aws_ebs_snapshot_ids" "pike" {}
+
+output "snaps" {
+  value = data.aws_ebs_snapshot_ids.pike
+}
diff --git a/terraform/aws/backup/data.aws_ebs_volume.tf b/terraform/aws/backup/data.aws_ebs_volume.tf
@@ -0,0 +1,9 @@
+data "aws_ebs_volume" "pike" {
+  most_recent = true
+
+  filter {
+    name   = "volume-type"
+    values = ["gp2"]
+  }
+
+}
diff --git a/terraform/aws/backup/data.aws_ebs_volumes.tf b/terraform/aws/backup/data.aws_ebs_volumes.tf
@@ -0,0 +1,5 @@
+data "aws_ebs_volumes" "pike" {}
+
+output "volumes" {
+  value = data.aws_ebs_volumes.pike
+}
diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf
@@ -8,13 +8,12 @@ resource "aws_iam_policy" "basic" {
         "Effect" : "Allow",
         "Action" : [
           "ec2:DescribeAccountAttributes",
-          "Backup:CreateBackupPlan",
-          "Backup:GetBackupPlan",
-          "Backup:UntagResource",
-          "Backup:TagResource",
-          "Backup:ListTags",
-          "Backup:DeleteBackupPlan",
-          "Backup:UpdateBackupPlan",
+          "ec2:DescribeSnapshots",
+          "ec2:CopySnapshot",
+          "ec2:DeleteSnapshot",
+
+          "ec2:DeleteTags",
+          "ec2:CreateTags",
 
         ],
         "Resource" : "*",

diff --git a/todo.md b/todo.md
@@ -160,11 +160,8 @@
 ./resource.ps1 aws_cloudfront_response_headers_policy
 
 snapshots
-aws_ebs_snapshot
-aws_ebs_snapshot_copy
-aws_ebs_snapshot_import
-aws_snapshot_create_volume_permission
-aws_ebs_snapshot -type data
-aws_ebs_snapshot_ids -type data
-aws_db_snapshot_copy
-aws_redshiftserverless_snapshot
+
+./resource.ps1 aws_ebs_snapshot_import
+./resource.ps1 aws_snapshot_create_volume_permission
+./resource.ps1 aws_db_snapshot_copy
+./resource.ps1 aws_redshiftserverless_snapshot