100% AWS coverage

JamesWoolfenden · Feb 12, 2025 · 1da865c · 1da865c
1 parent 00e4907
commit 1da865c
Show file tree

Hide file tree

Showing 121 changed files with 1,318 additions and 106 deletions.
diff --git a/src/aws.go b/src/aws.go
@@ -1426,6 +1426,7 @@ var tFLookup = map[string]interface{}{ //nolint:gochecknoglobals
 	"aws_macie2_invitation_accepter":                                   awsMacieInvitationAccepter,
 	"aws_macie2_member":                                                awsMacieMember,
 	"aws_macie2_organization_admin_account":                            awsMacieOrganizationAdminAccount,
+	"aws_vpc_endpoint_connection_accepter":                             awsVpcEndpointConnectionAccepter,
 	"aws_vpc_endpoint_policy":                                          awsVpcEndpointPolicy,
 	"aws_vpc_endpoint_private_dns":                                     awsVpcEndpointPrivateDns,
 	"aws_vpc_endpoint_security_group_association":                      awsVpcEndpointSecurityGroupAssociation,
@@ -1436,6 +1437,65 @@ var tFLookup = map[string]interface{}{ //nolint:gochecknoglobals
 	"aws_vpc_network_performance_metric_subscription":                  awsVpcNetworkPerformanceMetricSubscription,
 	"aws_vpc_security_group_vpc_association":                           awsVpcSecurityGroupAssociation,
 	"aws_vpclattice_service_network_resource_association":              awsVpclatticeServiceNetworkResourceAssociation,
+	"aws_iot_event_configurations":                                     awsIotEventConfigurations,
+	"aws_iot_indexing_configuration":                                   awsIotIndexingConfiguration,
+	"aws_iot_logging_options":                                          awsIotLoggingOptions,
+	"aws_iot_policy_attachment":                                        awsIotPolicyAttachment,
+	"aws_iot_thing_group_membership":                                   awsIotThingGroupMembership,
+	"aws_iot_thing_principal_attachment":                               awsIotThingPrincipalAttachment,
+	"aws_lb_listener_certificate":                                      awsLbListenerCertificate,
+	"aws_lb_ssl_negotiation_policy":                                    awsLbSslNegotiationPolicy,
+	"aws_main_route_table_association":                                 awsMainRouteTableAssociation,
+	"aws_memorydb_multi_region_cluster":                                awsMemorydbMultiRegionCluster,
+	"aws_msk_single_scram_secret_association":                          awsMskSingleScramSecretAssociation,
+	"aws_mskconnect_custom_plugin":                                     awsMskconnectCustomPlugin,
+	"aws_mskconnect_worker_configuration":                              awsMskconnectWorkerConfiguration,
+	"aws_neptune_global_cluster":                                       awsRdsGlobalCluster,
+	"aws_network_interface_sg_attachment":                              awsNetworkInterfaceSgAttachment,
+	"aws_networkmanager_attachment_accepter":                           awsNetworkmanagerAttachmentAccepter,
+	"aws_networkmanager_connection":                                    awsNetworkmanagerConnection,
+	"aws_networkmanager_core_network_policy_attachment":                awsNetworkmanagerCoreNetworkPolicyAttachment,
+	"aws_networkmanager_transit_gateway_connect_peer_association":      awsNetworkmanagerTransitGatewayConnectPeerAssociation,
+	"aws_networkmonitor_monitor":                                       awsNetworkmonitorMonitor,
+	"aws_networkmonitor_probe":                                         awsNetworkmonitorProbe,
+	"aws_organizations_delegated_administrator":                        awsOrganizationsDelegatedAdministrator,
+	"aws_prometheus_rule_group_namespace":                              awsPrometheusRuleGroupNamespace,
+	"aws_qldb_ledger":                                                  awsQlbdLedger,
+	"aws_ram_resource_share_accepter":                                  awsRamResourceShareAccepter,
+	"aws_ram_sharing_with_organization":                                awsRamSharingWithOrganization,
+	"aws_rbin_rule":                                                    awsRbinRule,
+	"aws_rds_instance_state":                                           awsRdsInstanceState,
+	"aws_resiliencehub_resiliency_policy":                              awsResilienceResiliencePolicy,
+	"aws_resourcegroups_resource":                                      awsResourcegroupsResource,
+	"aws_rum_metrics_destination":                                      awsRumMetricsDestination,
+	"aws_securityhub_invite_accepter":                                  awsSecurityHubInviteAccepter,
+	"aws_securityhub_member":                                           awsSecurityhubMember,
+	"aws_serverlessapplicationrepository_cloudformation_stack":         awsServerlessapplicationrepositoryCloudformationStack,
+	"aws_servicecatalog_provisioning_artifact":                         awsServiceCatalogProvisioningArtifact,
+	"aws_shield_application_layer_automatic_response":                  awsShieldApplicationLayerAutomaticsResponse,
+	"aws_shield_drt_access_log_bucket_association":                     awsShieldDrtAccessLogBucketAssociation,
+	"aws_shield_drt_access_role_arn_association":                       awsShieldDrtAccessRoleArnAssociation,
+	"aws_shield_protection_health_check_association":                   awsShieldProtectionHealthCheckAssociation,
+	"aws_timestreamquery_scheduled_query":                              awsTimestreamqueryScheduledQuery,
+	"aws_verifiedaccess_instance_trust_provider_attachment":            awsVerifiedaccessInstanceTrustProviderAttachment,
+	"aws_verifiedpermissions_schema":                                   awsVerifiedpermissionsSchema,
+	"aws_cognito_managed_user_pool_client":                             awsCognitoManagedUserPoolClient,
+	"aws_ebs_fast_snapshot_restore":                                    awsEbsFastSnapshotRestore,
+	"aws_ecr_account_setting":                                          awsEcrAccountSetting,
+	"aws_ecs_account_setting_default":                                  awsEcsAccountSettingDefault,
+	"aws_ecs_cluster_capacity_providers":                               awsEcsClusterCapacityProviders,
+	"aws_eip_domain_name":                                              awsEipDomainName,
+	"aws_elasticache_reserved_cache_node":                              awsElasticacheReservedCacheNode,
+	"aws_elasticache_serverless_cache":                                 awsElasticacheServerlessCache,
+	"aws_elasticache_user_group_association":                           awsElasticacheUserGroupAssociation,
+	"aws_iam_group_policy_attachments_exclusive":                       awsIamGroupPolicyAttachmentExclusive,
+	"aws_iam_organizations_features":                                   awsIamOrganizationsFeatures,
+	"aws_iam_role_policy_attachments_exclusive":                        awsIamRolePolicyAttachmentsExclusive,
+	"aws_iam_user_policy_attachments_exclusive":                        awsIamUserPolicyAttachmentsExclusive,
+	"aws_grafana_workspace_saml_configuration":                         awsGrafanaWorkspaceSamlConfiguration,
+	"aws_grafana_role_association":                                     awsGrafanaRoleAssociation,
+	"aws_elasticsearch_domain_saml_options":                            awsElasticsearchDomainSamlOptions,
+	"aws_elasticsearch_vpc_endpoint":                                   awsElasticsearchVpcEndpoint,
 }
 
 // GetAWSPermissions for AWS resources.

diff --git a/src/coverage/aws.md b/src/coverage/aws.md
@@ -1,65 +1,4 @@
 # todo aws
 
-Resource percentage coverage   95.94
+Resource percentage coverage   100.00
 Datasource percentage coverage 100.00
-
-./resource.ps1 aws_cognito_managed_user_pool_client
-./resource.ps1 aws_ebs_fast_snapshot_restore
-./resource.ps1 aws_ecr_account_setting
-./resource.ps1 aws_ecs_account_setting_default
-./resource.ps1 aws_ecs_cluster_capacity_providers
-./resource.ps1 aws_eip_domain_name
-./resource.ps1 aws_elasticache_reserved_cache_node
-./resource.ps1 aws_elasticache_serverless_cache
-./resource.ps1 aws_elasticache_user_group_association
-./resource.ps1 aws_elasticsearch_domain_saml_options
-./resource.ps1 aws_elasticsearch_vpc_endpoint
-./resource.ps1 aws_grafana_role_association
-./resource.ps1 aws_grafana_workspace_saml_configuration
-./resource.ps1 aws_iam_group_policy_attachments_exclusive
-./resource.ps1 aws_iam_organizations_features
-./resource.ps1 aws_iam_role_policy_attachments_exclusive
-./resource.ps1 aws_iam_user_policy_attachments_exclusive
-./resource.ps1 aws_iot_event_configurations
-./resource.ps1 aws_iot_indexing_configuration
-./resource.ps1 aws_iot_logging_options
-./resource.ps1 aws_iot_policy_attachment
-./resource.ps1 aws_iot_thing_group_membership
-./resource.ps1 aws_iot_thing_principal_attachment
-./resource.ps1 aws_lb_listener_certificate
-./resource.ps1 aws_lb_ssl_negotiation_policy
-./resource.ps1 aws_main_route_table_association
-./resource.ps1 aws_memorydb_multi_region_cluster
-./resource.ps1 aws_msk_single_scram_secret_association
-./resource.ps1 aws_mskconnect_custom_plugin
-./resource.ps1 aws_mskconnect_worker_configuration
-./resource.ps1 aws_neptune_global_cluster
-./resource.ps1 aws_network_interface_sg_attachment
-./resource.ps1 aws_networkmanager_attachment_accepter
-./resource.ps1 aws_networkmanager_connection
-./resource.ps1 aws_networkmanager_core_network_policy_attachment
-./resource.ps1 aws_networkmanager_transit_gateway_connect_peer_association
-./resource.ps1 aws_networkmonitor_monitor
-./resource.ps1 aws_networkmonitor_probe
-./resource.ps1 aws_organizations_delegated_administrator
-./resource.ps1 aws_prometheus_rule_group_namespace
-./resource.ps1 aws_qldb_ledger
-./resource.ps1 aws_ram_resource_share_accepter
-./resource.ps1 aws_ram_sharing_with_organization
-./resource.ps1 aws_rbin_rule
-./resource.ps1 aws_rds_instance_state
-./resource.ps1 aws_resiliencehub_resiliency_policy
-./resource.ps1 aws_resourcegroups_resource
-./resource.ps1 aws_rum_metrics_destination
-./resource.ps1 aws_securityhub_invite_accepter
-./resource.ps1 aws_securityhub_member
-./resource.ps1 aws_serverlessapplicationrepository_cloudformation_stack
-./resource.ps1 aws_servicecatalog_provisioning_artifact
-./resource.ps1 aws_shield_application_layer_automatic_response
-./resource.ps1 aws_shield_drt_access_log_bucket_association
-./resource.ps1 aws_shield_drt_access_role_arn_association
-./resource.ps1 aws_shield_protection_health_check_association
-./resource.ps1 aws_timestreamquery_scheduled_query
-./resource.ps1 aws_verifiedaccess_instance_trust_provider_attachment
-./resource.ps1 aws_verifiedpermissions_schema
-./resource.ps1 aws_vpc_endpoint_connection_accepter
diff --git a/src/files_aws.go b/src/files_aws.go
@@ -609,3 +609,180 @@ var awsVpcSecurityGroupAssociation []byte
 
 //go:embed mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_resource_association.json
 var awsVpclatticeServiceNetworkResourceAssociation []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_connection_accepter.json
+var awsVpcEndpointConnectionAccepter []byte
+
+//go:embed mapping/aws/resource/iot/aws_iot_event_configurations.json
+var awsIotEventConfigurations []byte
+
+//go:embed mapping/aws/resource/iot/aws_iot_indexing_configuration.json
+var awsIotIndexingConfiguration []byte
+
+//go:embed mapping/aws/resource/iot/aws_iot_logging_options.json
+var awsIotLoggingOptions []byte
+
+//go:embed mapping/aws/resource/iot/aws_iot_policy_attachment.json
+var awsIotPolicyAttachment []byte
+
+//go:embed mapping/aws/resource/iot/aws_iot_thing_group_membership.json
+var awsIotThingGroupMembership []byte
+
+//go:embed mapping/aws/resource/iot/aws_iot_thing_principal_attachment.json
+var awsIotThingPrincipalAttachment []byte
+
+//go:embed mapping/aws/resource/elasticloadbalancing/aws_lb_listener_certificate.json
+var awsLbListenerCertificate []byte
+
+//go:embed mapping/aws/resource/elasticloadbalancing/aws_lb_ssl_negotiation_policy.json
+var awsLbSslNegotiationPolicy []byte
+
+//go:embed mapping/aws/resource/ec2/aws_main_route_table_association.json
+var awsMainRouteTableAssociation []byte
+
+//go:embed mapping/aws/resource/memorydb/aws_memorydb_multi_region_cluster.json
+var awsMemorydbMultiRegionCluster []byte
+
+//go:embed mapping/aws/resource/kafka/aws_msk_single_scram_secret_association.json
+var awsMskSingleScramSecretAssociation []byte
+
+//go:embed mapping/aws/resource/kafkaconnect/aws_mskconnect_custom_plugin.json
+var awsMskconnectCustomPlugin []byte
+
+//go:embed mapping/aws/resource/kafkaconnect/aws_mskconnect_worker_configuration.json
+var awsMskconnectWorkerConfiguration []byte
+
+//go:embed mapping/aws/resource/ec2/aws_network_interface_sg_attachment.json
+var awsNetworkInterfaceSgAttachment []byte
+
+//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_attachment_accepter.json
+var awsNetworkmanagerAttachmentAccepter []byte
+
+//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_connection.json
+var awsNetworkmanagerConnection []byte
+
+//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_core_network_policy_attachment.json
+var awsNetworkmanagerCoreNetworkPolicyAttachment []byte
+
+//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_connect_peer_association.json
+var awsNetworkmanagerTransitGatewayConnectPeerAssociation []byte
+
+//go:embed mapping/aws/resource/networkmonitor/aws_networkmonitor_monitor.json
+var awsNetworkmonitorMonitor []byte
+
+//go:embed mapping/aws/resource/networkmonitor/aws_networkmonitor_probe.json
+var awsNetworkmonitorProbe []byte
+
+//go:embed mapping/aws/resource/organizations/aws_organizations_delegated_administrator.json
+var awsOrganizationsDelegatedAdministrator []byte
+
+//go:embed mapping/aws/resource/aps/aws_prometheus_rule_group_namespace.json
+var awsPrometheusRuleGroupNamespace []byte
+
+//go:embed mapping/aws/resource/qldb/aws_qldb_ledger.json
+var awsQlbdLedger []byte
+
+//go:embed mapping/aws/resource/ram/aws_ram_resource_share_accepter.json
+var awsRamResourceShareAccepter []byte
+
+//go:embed mapping/aws/resource/ram/aws_ram_sharing_with_organization.json
+var awsRamSharingWithOrganization []byte
+
+//go:embed mapping/aws/resource/rbin/aws_rbin_rule.json
+var awsRbinRule []byte
+
+//go:embed mapping/aws/resource/rds/aws_rds_instance_state.json
+var awsRdsInstanceState []byte
+
+//go:embed mapping/aws/resource/resiliencehub/aws_resiliencehub_resiliency_policy.json
+var awsResilienceResiliencePolicy []byte
+
+//go:embed mapping/aws/resource/resource-groups/aws_resourcegroups_resource.json
+var awsResourcegroupsResource []byte
+
+//go:embed mapping/aws/resource/rum/aws_rum_metrics_destination.json
+var awsRumMetricsDestination []byte
+
+//go:embed mapping/aws/resource/securityhub/aws_securityhub_invite_accepter.json
+var awsSecurityHubInviteAccepter []byte
+
+//go:embed mapping/aws/resource/securityhub/aws_securityhub_member.json
+var awsSecurityhubMember []byte
+
+//go:embed mapping/aws/resource/serverlessrepo/aws_serverlessapplicationrepository_cloudformation_stack.json
+var awsServerlessapplicationrepositoryCloudformationStack []byte
+
+//go:embed mapping/aws/resource/servicecatalog/aws_servicecatalog_provisioning_artifact.json
+var awsServiceCatalogProvisioningArtifact []byte
+
+//go:embed mapping/aws/resource/shield/aws_shield_application_layer_automatic_response.json
+var awsShieldApplicationLayerAutomaticsResponse []byte
+
+//go:embed mapping/aws/resource/shield/aws_shield_drt_access_log_bucket_association.json
+var awsShieldDrtAccessLogBucketAssociation []byte
+
+//go:embed mapping/aws/resource/shield/aws_shield_drt_access_role_arn_association.json
+var awsShieldDrtAccessRoleArnAssociation []byte
+
+//go:embed mapping/aws/resource/shield/aws_shield_protection_health_check_association.json
+var awsShieldProtectionHealthCheckAssociation []byte
+
+//go:embed mapping/aws/resource/timestream/aws_timestreamquery_scheduled_query.json
+var awsTimestreamqueryScheduledQuery []byte
+
+//go:embed mapping/aws/resource/verified-access/aws_verifiedaccess_instance_trust_provider_attachment.json
+var awsVerifiedaccessInstanceTrustProviderAttachment []byte
+
+//go:embed mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_schema.json
+var awsVerifiedpermissionsSchema []byte
+
+//go:embed mapping/aws/resource/cognito-idp/aws_cognito_managed_user_pool_client.json
+var awsCognitoManagedUserPoolClient []byte
+
+//go:embed mapping/aws/resource/ec2/aws_ebs_fast_snapshot_restore.json
+var awsEbsFastSnapshotRestore []byte
+
+//go:embed mapping/aws/resource/ecr/aws_ecr_account_setting.json
+var awsEcrAccountSetting []byte
+
+//go:embed mapping/aws/resource/ecs/aws_ecs_account_setting_default.json
+var awsEcsAccountSettingDefault []byte
+
+//go:embed mapping/aws/resource/ecs/aws_ecs_cluster_capacity_providers.json
+var awsEcsClusterCapacityProviders []byte
+
+//go:embed mapping/aws/resource/ec2/aws_eip_domain_name.json
+var awsEipDomainName []byte
+
+//go:embed mapping/aws/resource/elasticache/aws_elasticache_reserved_cache_node.json
+var awsElasticacheReservedCacheNode []byte
+
+//go:embed mapping/aws/resource/elasticache/aws_elasticache_serverless_cache.json
+var awsElasticacheServerlessCache []byte
+
+//go:embed mapping/aws/resource/elasticache/aws_elasticache_user_group_association.json
+var awsElasticacheUserGroupAssociation []byte
+
+//go:embed mapping/aws/resource/iam/aws_iam_group_policy_attachments_exclusive.json
+var awsIamGroupPolicyAttachmentExclusive []byte
+
+//go:embed mapping/aws/resource/iam/aws_iam_organizations_features.json
+var awsIamOrganizationsFeatures []byte
+
+//go:embed mapping/aws/resource/iam/aws_iam_role_policy_attachments_exclusive.json
+var awsIamRolePolicyAttachmentsExclusive []byte
+
+//go:embed mapping/aws/resource/iam/aws_iam_user_policy_attachments_exclusive.json
+var awsIamUserPolicyAttachmentsExclusive []byte
+
+//go:embed mapping/aws/resource/grafana/aws_grafana_workspace_saml_configuration.json
+var awsGrafanaWorkspaceSamlConfiguration []byte
+
+//go:embed mapping/aws/resource/grafana/aws_grafana_role_association.json
+var awsGrafanaRoleAssociation []byte
+
+//go:embed mapping/aws/resource/es/aws_elasticsearch_domain_saml_options.json
+var awsElasticsearchDomainSamlOptions []byte
+
+//go:embed mapping/aws/resource/es/aws_opensearch_vpc_endpoint.json
+var awsElasticsearchVpcEndpoint []byte
diff --git a/src/mapping/aws/resource/aps/aws_prometheus_rule_group_namespace.json b/src/mapping/aws/resource/aps/aws_prometheus_rule_group_namespace.json
@@ -0,0 +1,16 @@
+[
+  {
+    "apply": [
+      "aps:DescribeRuleGroupsNamespace",
+      "aps:CreateRuleGroupsNamespace",
+      "aps:DeleteRuleGroupsNamespace",
+      "aps:PutRuleGroupsNamespace"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/cognito-idp/aws_cognito_managed_user_pool_client.json b/src/mapping/aws/resource/cognito-idp/aws_cognito_managed_user_pool_client.json
@@ -0,0 +1,16 @@
+[
+  {
+    "apply": [
+      "cognito-idp:DescribeUserPoolClient",
+      "cognito-idp:CreateUserPoolClient",
+      "cognito-idp:DeleteUserPoolClient",
+      "cognito-idp:UpdateUserPoolClient"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_ebs_fast_snapshot_restore.json b/src/mapping/aws/resource/ec2/aws_ebs_fast_snapshot_restore.json
@@ -0,0 +1,11 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_eip_domain_name.json b/src/mapping/aws/resource/ec2/aws_eip_domain_name.json
@@ -0,0 +1,11 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_instance.json b/src/mapping/aws/resource/ec2/aws_instance.json
@@ -9,7 +9,8 @@
       "ec2:RunInstances",
       "ec2:StopInstances",
       "ec2:TerminateInstances",
-      "ec2:DescribeNetworkInterfaces"
+      "ec2:DescribeNetworkInterfaces",
+      "ec2:DescribeInstanceCreditSpecifications"
     ],
     "attributes": {
       "credit_specification": [