fsx

main.go

@@ -100,7 +100,7 @@ func main() {
 			{
 				Name:    "apply",
 				Aliases: []string{"a"},
-				Usage:   "Create a Policy and use to instantiate the IAC",
+				Usage:   "Create a policy and use it to instantiate the IAC",
 				Action: func(*cli.Context) error {
 					return pike.Apply(directory)
 				},

src/aws.go

@@ -287,7 +287,10 @@ func GetAWSResourcePermissions(result ResourceV2) ([]string, error) {
 		"aws_vpn_gateway_attachment":                         awsVpnGatewayAttachment,
 		"aws_vpn_gateway_route_propagation":                  awsVpnGatewayRoutePropagation,
 		"aws_memorydb_cluster":                               awsMemorydbCluster,
-		"aws_memorydb_snapshot":                              awsmemorydbSnapshot,
+		"aws_memorydb_snapshot":                              awsMemorydbSnapshot,
+		"aws_fsx_openzfs_file_system":                        awsFsxOpenzfsFileSystem,
+		"aws_fsx_openzfs_volume":                             awsFsxOpenzfsVolume,
+		"aws_fsx_openzfs_snapshot":                           awsFsxOpenzfsSnaphot,
 	}
 
 	var Permissions []string

src/files.go

@@ -713,4 +713,13 @@ var awsVpnGatewayRoutePropagation []byte
 var awsMemorydbCluster []byte
 
 //go:embed mapping/aws/resource/memorydb/aws_memorydb_snapshot.json
-var awsmemorydbSnapshot []byte
+var awsMemorydbSnapshot []byte
+
+//go:embed mapping/aws/resource/fsx/aws_fsx_openzfs_file_system.json
+var awsFsxOpenzfsFileSystem []byte
+
+//go:embed mapping/aws/resource/fsx/aws_fsx_openzfs_volume.json
+var awsFsxOpenzfsVolume []byte
+
+//go:embed mapping/aws/resource/fsx/aws_fsx_openzfs_snapshot.json
+var awsFsxOpenzfsSnaphot []byte

src/mapping/aws/resource/fsx/aws_fsx_openzfs_file_system.json

@@ -0,0 +1,29 @@
+[
+  {
+    "apply": [
+      "ec2:DescribeAccountAttributes",
+      "fsx:CreateFileSystem",
+      "iam:CreateServiceLinkedRole",
+      "fsx:DescribeFileSystems",
+      "fsx:DescribeVolumes",
+      "fsx:DeleteFileSystem"
+    ],
+    "attributes": {
+      "kms_key_id": [
+        "kms:DescribeKey",
+        "kms:CreateGrant"
+      ],
+      "tags": [
+        "fsx:TagResource",
+        "fsx:UntagResource"
+      ]
+    },
+    "destroy": [
+      "fsx:DeleteFileSystem"
+    ],
+    "modify": [
+      "fsx:UpdateFileSystem"
+    ],
+    "plan": []
+  }
+]

src/mapping/aws/resource/fsx/aws_fsx_openzfs_snapshot.json

@@ -0,0 +1,24 @@
+[
+  {
+    "apply": [
+      "ec2:DescribeAccountAttributes",
+      "fsx:CreateSnapshot",
+      "fsx:DescribeSnapshots",
+      "fsx:ListTagsForResource",
+      "fsx:DeleteSnapshot"
+    ],
+    "attributes": {
+      "tags": [
+        "fsx:TagResource",
+        "fsx:UntagResource"
+      ]
+    },
+    "destroy": [
+      "fsx:DeleteSnapshot"
+    ],
+    "modify": [
+      "fsx:UpdateSnapshot"
+    ],
+    "plan": []
+  }
+]

src/mapping/aws/resource/fsx/aws_fsx_openzfs_volume.json

@@ -0,0 +1,23 @@
+[
+  {
+    "apply": [
+      "ec2:DescribeAccountAttributes",
+      "fsx:CreateVolume",
+      "fsx:ListTagsForResource",
+      "fsx:DeleteVolume"
+    ],
+    "attributes": {
+      "tags": [
+        "fsx:TagResource",
+        "fsx:UntagResource"
+      ]
+    },
+    "destroy": [
+      "fsx:DeleteVolume"
+    ],
+    "modify": [
+      "fsx:UpdateVolume"
+    ],
+    "plan": []
+  }
+]

terraform/aws/backup/aws_fsx_openzfs_file_system.tf

@@ -0,0 +1,11 @@
+resource "aws_fsx_openzfs_file_system" "pike" {
+  storage_capacity    = 64
+  subnet_ids          = ["subnet-09ff91b5b0adb1fd4"]
+  deployment_type     = "SINGLE_AZ_1"
+  throughput_capacity = 64
+  kms_key_id          = "arn:aws:kms:eu-west-2:680235478471:key/34cdce9a-2322-427c-91bb-b572f435c032"
+  security_group_ids  = ["sg-06b8c96aaccf3a2a1"]
+  tags = {
+    pike = "permissions"
+  }
+}

terraform/aws/backup/aws_fsx_openzfs_snapshot.tf

@@ -0,0 +1,7 @@
+resource "aws_fsx_openzfs_snapshot" "pike" {
+  name      = "pike"
+  volume_id = aws_fsx_openzfs_file_system.pike.root_volume_id
+  tags = {
+    pike = "permissions"
+  }
+}

terraform/aws/backup/aws_fsx_openzfs_volume.tf

@@ -0,0 +1,7 @@
+resource "aws_fsx_openzfs_volume" "pike" {
+  name             = "pike-child"
+  parent_volume_id = aws_fsx_openzfs_file_system.pike.root_volume_id
+  tags = {
+    pike = "permissions"
+  }
+}

terraform/aws/role/aws_iam_policy.basic.tf

@@ -7,27 +7,22 @@ resource "aws_iam_policy" "basic" {
         "Sid" : "0",
         "Effect" : "Allow",
         "Action" : [
-          "memorydb:CreateCluster",
-          "memorydb:DescribeClusters",
-          "memorydb:UpdateCluster",
-          "memorydb:DeleteCluster",
-          "memorydb:TagResource",
-          "memorydb:UntagResource",
-          "memorydb:ListTags",
+          "ec2:DescribeAccountAttributes",
+          "fsx:TagResource",
+          "fsx:UntagResource",
+          "fsx:CreateSnapshot",
+          "fsx:DescribeSnapshots",
+          "fsx:ListTagsForResource",
+          "fsx:DeleteSnapshot",
+          "fsx:UpdateSnapshot",
 
-          "memorydb:CreateSnapshot",
-          "memorydb:DescribeSnapshots",
-          "memorydb:DeleteSnapshot",
-          "memorydb:TagResource",
-          "memorydb:UntagResource",
-          "memorydb:ListTags",
-
-
-          "kms:Decrypt",
-          "kms:Encrypt",
-          "kms:GenerateDataKey",
-          "kms:DescribeKey",
-          "kms:CreateGrant"
+          "ec2:DescribeAccountAttributes",
+          "fsx:TagResource",
+          "fsx:UntagResource",
+          "fsx:CreateVolume",
+          "fsx:ListTagsForResource",
+          "fsx:DeleteVolume",
+          "fsx:UpdateVolume",
         ]
         "Resource" : "*"
       }