gateway

src/aws.go

@@ -288,6 +288,7 @@ func GetAWSResourcePermissions(result ResourceV2) ([]string, error) {
 		"aws_vpn_gateway_route_propagation":                  awsVpnGatewayRoutePropagation,
 		"aws_memorydb_cluster":                               awsMemorydbCluster,
 		"aws_memorydb_snapshot":                              awsmemorydbSnapshot,
+		"aws_customer_gateway":                               awsCustomerGateway,
 	}
 
 	var Permissions []string

src/files.go

@@ -714,3 +714,6 @@ var awsMemorydbCluster []byte
 
 //go:embed mapping/aws/resource/memorydb/aws_memorydb_snapshot.json
 var awsmemorydbSnapshot []byte
+
+//go:embed mapping/aws/resource/ec2/aws_customer_gateway.json
+var awsCustomerGateway []byte

src/mapping/aws/resource/ec2/aws_customer_gateway.json

@@ -0,0 +1,21 @@
+[
+  {
+    "apply": [
+      "ec2:DescribeAccountAttributes",
+      "ec2:CreateCustomerGateway",
+      "ec2:DeleteCustomerGateway",
+      "ec2:DescribeCustomerGateways"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ]
+    },
+    "destroy": [
+      "ec2:DeleteCustomerGateway"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]

terraform/aws/backup/aws_customer_gateway.tf

@@ -0,0 +1,10 @@
+resource "aws_customer_gateway" "pike" {
+  bgp_asn    = 65000
+  ip_address = "172.83.124.10"
+  type       = "ipsec.1"
+
+  tags = {
+    pike = "permissions"
+    Name = "main-customer-gateway"
+  }
+}

terraform/aws/role/aws_iam_policy.basic.tf

@@ -7,27 +7,12 @@ resource "aws_iam_policy" "basic" {
         "Sid" : "0",
         "Effect" : "Allow",
         "Action" : [
-          "memorydb:CreateCluster",
-          "memorydb:DescribeClusters",
-          "memorydb:UpdateCluster",
-          "memorydb:DeleteCluster",
-          "memorydb:TagResource",
-          "memorydb:UntagResource",
-          "memorydb:ListTags",
-
-          "memorydb:CreateSnapshot",
-          "memorydb:DescribeSnapshots",
-          "memorydb:DeleteSnapshot",
-          "memorydb:TagResource",
-          "memorydb:UntagResource",
-          "memorydb:ListTags",
-
-
-          "kms:Decrypt",
-          "kms:Encrypt",
-          "kms:GenerateDataKey",
-          "kms:DescribeKey",
-          "kms:CreateGrant"
+          "ec2:DescribeAccountAttributes",
+          "ec2:CreateCustomerGateway",
+          "ec2:DeleteCustomerGateway",
+          "ec2:DescribeCustomerGateways",
+          "ec2:CreateTags",
+          "ec2:DeleteTags"
         ]
         "Resource" : "*"
       }

todo.md

@@ -129,7 +129,6 @@
 ./resource.ps1 aws_ec2_traffic_mirror_session
 ./resource.ps1 aws_ec2_traffic_mirror_target
 ./resource.ps1 aws_ec2_transit_gateway
-./resource.ps1 aws_ec2_transit_gateway
 ./resource.ps1 aws_ec2_transit_gateway_route_table
 ./resource.ps1 aws_ec2_transit_gateway_vpc_attachment
 
@@ -139,10 +138,8 @@
 ./resource.ps1 aws_eks_identity_provider_config
 ./resource.ps1 aws_eks_node_group
 
-./resource.ps1 aws_elastic_beanstalk_application_version
 ./resource.ps1 aws_elastic_beanstalk_application_version
 ./resource.ps1 aws_elastic_beanstalk_environment
-./resource.ps1 aws_elastic_beanstalk_environment
 
 ./resource.ps1 aws_emr_cluster
 ./resource.ps1 aws_emr_security_configuration
@@ -248,9 +245,6 @@
 ./resource.ps1 aws_securityhub_standards_control
 ./resource.ps1 aws_securityhub_standards_subscription
 
-./resource.ps1 aws_sfn_activity
-./resource.ps1 aws_sfn_state_machine
-
 ./resource.ps1 aws_ssoadmin_permission_set
 ./resource.ps1 aws_ssoadmin_permission_set_inline_policy