Merge branch 'fix/cds-1576' into fix/cds-1576-again

coralogix · Oct 11, 2024 · 90a822f · 90a822f
2 parents 57a2492 + 309ddc3
commit 90a822f
Show file tree

Hide file tree

Showing 5 changed files with 123 additions and 44 deletions.
diff --git a/src/resource-metadata/CHANGELOG.md b/src/resource-metadata/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 ## resource-metadata
 
+### 1.2.10 / 09.10.2024
+* [Update] Add resource type filter to exclude either lambda and ec2 resources.
+* [Update] Add AP3 region to the list of regions.
+
 ### 1.2.9 / 21.05.2024
 * [Update] Align Regions names with other integration .i.e EU1,EU2...
 

diff --git a/src/resource-metadata/README.md b/src/resource-metadata/README.md
@@ -13,14 +13,15 @@ This application collect AWS resource metadata and sends them to your **Coralogi
 
 | Parameter | Description | Default Value | Required |
 |---|---|---|---|
-| CoralogixRegion | The Coralogix location region, possible options are [EU1, EU2, AP1, AP2, US1, US2, Custom].In case that you want to use Custom domain, leave this as default and write the Custom doamin in the ``CustomDomain`` filed. | Custom | :heavy_check_mark: |
+| CoralogixRegion | The Coralogix location region, possible options are [EU1, EU2, AP1, AP2, AP3, US1, US2, Custom].In case that you want to use Custom domain, leave this as default and write the Custom doamin in the ``CustomDomain`` filed. | Custom | :heavy_check_mark: |
 | CustomDomain | The Coralogix custom domain, leave empty if you don't use Custom domain. | | |
 | aplication name | The stack name of this application created via AWS CloudFormation. | | :heavy_check_mark: |
 | CreateSecret |  Set to False In case you want to use secrets manager with a predefine secret that was already created and contains Coralogix Send Your Data API key. | True | |
 | ApiKey | Your [Coralogix Send Your Data – API Key](https://coralogix.com/docs/send-your-data-api-key/) or incase you use pre created secret (created in AWS secret manager) put here the name of the secret that contains the Coralogix send your data key | | :heavy_check_mark: |
 | ResourceTtlMinutes | Once a resource is collected, how long should it remain valid. | 60 | |
 | LatestVersionsPerFunction | How many latest published versions of each Lambda function should be collected. | 0 | |
 | CollectAliases | [True/False] | False | |
+| ResourceTypeFilter | Specify a resource type to filter out. Possible options are [`ec2`, `lambda`] | | |
 | LambdaFunctionIncludeRegexFilter | If specified, only lambda functions with ARNs matching the regex will be included in the collected metadata | | |
 | LambdaFunctionExcludeRegexFilter | If specified, only lambda functions with ARNs NOT matching the regex will be included in the collected metadata | | |
 | LambdaFunctionTagFilters | If specified, only lambda functions with tags matching the filters will be included in the collected metadata. Values should follow the JSON syntax for --tag-filters as documented [here](https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options) | | |

diff --git a/src/resource-metadata/index.js b/src/resource-metadata/index.js
@@ -14,6 +14,13 @@ import { collectLambdaResources, parseLambdaFunctionArn } from './lambda.js'
 import { sendToCoralogix } from './coralogix.js'
 import { collectEc2Resources } from './ec2.js';
 
+const validateAndExtractConfiguration = () => {
+    const excludeEC2 = String(process.env.IS_EC2_RESOURCE_TYPE_EXCLUDED).toLowerCase() === "true"
+    const excludeLambda = String(process.env.IS_LAMBDA_RESOURCE_TYPE_EXCLUDED).toLowerCase() === "true"
+    return { excludeEC2, excludeLambda };
+}
+const { excludeEC2, excludeLambda } = validateAndExtractConfiguration();
+
 /**
  * @description Lambda function handler
  */
@@ -22,10 +29,18 @@ export const handler = async (_, context) => {
     const collectorId = `arn:aws:lambda:${invokedArn.region}:${invokedArn.accountId}:function:${invokedArn.functionName}`
     console.info(`Collector ${collectorId} starting collection`)
 
-    const lambda = collectAndSendLambdaResources(collectorId)
-    const ec2 = collectAndSendEc2Resources(collectorId, invokedArn.region, invokedArn.accountId)
+    let dataToCollect = []
+
+    if(!excludeEC2) {
+        const ec2 = collectAndSendEc2Resources(collectorId, invokedArn.region, invokedArn.accountId)
+        dataToCollect.push(ec2)
+    }
 
-    await Promise.all([lambda, ec2])
+    if(!excludeLambda) {
+        const lambda = collectAndSendLambdaResources(collectorId)
+        dataToCollect.push(lambda)
+    }
+    await Promise.all(dataToCollect)
 
     console.info("Collection done")
 }

diff --git a/src/resource-metadata/package.json b/src/resource-metadata/package.json
@@ -1,7 +1,7 @@
 {
   "name": "coralogix-resource-tags",
   "title": "AWS Resource Tags Lambda function for Coralogix",
-  "version": "1.2.8",
+  "version": "1.2.10",
   "description": "AWS Lambda function to send AWS resource tags to Coralogix",
   "homepage": "https://coralogix.com",
   "license": "Apache-2.0",

diff --git a/src/resource-metadata/template.yaml b/src/resource-metadata/template.yaml
@@ -13,7 +13,7 @@ Metadata:
       - coralogix
       - metadata
     HomePageUrl: https://coralogix.com
-    SemanticVersion: 1.2.9
+    SemanticVersion: 1.2.10
     SourceCodeUrl: https://github.com/coralogix/coralogix-aws-serverless
   AWS::CloudFormation::Interface:
     ParameterGroups:
@@ -34,6 +34,8 @@ Metadata:
           - LambdaFunctionExcludeRegexFilter
           - LambdaFunctionTagFilters
           - NotificationEmail
+          - IsEC2ResourceTypeExcluded
+          - IsLambdaResourceTypeExcluded
       - Label:
           default: Lambda Configuration
         Parameters:
@@ -76,6 +78,10 @@ Metadata:
         default: Timeout
       NotificationEmail:
         default: Notification Email
+      IsEC2ResourceTypeExcluded:
+        default: Is EC2 Resource Type Excluded?
+      IsLambdaResourceTypeExcluded:
+        default: Is Lambda Resource Type Excluded?
 Parameters:
   CoralogixRegion:
     Type: String
@@ -85,6 +91,7 @@ Parameters:
       - EU2
       - AP1
       - AP2
+      - AP3
       - US1
       - US2
       - Custom
@@ -159,6 +166,20 @@ Parameters:
     Type: String
     Description: Set to False In case you want to use secrets manager with a predefine secret that was already created and contains Coralogix Send Your Data API key.
     Default: 'True'
+  IsEC2ResourceTypeExcluded:
+    Type: String
+    Description: Is EC2 Resource Type Excluded?
+    AllowedValues:
+      - 'True'
+      - 'False'
+    Default: 'False'
+  IsLambdaResourceTypeExcluded:
+    Type: String
+    Description: Is Lambda Resource Type Excluded?
+    AllowedValues:
+      - 'True'
+      - 'False'
+    Default: 'False'
 Mappings:
   CoralogixRegionMap:
     EU1:
@@ -169,6 +190,8 @@ Mappings:
       MetadataUrl: app.coralogix.in
     AP2:
       MetadataUrl: coralogixsg.com
+    AP3:
+      MetadataUrl: ap3.coralogix.com
     US1:
       MetadataUrl: coralogix.us
     US2:
@@ -201,6 +224,14 @@ Conditions:
       - Fn::Equals:
           - Ref: CreateSecret
           - 'True'
+  IsEC2ResourceTypeExcluded:
+    Fn::Equals:
+      - Ref: IsEC2ResourceTypeExcluded
+      - 'True'
+  IsLambdaResourceTypeExcluded:
+    Fn::Equals:
+      - Ref: IsLambdaResourceTypeExcluded
+      - 'True'
 Resources:
   LambdaFunction:
     Condition: IsNotSMEnabled
@@ -242,6 +273,14 @@ Resources:
             Ref: LambdaFunctionTagFilters
           AWS_RETRY_MODE: adaptive
           AWS_MAX_ATTEMPTS: 10
+          IS_EC2_RESOURCE_TYPE_EXCLUDED: !If
+              - IsEC2ResourceTypeExcluded
+              - 'true'
+              - 'false'
+          IS_LAMBDA_RESOURCE_TYPE_EXCLUDED: !If
+              - IsLambdaResourceTypeExcluded
+              - 'true'
+              - 'false'
       Events:
         ScheduledEvent:
           Type: Schedule
@@ -254,25 +293,31 @@ Resources:
           OnFailure:
             Type: SNS
       Policies:
-        - Version: "2012-10-17"
-          Statement:
-            - Sid: GetEc2Metadata
-              Effect: Allow
-              Action:
-                - ec2:DescribeInstances
-              Resource: "*"
-        - Version: "2012-10-17"
-          Statement:
-            - Sid: GetLambdaMetadata
-              Effect: Allow
-              Action:
-                - lambda:ListFunctions
-                - lambda:ListVersionsByFunction
-                - lambda:GetFunction
-                - lambda:ListAliases
-                - lambda:ListEventSourceMappings
-                - lambda:GetPolicy
-              Resource: "*"
+        - !If 
+          - IsEC2ResourceTypeExcluded
+          - Version: "2012-10-17"
+            Statement:
+              - Sid: GetEc2Metadata
+                Effect: Allow
+                Action:
+                  - ec2:DescribeInstances
+                Resource: "*"
+          - !Ref 'AWS::NoValue'
+        - !If:
+          - IsLambdaResourceTypeExcluded
+          - Version: "2012-10-17"
+            Statement:
+              - Sid: GetLambdaMetadata
+                Effect: Allow
+                Action:
+                  - lambda:ListFunctions
+                  - lambda:ListVersionsByFunction
+                  - lambda:GetFunction
+                  - lambda:ListAliases
+                  - lambda:ListEventSourceMappings
+                  - lambda:GetPolicy
+                Resource: "*"
+          - !Ref 'AWS::NoValue' 
         - Version: "2012-10-17"
           Statement:
             - Sid: GetResourcesByTags
@@ -325,6 +370,14 @@ Resources:
               - CreateSecret
               - ""
               - Ref: ApiKey
+          IS_EC2_RESOURCE_TYPE_EXCLUDED: !If
+              - IsEC2ResourceTypeExcluded
+              - 'true'
+              - 'false'
+          IS_LAMBDA_RESOURCE_TYPE_EXCLUDED: !If
+              - IsLambdaResourceTypeExcluded
+              - 'true'
+              - 'false'
       Events:
         ScheduledEvent:
           Type: Schedule
@@ -337,25 +390,31 @@ Resources:
           OnFailure:
             Type: SNS
       Policies:
-        - Version: "2012-10-17"
-          Statement:
-            - Sid: GetEc2Metadata
-              Effect: Allow
-              Action:
-                - ec2:DescribeInstances
-              Resource: "*"
-        - Version: "2012-10-17"
-          Statement:
-            - Sid: GetLambdaMetadata
-              Effect: Allow
-              Action:
-                - lambda:ListFunctions
-                - lambda:ListVersionsByFunction
-                - lambda:GetFunction
-                - lambda:ListAliases
-                - lambda:ListEventSourceMappings
-                - lambda:GetPolicy
-              Resource: "*"
+        - !If 
+          - IsEC2ResourceTypeExcluded
+          - Version: "2012-10-17"
+            Statement:
+              - Sid: GetEc2Metadata
+                Effect: Allow
+                Action:
+                  - ec2:DescribeInstances
+                Resource: "*"
+          - !Ref "AWS::NoValue"
+        - !If:
+          - IsLambdaResourceTypeExcluded
+          - Version: "2012-10-17"
+            Statement:
+              - Sid: GetLambdaMetadata
+                Effect: Allow
+                Action:
+                  - lambda:ListFunctions
+                  - lambda:ListVersionsByFunction
+                  - lambda:GetFunction
+                  - lambda:ListAliases
+                  - lambda:ListEventSourceMappings
+                  - lambda:GetPolicy
+                Resource: "*"
+          - !Ref "AWS::NoValue"
         - Version: "2012-10-17"
           Statement:
             - Sid: GetResourcesByTags