From 1da865c2c32328d4cdb271343d8c2d5519dc9b7b Mon Sep 17 00:00:00 2001 From: James Woolfenden Date: Wed, 12 Feb 2025 14:11:52 +0000 Subject: [PATCH] 100% AWS coverage --- src/aws.go | 60 ++++++ src/coverage/aws.md | 63 +------ src/files_aws.go | 177 ++++++++++++++++++ .../aws_prometheus_rule_group_namespace.json | 16 ++ .../aws_cognito_managed_user_pool_client.json | 16 ++ .../ec2/aws_ebs_fast_snapshot_restore.json | 11 ++ .../aws/resource/ec2/aws_eip_domain_name.json | 11 ++ .../aws/resource/ec2/aws_instance.json | 3 +- .../ec2/aws_main_route_table_association.json | 14 ++ .../aws_network_interface_sg_attachment.json | 13 ++ .../resource/ecr/aws_ecr_account_setting.json | 14 ++ .../ecs/aws_ecs_account_setting_default.json | 13 ++ .../aws_ecs_cluster_capacity_providers.json | 30 +++ .../aws_elasticache_reserved_cache_node.json | 19 ++ .../aws_elasticache_serverless_cache.json | 37 ++++ ...ws_elasticache_user_group_association.json | 11 ++ .../aws_lb_listener_certificate.json | 15 ++ .../aws_lb_ssl_negotiation_policy.json | 13 ++ ...aws_elasticsearch_domain_saml_options.json | 11 ++ .../es/aws_elasticsearch_vpc_endpoint.json | 11 ++ .../grafana/aws_grafana_role_association.json | 13 ++ ..._grafana_workspace_saml_configuration.json | 11 ++ ...am_group_policy_attachments_exclusive.json | 14 ++ .../iam/aws_iam_organizations_features.json | 14 ++ ...iam_role_policy_attachments_exclusive.json | 14 ++ ...iam_user_policy_attachments_exclusive.json | 14 ++ .../iot/aws_iot_event_configurations.json | 14 ++ .../iot/aws_iot_indexing_configuration.json | 14 ++ .../resource/iot/aws_iot_logging_options.json | 16 ++ .../iot/aws_iot_policy_attachment.json | 14 ++ .../iot/aws_iot_thing_group_membership.json | 15 ++ .../aws_iot_thing_principal_attachment.json | 14 ++ ...s_msk_single_scram_secret_association.json | 14 ++ .../aws_mskconnect_custom_plugin.json | 15 ++ .../aws_mskconnect_worker_configuration.json | 15 ++ .../aws_memorydb_multi_region_cluster.json | 30 +++ ...ws_networkmanager_attachment_accepter.json | 13 ++ .../aws_networkmanager_connection.json | 16 ++ ...anager_core_network_policy_attachment.json | 11 ++ ...nsit_gateway_connect_peer_association.json | 15 ++ .../aws_networkmonitor_monitor.json | 20 ++ .../aws_networkmonitor_probe.json | 20 ++ ...organizations_delegated_administrator.json | 14 ++ .../aws/resource/qldb/aws_qldb_ledger.json | 20 ++ .../ram/aws_ram_resource_share_accepter.json | 13 ++ .../aws_ram_sharing_with_organization.json | 13 ++ .../aws/resource/rbin/aws_rbin_rule.json | 38 ++++ .../resource/rds/aws_rds_instance_state.json | 14 ++ .../aws_resiliencehub_resiliency_policy.json | 28 +++ .../aws_resourcegroups_resource.json | 14 ++ .../rum/aws_rum_metrics_destination.json | 14 ++ .../securityhub/aws_securityhub_member.json | 3 + ..._servicecatalog_provisioning_artifact.json | 4 +- ..._application_layer_automatic_response.json | 15 ++ ...eld_drt_access_log_bucket_association.json | 14 ++ ...hield_drt_access_role_arn_association.json | 14 ++ ...d_protection_health_check_association.json | 14 ++ .../aws_timestreamquery_scheduled_query.json | 31 +++ ...ss_instance_trust_provider_attachment.json | 13 ++ .../aws_verifiedpermissions_schema.json | 14 ++ .../aws_cognito_managed_user_pool_client.tf | 1 + .../backup/aws_ebs_fast_snapshot_restore.tf | 1 + .../aws/backup/aws_ecr_account_setting.tf | 1 + .../backup/aws_ecs_account_setting_default.tf | 1 + .../aws_ecs_cluster_capacity_providers.tf | 1 + terraform/aws/backup/aws_eip_domain_name.tf | 1 + .../aws_elasticache_reserved_cache_node.tf | 1 + .../aws_elasticache_serverless_cache.tf | 1 + .../aws_elasticache_user_group_association.tf | 1 + .../aws_elasticsearch_domain_saml_options.tf | 27 +++ .../backup/aws_elasticsearch_vpc_endpoint.tf | 1 + .../backup/aws_grafana_role_association.tf | 29 +++ ...ws_grafana_workspace_saml_configuration.tf | 29 +++ ..._iam_group_policy_attachments_exclusive.tf | 1 + .../backup/aws_iam_organizations_features.tf | 6 + ...s_iam_role_policy_attachments_exclusive.tf | 1 + ...s_iam_user_policy_attachments_exclusive.tf | 1 + .../backup/aws_iot_event_configurations.tf | 1 + .../backup/aws_iot_indexing_configuration.tf | 1 + .../aws/backup/aws_iot_logging_options.tf | 1 + .../aws/backup/aws_iot_policy_attachment.tf | 1 + .../backup/aws_iot_thing_group_membership.tf | 1 + .../aws_iot_thing_principal_attachment.tf | 1 + .../aws/backup/aws_lb_listener_certificate.tf | 1 + .../backup/aws_lb_ssl_negotiation_policy.tf | 1 + .../aws_main_route_table_association.tf | 1 + .../aws_memorydb_multi_region_cluster.tf | 1 + ...aws_msk_single_scram_secret_association.tf | 1 + .../backup/aws_mskconnect_custom_plugin.tf | 1 + .../aws_mskconnect_worker_configuration.tf | 1 + .../aws/backup/aws_neptune_global_cluster.tf | 5 + .../aws_network_interface_sg_attachment.tf | 21 +++ .../aws_networkmanager_attachment_accepter.tf | 1 + .../backup/aws_networkmanager_connection.tf | 1 + ...kmanager_core_network_policy_attachment.tf | 1 + ...ransit_gateway_connect_peer_association.tf | 1 + .../aws/backup/aws_networkmonitor_monitor.tf | 1 + .../aws/backup/aws_networkmonitor_probe.tf | 1 + ...s_organizations_delegated_administrator.tf | 1 + .../aws_prometheus_rule_group_namespace.tf | 1 + terraform/aws/backup/aws_qldb_ledger.tf | 1 + .../backup/aws_ram_resource_share_accepter.tf | 1 + .../aws_ram_sharing_with_organization.tf | 1 + terraform/aws/backup/aws_rbin_rule.tf | 1 + .../aws/backup/aws_rds_instance_state.tf | 1 + .../aws_resiliencehub_resiliency_policy.tf | 1 + .../aws/backup/aws_resourcegroups_resource.tf | 1 + .../aws/backup/aws_rum_metrics_destination.tf | 1 + .../backup/aws_securityhub_invite_accepter.tf | 2 +- .../aws/backup/aws_securityhub_member.tf | 2 +- ...licationrepository_cloudformation_stack.tf | 2 +- ...ws_servicecatalog_provisioning_artifact.tf | 2 +- ...ld_application_layer_automatic_response.tf | 1 + ...hield_drt_access_log_bucket_association.tf | 1 + ..._shield_drt_access_role_arn_association.tf | 1 + ...eld_protection_health_check_association.tf | 1 + .../aws_timestreamquery_scheduled_query.tf | 1 + ...cess_instance_trust_provider_attachment.tf | 1 + .../backup/aws_verifiedpermissions_schema.tf | 1 + .../aws_vpc_endpoint_connection_accepter.tf | 2 +- terraform/aws/role/aws_iam_policy.basic.tf | 64 +++---- 121 files changed, 1318 insertions(+), 106 deletions(-) create mode 100644 src/mapping/aws/resource/aps/aws_prometheus_rule_group_namespace.json create mode 100644 src/mapping/aws/resource/cognito-idp/aws_cognito_managed_user_pool_client.json create mode 100644 src/mapping/aws/resource/ec2/aws_ebs_fast_snapshot_restore.json create mode 100644 src/mapping/aws/resource/ec2/aws_eip_domain_name.json create mode 100644 src/mapping/aws/resource/ec2/aws_main_route_table_association.json create mode 100644 src/mapping/aws/resource/ec2/aws_network_interface_sg_attachment.json create mode 100644 src/mapping/aws/resource/ecr/aws_ecr_account_setting.json create mode 100644 src/mapping/aws/resource/ecs/aws_ecs_account_setting_default.json create mode 100644 src/mapping/aws/resource/ecs/aws_ecs_cluster_capacity_providers.json create mode 100644 src/mapping/aws/resource/elasticache/aws_elasticache_reserved_cache_node.json create mode 100644 src/mapping/aws/resource/elasticache/aws_elasticache_serverless_cache.json create mode 100644 src/mapping/aws/resource/elasticache/aws_elasticache_user_group_association.json create mode 100644 src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_certificate.json create mode 100644 src/mapping/aws/resource/elasticloadbalancing/aws_lb_ssl_negotiation_policy.json create mode 100644 src/mapping/aws/resource/es/aws_elasticsearch_domain_saml_options.json create mode 100644 src/mapping/aws/resource/es/aws_elasticsearch_vpc_endpoint.json create mode 100644 src/mapping/aws/resource/grafana/aws_grafana_role_association.json create mode 100644 src/mapping/aws/resource/grafana/aws_grafana_workspace_saml_configuration.json create mode 100644 src/mapping/aws/resource/iam/aws_iam_group_policy_attachments_exclusive.json create mode 100644 src/mapping/aws/resource/iam/aws_iam_organizations_features.json create mode 100644 src/mapping/aws/resource/iam/aws_iam_role_policy_attachments_exclusive.json create mode 100644 src/mapping/aws/resource/iam/aws_iam_user_policy_attachments_exclusive.json create mode 100644 src/mapping/aws/resource/iot/aws_iot_event_configurations.json create mode 100644 src/mapping/aws/resource/iot/aws_iot_indexing_configuration.json create mode 100644 src/mapping/aws/resource/iot/aws_iot_logging_options.json create mode 100644 src/mapping/aws/resource/iot/aws_iot_policy_attachment.json create mode 100644 src/mapping/aws/resource/iot/aws_iot_thing_group_membership.json create mode 100644 src/mapping/aws/resource/iot/aws_iot_thing_principal_attachment.json create mode 100644 src/mapping/aws/resource/kafka/aws_msk_single_scram_secret_association.json create mode 100644 src/mapping/aws/resource/kafkaconnect/aws_mskconnect_custom_plugin.json create mode 100644 src/mapping/aws/resource/kafkaconnect/aws_mskconnect_worker_configuration.json create mode 100644 src/mapping/aws/resource/memorydb/aws_memorydb_multi_region_cluster.json create mode 100644 src/mapping/aws/resource/networkmanager/aws_networkmanager_attachment_accepter.json create mode 100644 src/mapping/aws/resource/networkmanager/aws_networkmanager_connection.json create mode 100644 src/mapping/aws/resource/networkmanager/aws_networkmanager_core_network_policy_attachment.json create mode 100644 src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_connect_peer_association.json create mode 100644 src/mapping/aws/resource/networkmonitor/aws_networkmonitor_monitor.json create mode 100644 src/mapping/aws/resource/networkmonitor/aws_networkmonitor_probe.json create mode 100644 src/mapping/aws/resource/organizations/aws_organizations_delegated_administrator.json create mode 100644 src/mapping/aws/resource/qldb/aws_qldb_ledger.json create mode 100644 src/mapping/aws/resource/ram/aws_ram_resource_share_accepter.json create mode 100644 src/mapping/aws/resource/ram/aws_ram_sharing_with_organization.json create mode 100644 src/mapping/aws/resource/rbin/aws_rbin_rule.json create mode 100644 src/mapping/aws/resource/rds/aws_rds_instance_state.json create mode 100644 src/mapping/aws/resource/resiliencehub/aws_resiliencehub_resiliency_policy.json create mode 100644 src/mapping/aws/resource/resource-groups/aws_resourcegroups_resource.json create mode 100644 src/mapping/aws/resource/rum/aws_rum_metrics_destination.json create mode 100644 src/mapping/aws/resource/shield/aws_shield_application_layer_automatic_response.json create mode 100644 src/mapping/aws/resource/shield/aws_shield_drt_access_log_bucket_association.json create mode 100644 src/mapping/aws/resource/shield/aws_shield_drt_access_role_arn_association.json create mode 100644 src/mapping/aws/resource/shield/aws_shield_protection_health_check_association.json create mode 100644 src/mapping/aws/resource/timestream/aws_timestreamquery_scheduled_query.json create mode 100644 src/mapping/aws/resource/verified-access/aws_verifiedaccess_instance_trust_provider_attachment.json create mode 100644 src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_schema.json create mode 100644 terraform/aws/backup/aws_cognito_managed_user_pool_client.tf create mode 100644 terraform/aws/backup/aws_ebs_fast_snapshot_restore.tf create mode 100644 terraform/aws/backup/aws_ecr_account_setting.tf create mode 100644 terraform/aws/backup/aws_ecs_account_setting_default.tf create mode 100644 terraform/aws/backup/aws_ecs_cluster_capacity_providers.tf create mode 100644 terraform/aws/backup/aws_eip_domain_name.tf create mode 100644 terraform/aws/backup/aws_elasticache_reserved_cache_node.tf create mode 100644 terraform/aws/backup/aws_elasticache_serverless_cache.tf create mode 100644 terraform/aws/backup/aws_elasticache_user_group_association.tf create mode 100644 terraform/aws/backup/aws_elasticsearch_domain_saml_options.tf create mode 100644 terraform/aws/backup/aws_elasticsearch_vpc_endpoint.tf create mode 100644 terraform/aws/backup/aws_grafana_role_association.tf create mode 100644 terraform/aws/backup/aws_grafana_workspace_saml_configuration.tf create mode 100644 terraform/aws/backup/aws_iam_group_policy_attachments_exclusive.tf create mode 100644 terraform/aws/backup/aws_iam_organizations_features.tf create mode 100644 terraform/aws/backup/aws_iam_role_policy_attachments_exclusive.tf create mode 100644 terraform/aws/backup/aws_iam_user_policy_attachments_exclusive.tf create mode 100644 terraform/aws/backup/aws_iot_event_configurations.tf create mode 100644 terraform/aws/backup/aws_iot_indexing_configuration.tf create mode 100644 terraform/aws/backup/aws_iot_logging_options.tf create mode 100644 terraform/aws/backup/aws_iot_policy_attachment.tf create mode 100644 terraform/aws/backup/aws_iot_thing_group_membership.tf create mode 100644 terraform/aws/backup/aws_iot_thing_principal_attachment.tf create mode 100644 terraform/aws/backup/aws_lb_listener_certificate.tf create mode 100644 terraform/aws/backup/aws_lb_ssl_negotiation_policy.tf create mode 100644 terraform/aws/backup/aws_main_route_table_association.tf create mode 100644 terraform/aws/backup/aws_memorydb_multi_region_cluster.tf create mode 100644 terraform/aws/backup/aws_msk_single_scram_secret_association.tf create mode 100644 terraform/aws/backup/aws_mskconnect_custom_plugin.tf create mode 100644 terraform/aws/backup/aws_mskconnect_worker_configuration.tf create mode 100644 terraform/aws/backup/aws_neptune_global_cluster.tf create mode 100644 terraform/aws/backup/aws_network_interface_sg_attachment.tf create mode 100644 terraform/aws/backup/aws_networkmanager_attachment_accepter.tf create mode 100644 terraform/aws/backup/aws_networkmanager_connection.tf create mode 100644 terraform/aws/backup/aws_networkmanager_core_network_policy_attachment.tf create mode 100644 terraform/aws/backup/aws_networkmanager_transit_gateway_connect_peer_association.tf create mode 100644 terraform/aws/backup/aws_networkmonitor_monitor.tf create mode 100644 terraform/aws/backup/aws_networkmonitor_probe.tf create mode 100644 terraform/aws/backup/aws_organizations_delegated_administrator.tf create mode 100644 terraform/aws/backup/aws_prometheus_rule_group_namespace.tf create mode 100644 terraform/aws/backup/aws_qldb_ledger.tf create mode 100644 terraform/aws/backup/aws_ram_resource_share_accepter.tf create mode 100644 terraform/aws/backup/aws_ram_sharing_with_organization.tf create mode 100644 terraform/aws/backup/aws_rbin_rule.tf create mode 100644 terraform/aws/backup/aws_rds_instance_state.tf create mode 100644 terraform/aws/backup/aws_resiliencehub_resiliency_policy.tf create mode 100644 terraform/aws/backup/aws_resourcegroups_resource.tf create mode 100644 terraform/aws/backup/aws_rum_metrics_destination.tf create mode 100644 terraform/aws/backup/aws_shield_application_layer_automatic_response.tf create mode 100644 terraform/aws/backup/aws_shield_drt_access_log_bucket_association.tf create mode 100644 terraform/aws/backup/aws_shield_drt_access_role_arn_association.tf create mode 100644 terraform/aws/backup/aws_shield_protection_health_check_association.tf create mode 100644 terraform/aws/backup/aws_timestreamquery_scheduled_query.tf create mode 100644 terraform/aws/backup/aws_verifiedaccess_instance_trust_provider_attachment.tf create mode 100644 terraform/aws/backup/aws_verifiedpermissions_schema.tf diff --git a/src/aws.go b/src/aws.go index 1dce65d4..c22d4615 100644 --- a/src/aws.go +++ b/src/aws.go @@ -1426,6 +1426,7 @@ var tFLookup = map[string]interface{}{ //nolint:gochecknoglobals "aws_macie2_invitation_accepter": awsMacieInvitationAccepter, "aws_macie2_member": awsMacieMember, "aws_macie2_organization_admin_account": awsMacieOrganizationAdminAccount, + "aws_vpc_endpoint_connection_accepter": awsVpcEndpointConnectionAccepter, "aws_vpc_endpoint_policy": awsVpcEndpointPolicy, "aws_vpc_endpoint_private_dns": awsVpcEndpointPrivateDns, "aws_vpc_endpoint_security_group_association": awsVpcEndpointSecurityGroupAssociation, @@ -1436,6 +1437,65 @@ var tFLookup = map[string]interface{}{ //nolint:gochecknoglobals "aws_vpc_network_performance_metric_subscription": awsVpcNetworkPerformanceMetricSubscription, "aws_vpc_security_group_vpc_association": awsVpcSecurityGroupAssociation, "aws_vpclattice_service_network_resource_association": awsVpclatticeServiceNetworkResourceAssociation, + "aws_iot_event_configurations": awsIotEventConfigurations, + "aws_iot_indexing_configuration": awsIotIndexingConfiguration, + "aws_iot_logging_options": awsIotLoggingOptions, + "aws_iot_policy_attachment": awsIotPolicyAttachment, + "aws_iot_thing_group_membership": awsIotThingGroupMembership, + "aws_iot_thing_principal_attachment": awsIotThingPrincipalAttachment, + "aws_lb_listener_certificate": awsLbListenerCertificate, + "aws_lb_ssl_negotiation_policy": awsLbSslNegotiationPolicy, + "aws_main_route_table_association": awsMainRouteTableAssociation, + "aws_memorydb_multi_region_cluster": awsMemorydbMultiRegionCluster, + "aws_msk_single_scram_secret_association": awsMskSingleScramSecretAssociation, + "aws_mskconnect_custom_plugin": awsMskconnectCustomPlugin, + "aws_mskconnect_worker_configuration": awsMskconnectWorkerConfiguration, + "aws_neptune_global_cluster": awsRdsGlobalCluster, + "aws_network_interface_sg_attachment": awsNetworkInterfaceSgAttachment, + "aws_networkmanager_attachment_accepter": awsNetworkmanagerAttachmentAccepter, + "aws_networkmanager_connection": awsNetworkmanagerConnection, + "aws_networkmanager_core_network_policy_attachment": awsNetworkmanagerCoreNetworkPolicyAttachment, + "aws_networkmanager_transit_gateway_connect_peer_association": awsNetworkmanagerTransitGatewayConnectPeerAssociation, + "aws_networkmonitor_monitor": awsNetworkmonitorMonitor, + "aws_networkmonitor_probe": awsNetworkmonitorProbe, + "aws_organizations_delegated_administrator": awsOrganizationsDelegatedAdministrator, + "aws_prometheus_rule_group_namespace": awsPrometheusRuleGroupNamespace, + "aws_qldb_ledger": awsQlbdLedger, + "aws_ram_resource_share_accepter": awsRamResourceShareAccepter, + "aws_ram_sharing_with_organization": awsRamSharingWithOrganization, + "aws_rbin_rule": awsRbinRule, + "aws_rds_instance_state": awsRdsInstanceState, + "aws_resiliencehub_resiliency_policy": awsResilienceResiliencePolicy, + "aws_resourcegroups_resource": awsResourcegroupsResource, + "aws_rum_metrics_destination": awsRumMetricsDestination, + "aws_securityhub_invite_accepter": awsSecurityHubInviteAccepter, + "aws_securityhub_member": awsSecurityhubMember, + "aws_serverlessapplicationrepository_cloudformation_stack": awsServerlessapplicationrepositoryCloudformationStack, + "aws_servicecatalog_provisioning_artifact": awsServiceCatalogProvisioningArtifact, + "aws_shield_application_layer_automatic_response": awsShieldApplicationLayerAutomaticsResponse, + "aws_shield_drt_access_log_bucket_association": awsShieldDrtAccessLogBucketAssociation, + "aws_shield_drt_access_role_arn_association": awsShieldDrtAccessRoleArnAssociation, + "aws_shield_protection_health_check_association": awsShieldProtectionHealthCheckAssociation, + "aws_timestreamquery_scheduled_query": awsTimestreamqueryScheduledQuery, + "aws_verifiedaccess_instance_trust_provider_attachment": awsVerifiedaccessInstanceTrustProviderAttachment, + "aws_verifiedpermissions_schema": awsVerifiedpermissionsSchema, + "aws_cognito_managed_user_pool_client": awsCognitoManagedUserPoolClient, + "aws_ebs_fast_snapshot_restore": awsEbsFastSnapshotRestore, + "aws_ecr_account_setting": awsEcrAccountSetting, + "aws_ecs_account_setting_default": awsEcsAccountSettingDefault, + "aws_ecs_cluster_capacity_providers": awsEcsClusterCapacityProviders, + "aws_eip_domain_name": awsEipDomainName, + "aws_elasticache_reserved_cache_node": awsElasticacheReservedCacheNode, + "aws_elasticache_serverless_cache": awsElasticacheServerlessCache, + "aws_elasticache_user_group_association": awsElasticacheUserGroupAssociation, + "aws_iam_group_policy_attachments_exclusive": awsIamGroupPolicyAttachmentExclusive, + "aws_iam_organizations_features": awsIamOrganizationsFeatures, + "aws_iam_role_policy_attachments_exclusive": awsIamRolePolicyAttachmentsExclusive, + "aws_iam_user_policy_attachments_exclusive": awsIamUserPolicyAttachmentsExclusive, + "aws_grafana_workspace_saml_configuration": awsGrafanaWorkspaceSamlConfiguration, + "aws_grafana_role_association": awsGrafanaRoleAssociation, + "aws_elasticsearch_domain_saml_options": awsElasticsearchDomainSamlOptions, + "aws_elasticsearch_vpc_endpoint": awsElasticsearchVpcEndpoint, } // GetAWSPermissions for AWS resources. diff --git a/src/coverage/aws.md b/src/coverage/aws.md index 4471bb47..3c6c40c9 100644 --- a/src/coverage/aws.md +++ b/src/coverage/aws.md @@ -1,65 +1,4 @@ # todo aws -Resource percentage coverage 95.94 +Resource percentage coverage 100.00 Datasource percentage coverage 100.00 - -./resource.ps1 aws_cognito_managed_user_pool_client -./resource.ps1 aws_ebs_fast_snapshot_restore -./resource.ps1 aws_ecr_account_setting -./resource.ps1 aws_ecs_account_setting_default -./resource.ps1 aws_ecs_cluster_capacity_providers -./resource.ps1 aws_eip_domain_name -./resource.ps1 aws_elasticache_reserved_cache_node -./resource.ps1 aws_elasticache_serverless_cache -./resource.ps1 aws_elasticache_user_group_association -./resource.ps1 aws_elasticsearch_domain_saml_options -./resource.ps1 aws_elasticsearch_vpc_endpoint -./resource.ps1 aws_grafana_role_association -./resource.ps1 aws_grafana_workspace_saml_configuration -./resource.ps1 aws_iam_group_policy_attachments_exclusive -./resource.ps1 aws_iam_organizations_features -./resource.ps1 aws_iam_role_policy_attachments_exclusive -./resource.ps1 aws_iam_user_policy_attachments_exclusive -./resource.ps1 aws_iot_event_configurations -./resource.ps1 aws_iot_indexing_configuration -./resource.ps1 aws_iot_logging_options -./resource.ps1 aws_iot_policy_attachment -./resource.ps1 aws_iot_thing_group_membership -./resource.ps1 aws_iot_thing_principal_attachment -./resource.ps1 aws_lb_listener_certificate -./resource.ps1 aws_lb_ssl_negotiation_policy -./resource.ps1 aws_main_route_table_association -./resource.ps1 aws_memorydb_multi_region_cluster -./resource.ps1 aws_msk_single_scram_secret_association -./resource.ps1 aws_mskconnect_custom_plugin -./resource.ps1 aws_mskconnect_worker_configuration -./resource.ps1 aws_neptune_global_cluster -./resource.ps1 aws_network_interface_sg_attachment -./resource.ps1 aws_networkmanager_attachment_accepter -./resource.ps1 aws_networkmanager_connection -./resource.ps1 aws_networkmanager_core_network_policy_attachment -./resource.ps1 aws_networkmanager_transit_gateway_connect_peer_association -./resource.ps1 aws_networkmonitor_monitor -./resource.ps1 aws_networkmonitor_probe -./resource.ps1 aws_organizations_delegated_administrator -./resource.ps1 aws_prometheus_rule_group_namespace -./resource.ps1 aws_qldb_ledger -./resource.ps1 aws_ram_resource_share_accepter -./resource.ps1 aws_ram_sharing_with_organization -./resource.ps1 aws_rbin_rule -./resource.ps1 aws_rds_instance_state -./resource.ps1 aws_resiliencehub_resiliency_policy -./resource.ps1 aws_resourcegroups_resource -./resource.ps1 aws_rum_metrics_destination -./resource.ps1 aws_securityhub_invite_accepter -./resource.ps1 aws_securityhub_member -./resource.ps1 aws_serverlessapplicationrepository_cloudformation_stack -./resource.ps1 aws_servicecatalog_provisioning_artifact -./resource.ps1 aws_shield_application_layer_automatic_response -./resource.ps1 aws_shield_drt_access_log_bucket_association -./resource.ps1 aws_shield_drt_access_role_arn_association -./resource.ps1 aws_shield_protection_health_check_association -./resource.ps1 aws_timestreamquery_scheduled_query -./resource.ps1 aws_verifiedaccess_instance_trust_provider_attachment -./resource.ps1 aws_verifiedpermissions_schema -./resource.ps1 aws_vpc_endpoint_connection_accepter diff --git a/src/files_aws.go b/src/files_aws.go index 25bccca0..75c142e6 100644 --- a/src/files_aws.go +++ b/src/files_aws.go @@ -609,3 +609,180 @@ var awsVpcSecurityGroupAssociation []byte //go:embed mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_resource_association.json var awsVpclatticeServiceNetworkResourceAssociation []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_connection_accepter.json +var awsVpcEndpointConnectionAccepter []byte + +//go:embed mapping/aws/resource/iot/aws_iot_event_configurations.json +var awsIotEventConfigurations []byte + +//go:embed mapping/aws/resource/iot/aws_iot_indexing_configuration.json +var awsIotIndexingConfiguration []byte + +//go:embed mapping/aws/resource/iot/aws_iot_logging_options.json +var awsIotLoggingOptions []byte + +//go:embed mapping/aws/resource/iot/aws_iot_policy_attachment.json +var awsIotPolicyAttachment []byte + +//go:embed mapping/aws/resource/iot/aws_iot_thing_group_membership.json +var awsIotThingGroupMembership []byte + +//go:embed mapping/aws/resource/iot/aws_iot_thing_principal_attachment.json +var awsIotThingPrincipalAttachment []byte + +//go:embed mapping/aws/resource/elasticloadbalancing/aws_lb_listener_certificate.json +var awsLbListenerCertificate []byte + +//go:embed mapping/aws/resource/elasticloadbalancing/aws_lb_ssl_negotiation_policy.json +var awsLbSslNegotiationPolicy []byte + +//go:embed mapping/aws/resource/ec2/aws_main_route_table_association.json +var awsMainRouteTableAssociation []byte + +//go:embed mapping/aws/resource/memorydb/aws_memorydb_multi_region_cluster.json +var awsMemorydbMultiRegionCluster []byte + +//go:embed mapping/aws/resource/kafka/aws_msk_single_scram_secret_association.json +var awsMskSingleScramSecretAssociation []byte + +//go:embed mapping/aws/resource/kafkaconnect/aws_mskconnect_custom_plugin.json +var awsMskconnectCustomPlugin []byte + +//go:embed mapping/aws/resource/kafkaconnect/aws_mskconnect_worker_configuration.json +var awsMskconnectWorkerConfiguration []byte + +//go:embed mapping/aws/resource/ec2/aws_network_interface_sg_attachment.json +var awsNetworkInterfaceSgAttachment []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_attachment_accepter.json +var awsNetworkmanagerAttachmentAccepter []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_connection.json +var awsNetworkmanagerConnection []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_core_network_policy_attachment.json +var awsNetworkmanagerCoreNetworkPolicyAttachment []byte + +//go:embed mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_connect_peer_association.json +var awsNetworkmanagerTransitGatewayConnectPeerAssociation []byte + +//go:embed mapping/aws/resource/networkmonitor/aws_networkmonitor_monitor.json +var awsNetworkmonitorMonitor []byte + +//go:embed mapping/aws/resource/networkmonitor/aws_networkmonitor_probe.json +var awsNetworkmonitorProbe []byte + +//go:embed mapping/aws/resource/organizations/aws_organizations_delegated_administrator.json +var awsOrganizationsDelegatedAdministrator []byte + +//go:embed mapping/aws/resource/aps/aws_prometheus_rule_group_namespace.json +var awsPrometheusRuleGroupNamespace []byte + +//go:embed mapping/aws/resource/qldb/aws_qldb_ledger.json +var awsQlbdLedger []byte + +//go:embed mapping/aws/resource/ram/aws_ram_resource_share_accepter.json +var awsRamResourceShareAccepter []byte + +//go:embed mapping/aws/resource/ram/aws_ram_sharing_with_organization.json +var awsRamSharingWithOrganization []byte + +//go:embed mapping/aws/resource/rbin/aws_rbin_rule.json +var awsRbinRule []byte + +//go:embed mapping/aws/resource/rds/aws_rds_instance_state.json +var awsRdsInstanceState []byte + +//go:embed mapping/aws/resource/resiliencehub/aws_resiliencehub_resiliency_policy.json +var awsResilienceResiliencePolicy []byte + +//go:embed mapping/aws/resource/resource-groups/aws_resourcegroups_resource.json +var awsResourcegroupsResource []byte + +//go:embed mapping/aws/resource/rum/aws_rum_metrics_destination.json +var awsRumMetricsDestination []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_invite_accepter.json +var awsSecurityHubInviteAccepter []byte + +//go:embed mapping/aws/resource/securityhub/aws_securityhub_member.json +var awsSecurityhubMember []byte + +//go:embed mapping/aws/resource/serverlessrepo/aws_serverlessapplicationrepository_cloudformation_stack.json +var awsServerlessapplicationrepositoryCloudformationStack []byte + +//go:embed mapping/aws/resource/servicecatalog/aws_servicecatalog_provisioning_artifact.json +var awsServiceCatalogProvisioningArtifact []byte + +//go:embed mapping/aws/resource/shield/aws_shield_application_layer_automatic_response.json +var awsShieldApplicationLayerAutomaticsResponse []byte + +//go:embed mapping/aws/resource/shield/aws_shield_drt_access_log_bucket_association.json +var awsShieldDrtAccessLogBucketAssociation []byte + +//go:embed mapping/aws/resource/shield/aws_shield_drt_access_role_arn_association.json +var awsShieldDrtAccessRoleArnAssociation []byte + +//go:embed mapping/aws/resource/shield/aws_shield_protection_health_check_association.json +var awsShieldProtectionHealthCheckAssociation []byte + +//go:embed mapping/aws/resource/timestream/aws_timestreamquery_scheduled_query.json +var awsTimestreamqueryScheduledQuery []byte + +//go:embed mapping/aws/resource/verified-access/aws_verifiedaccess_instance_trust_provider_attachment.json +var awsVerifiedaccessInstanceTrustProviderAttachment []byte + +//go:embed mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_schema.json +var awsVerifiedpermissionsSchema []byte + +//go:embed mapping/aws/resource/cognito-idp/aws_cognito_managed_user_pool_client.json +var awsCognitoManagedUserPoolClient []byte + +//go:embed mapping/aws/resource/ec2/aws_ebs_fast_snapshot_restore.json +var awsEbsFastSnapshotRestore []byte + +//go:embed mapping/aws/resource/ecr/aws_ecr_account_setting.json +var awsEcrAccountSetting []byte + +//go:embed mapping/aws/resource/ecs/aws_ecs_account_setting_default.json +var awsEcsAccountSettingDefault []byte + +//go:embed mapping/aws/resource/ecs/aws_ecs_cluster_capacity_providers.json +var awsEcsClusterCapacityProviders []byte + +//go:embed mapping/aws/resource/ec2/aws_eip_domain_name.json +var awsEipDomainName []byte + +//go:embed mapping/aws/resource/elasticache/aws_elasticache_reserved_cache_node.json +var awsElasticacheReservedCacheNode []byte + +//go:embed mapping/aws/resource/elasticache/aws_elasticache_serverless_cache.json +var awsElasticacheServerlessCache []byte + +//go:embed mapping/aws/resource/elasticache/aws_elasticache_user_group_association.json +var awsElasticacheUserGroupAssociation []byte + +//go:embed mapping/aws/resource/iam/aws_iam_group_policy_attachments_exclusive.json +var awsIamGroupPolicyAttachmentExclusive []byte + +//go:embed mapping/aws/resource/iam/aws_iam_organizations_features.json +var awsIamOrganizationsFeatures []byte + +//go:embed mapping/aws/resource/iam/aws_iam_role_policy_attachments_exclusive.json +var awsIamRolePolicyAttachmentsExclusive []byte + +//go:embed mapping/aws/resource/iam/aws_iam_user_policy_attachments_exclusive.json +var awsIamUserPolicyAttachmentsExclusive []byte + +//go:embed mapping/aws/resource/grafana/aws_grafana_workspace_saml_configuration.json +var awsGrafanaWorkspaceSamlConfiguration []byte + +//go:embed mapping/aws/resource/grafana/aws_grafana_role_association.json +var awsGrafanaRoleAssociation []byte + +//go:embed mapping/aws/resource/es/aws_elasticsearch_domain_saml_options.json +var awsElasticsearchDomainSamlOptions []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_vpc_endpoint.json +var awsElasticsearchVpcEndpoint []byte diff --git a/src/mapping/aws/resource/aps/aws_prometheus_rule_group_namespace.json b/src/mapping/aws/resource/aps/aws_prometheus_rule_group_namespace.json new file mode 100644 index 00000000..5aa299f6 --- /dev/null +++ b/src/mapping/aws/resource/aps/aws_prometheus_rule_group_namespace.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "aps:DescribeRuleGroupsNamespace", + "aps:CreateRuleGroupsNamespace", + "aps:DeleteRuleGroupsNamespace", + "aps:PutRuleGroupsNamespace" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cognito-idp/aws_cognito_managed_user_pool_client.json b/src/mapping/aws/resource/cognito-idp/aws_cognito_managed_user_pool_client.json new file mode 100644 index 00000000..81c1387a --- /dev/null +++ b/src/mapping/aws/resource/cognito-idp/aws_cognito_managed_user_pool_client.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "cognito-idp:DescribeUserPoolClient", + "cognito-idp:CreateUserPoolClient", + "cognito-idp:DeleteUserPoolClient", + "cognito-idp:UpdateUserPoolClient" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_ebs_fast_snapshot_restore.json b/src/mapping/aws/resource/ec2/aws_ebs_fast_snapshot_restore.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_ebs_fast_snapshot_restore.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_eip_domain_name.json b/src/mapping/aws/resource/ec2/aws_eip_domain_name.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_eip_domain_name.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_instance.json b/src/mapping/aws/resource/ec2/aws_instance.json index 9a1712ca..2431ceb9 100644 --- a/src/mapping/aws/resource/ec2/aws_instance.json +++ b/src/mapping/aws/resource/ec2/aws_instance.json @@ -9,7 +9,8 @@ "ec2:RunInstances", "ec2:StopInstances", "ec2:TerminateInstances", - "ec2:DescribeNetworkInterfaces" + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeInstanceCreditSpecifications" ], "attributes": { "credit_specification": [ diff --git a/src/mapping/aws/resource/ec2/aws_main_route_table_association.json b/src/mapping/aws/resource/ec2/aws_main_route_table_association.json new file mode 100644 index 00000000..e0c12840 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_main_route_table_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ec2:AssociateRouteTable", + "ec2:DisassociateRouteTable" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_network_interface_sg_attachment.json b/src/mapping/aws/resource/ec2/aws_network_interface_sg_attachment.json new file mode 100644 index 00000000..88f12572 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_network_interface_sg_attachment.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ec2:ModifyNetworkInterfaceAttribute" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ecr/aws_ecr_account_setting.json b/src/mapping/aws/resource/ecr/aws_ecr_account_setting.json new file mode 100644 index 00000000..4f827c8d --- /dev/null +++ b/src/mapping/aws/resource/ecr/aws_ecr_account_setting.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ecr:GetAccountSetting", + "ecr:PutAccountSetting" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ecs/aws_ecs_account_setting_default.json b/src/mapping/aws/resource/ecs/aws_ecs_account_setting_default.json new file mode 100644 index 00000000..a6588c71 --- /dev/null +++ b/src/mapping/aws/resource/ecs/aws_ecs_account_setting_default.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ecs:PutAccountSettingDefault" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ecs/aws_ecs_cluster_capacity_providers.json b/src/mapping/aws/resource/ecs/aws_ecs_cluster_capacity_providers.json new file mode 100644 index 00000000..084524bb --- /dev/null +++ b/src/mapping/aws/resource/ecs/aws_ecs_cluster_capacity_providers.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "autoscaling:CreateOrUpdateTags", + "ecs:CreateCapacityProvider", + "ecs:UpdateCapacityProvider", + "ecs:DescribeCapacityProviders", + "ecs:DeleteCapacityProvider", + "ecs:ListTagsForResource" + ], + "attributes": { + "tags": [ + "ecs:TagResource", + "ecs:UntagResource" + ] + }, + "destroy": [ + "ecs:DescribeCapacityProviders", + "ecs:DeleteCapacityProvider" + ], + "modify": [ + "ecs:UpdateCapacityProvider", + "ecs:DescribeCapacityProviders", + "ecs:ListTagsForResource" + ], + "plan": [ + "ecs:DescribeCapacityProviders" + ] + } +] diff --git a/src/mapping/aws/resource/elasticache/aws_elasticache_reserved_cache_node.json b/src/mapping/aws/resource/elasticache/aws_elasticache_reserved_cache_node.json new file mode 100644 index 00000000..5278691e --- /dev/null +++ b/src/mapping/aws/resource/elasticache/aws_elasticache_reserved_cache_node.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "elasticache:DescribeReservedCacheNodes", + "elasticache:PurchaseReservedCacheNodesOffering", + "elasticache:DescribeReservedCacheNodesOfferings", + "elasticache:RemoveTagsFromResource" + ], + "attributes": { + "tags": [ + "elasticache:AddTagsToResource", + "elasticache:ListTagsForResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticache/aws_elasticache_serverless_cache.json b/src/mapping/aws/resource/elasticache/aws_elasticache_serverless_cache.json new file mode 100644 index 00000000..7a4d5351 --- /dev/null +++ b/src/mapping/aws/resource/elasticache/aws_elasticache_serverless_cache.json @@ -0,0 +1,37 @@ +[ + { + "apply": [ + "elasticache:ModifyServerlessCache", + "elasticache:DescribeServerlessCaches", + "elasticache:ListTagsForResource", + "elasticache:CreateServerlessCache", + "elasticache:DeleteServerlessCache", + "ec2:CreateTags", + "ec2:CreateVpcEndpoint" + ], + "attributes": { + "kms_key_id": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "tags": [ + "elasticache:AddTagsToResource", + "elasticache:RemoveTagsFromResource" + ] + }, + "destroy": [ + "elasticache:DeleteServerlessCache", + "elasticache:DescribeServerlessCaches", + "elasticache:ListTagsForResource" + ], + "modify": [ + "elasticache:ModifyServerlessCache", + "elasticache:DescribeServerlessCaches", + "elasticache:ListTagsForResource" + ], + "plan": [ + "elasticache:DescribeServerlessCaches", + "elasticache:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/elasticache/aws_elasticache_user_group_association.json b/src/mapping/aws/resource/elasticache/aws_elasticache_user_group_association.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/elasticache/aws_elasticache_user_group_association.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_certificate.json b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_certificate.json new file mode 100644 index 00000000..042701e6 --- /dev/null +++ b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_listener_certificate.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "elasticloadbalancing:DescribeListenerCertificates", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:RemoveListenerCertificates" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/elasticloadbalancing/aws_lb_ssl_negotiation_policy.json b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_ssl_negotiation_policy.json new file mode 100644 index 00000000..fd31edd8 --- /dev/null +++ b/src/mapping/aws/resource/elasticloadbalancing/aws_lb_ssl_negotiation_policy.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "elasticloadbalancing:DescribeSSLPolicies" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_elasticsearch_domain_saml_options.json b/src/mapping/aws/resource/es/aws_elasticsearch_domain_saml_options.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/es/aws_elasticsearch_domain_saml_options.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_elasticsearch_vpc_endpoint.json b/src/mapping/aws/resource/es/aws_elasticsearch_vpc_endpoint.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/es/aws_elasticsearch_vpc_endpoint.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/grafana/aws_grafana_role_association.json b/src/mapping/aws/resource/grafana/aws_grafana_role_association.json new file mode 100644 index 00000000..75dbcc33 --- /dev/null +++ b/src/mapping/aws/resource/grafana/aws_grafana_role_association.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "grafana:UpdatePermissions" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/grafana/aws_grafana_workspace_saml_configuration.json b/src/mapping/aws/resource/grafana/aws_grafana_workspace_saml_configuration.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/grafana/aws_grafana_workspace_saml_configuration.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_group_policy_attachments_exclusive.json b/src/mapping/aws/resource/iam/aws_iam_group_policy_attachments_exclusive.json new file mode 100644 index 00000000..3cd86ee4 --- /dev/null +++ b/src/mapping/aws/resource/iam/aws_iam_group_policy_attachments_exclusive.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam:DetachGroupPolicy", + "iam:AttachGroupPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_organizations_features.json b/src/mapping/aws/resource/iam/aws_iam_organizations_features.json new file mode 100644 index 00000000..bfa838fa --- /dev/null +++ b/src/mapping/aws/resource/iam/aws_iam_organizations_features.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam:EnableOrganizationsRootCredentialsManagement", + "iam:DisableOrganizationsRootCredentialsManagement" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_role_policy_attachments_exclusive.json b/src/mapping/aws/resource/iam/aws_iam_role_policy_attachments_exclusive.json new file mode 100644 index 00000000..317f3130 --- /dev/null +++ b/src/mapping/aws/resource/iam/aws_iam_role_policy_attachments_exclusive.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam:AttachRolePolicy", + "iam:DetachRolePolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iam/aws_iam_user_policy_attachments_exclusive.json b/src/mapping/aws/resource/iam/aws_iam_user_policy_attachments_exclusive.json new file mode 100644 index 00000000..ed0930c5 --- /dev/null +++ b/src/mapping/aws/resource/iam/aws_iam_user_policy_attachments_exclusive.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iam:DetachUserPolicy", + "iam:AttachUserPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_event_configurations.json b/src/mapping/aws/resource/iot/aws_iot_event_configurations.json new file mode 100644 index 00000000..33426525 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_event_configurations.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iot:DescribeEventConfigurations", + "iot:UpdateEventConfigurations" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_indexing_configuration.json b/src/mapping/aws/resource/iot/aws_iot_indexing_configuration.json new file mode 100644 index 00000000..e342d198 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_indexing_configuration.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iot:GetIndexingConfiguration", + "iot:UpdateIndexingConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_logging_options.json b/src/mapping/aws/resource/iot/aws_iot_logging_options.json new file mode 100644 index 00000000..b8d8233d --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_logging_options.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "iot:GetLoggingOptions", + "iot:GetV2LoggingOptions", + "iot:SetV2LoggingOptions", + "iot:SetLoggingOptions" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_policy_attachment.json b/src/mapping/aws/resource/iot/aws_iot_policy_attachment.json new file mode 100644 index 00000000..92f932ab --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_policy_attachment.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iot:AttachPolicy", + "iot:DetachPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_thing_group_membership.json b/src/mapping/aws/resource/iot/aws_iot_thing_group_membership.json new file mode 100644 index 00000000..c7a06499 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_thing_group_membership.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "iot:DescribeThingGroup", + "iot:AddThingToThingGroup", + "iot:RemoveThingFromThingGroup" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/iot/aws_iot_thing_principal_attachment.json b/src/mapping/aws/resource/iot/aws_iot_thing_principal_attachment.json new file mode 100644 index 00000000..f92e9a47 --- /dev/null +++ b/src/mapping/aws/resource/iot/aws_iot_thing_principal_attachment.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "iot:AttachThingPrincipal", + "iot:DetachThingPrincipal" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kafka/aws_msk_single_scram_secret_association.json b/src/mapping/aws/resource/kafka/aws_msk_single_scram_secret_association.json new file mode 100644 index 00000000..e4b199c7 --- /dev/null +++ b/src/mapping/aws/resource/kafka/aws_msk_single_scram_secret_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "kafka:BatchAssociateScramSecret", + "kafka:BatchDisassociateScramSecret" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kafkaconnect/aws_mskconnect_custom_plugin.json b/src/mapping/aws/resource/kafkaconnect/aws_mskconnect_custom_plugin.json new file mode 100644 index 00000000..e5b4b38d --- /dev/null +++ b/src/mapping/aws/resource/kafkaconnect/aws_mskconnect_custom_plugin.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "kafkaconnect:DeleteCustomPlugin", + "kafkaconnect:CreateCustomPlugin", + "kafkaconnect:DescribeCustomPlugin" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/kafkaconnect/aws_mskconnect_worker_configuration.json b/src/mapping/aws/resource/kafkaconnect/aws_mskconnect_worker_configuration.json new file mode 100644 index 00000000..52ab6306 --- /dev/null +++ b/src/mapping/aws/resource/kafkaconnect/aws_mskconnect_worker_configuration.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "kafkaconnect:DescribeWorkerConfiguration", + "kafkaconnect:CreateWorkerConfiguration", + "kafkaconnect:DeleteWorkerConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/memorydb/aws_memorydb_multi_region_cluster.json b/src/mapping/aws/resource/memorydb/aws_memorydb_multi_region_cluster.json new file mode 100644 index 00000000..c96eccc5 --- /dev/null +++ b/src/mapping/aws/resource/memorydb/aws_memorydb_multi_region_cluster.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "memorydb:CreateMultiRegionCluster", + "memorydb:DescribeMultiRegionClusters", + "memorydb:DeleteMultiRegionCluster", + "memorydb:UpdateMultiRegionCluster", + "memorydb:ListTags" + ], + "attributes": { + "tags": [ + "memorydb:TagResource", + "memorydb:UntagResource" + ] + }, + "destroy": [ + "memorydb:DeleteMultiRegionCluster", + "memorydb:DescribeMultiRegionClusters" + ], + "modify": [ + "memorydb:UpdateMultiRegionCluster", + "memorydb:DescribeMultiRegionClusters", + "memorydb:ListTags" + ], + "plan": [ + "memorydb:DescribeMultiRegionClusters", + "memorydb:ListTags" + ] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_attachment_accepter.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_attachment_accepter.json new file mode 100644 index 00000000..8c8dccf3 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_attachment_accepter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "networkmanager:AcceptAttachment" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_connection.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_connection.json new file mode 100644 index 00000000..62acca69 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_connection.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "networkmanager:GetConnections", + "networkmanager:CreateConnection", + "networkmanager:DeleteConnection", + "networkmanager:UpdateConnection" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_core_network_policy_attachment.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_core_network_policy_attachment.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_core_network_policy_attachment.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_connect_peer_association.json b/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_connect_peer_association.json new file mode 100644 index 00000000..7c856417 --- /dev/null +++ b/src/mapping/aws/resource/networkmanager/aws_networkmanager_transit_gateway_connect_peer_association.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "networkmanager:GetTransitGatewayConnectPeerAssociations", + "networkmanager:AssociateTransitGatewayConnectPeer", + "networkmanager:DisassociateTransitGatewayConnectPeer" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmonitor/aws_networkmonitor_monitor.json b/src/mapping/aws/resource/networkmonitor/aws_networkmonitor_monitor.json new file mode 100644 index 00000000..09b20081 --- /dev/null +++ b/src/mapping/aws/resource/networkmonitor/aws_networkmonitor_monitor.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "networkmonitor:GetMonitor", + "networkmonitor:CreateMonitor", + "networkmonitor:DeleteMonitor", + "networkmonitor:UpdateMonitor", + "networkmonitor:ListTagsForResource" + ], + "attributes": { + "tags": [ + "networkmonitor:TagResource", + "networkmonitor:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/networkmonitor/aws_networkmonitor_probe.json b/src/mapping/aws/resource/networkmonitor/aws_networkmonitor_probe.json new file mode 100644 index 00000000..2bf58722 --- /dev/null +++ b/src/mapping/aws/resource/networkmonitor/aws_networkmonitor_probe.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "networkmonitor:ListTagsForResource", + "networkmonitor:GetProbe", + "networkmonitor:CreateProbe", + "networkmonitor:DeleteProbe", + "networkmonitor:UpdateProbe" + ], + "attributes": { + "tags": [ + "networkmonitor:TagResource", + "networkmonitor:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/organizations/aws_organizations_delegated_administrator.json b/src/mapping/aws/resource/organizations/aws_organizations_delegated_administrator.json new file mode 100644 index 00000000..f846435c --- /dev/null +++ b/src/mapping/aws/resource/organizations/aws_organizations_delegated_administrator.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "organizations:RegisterDelegatedAdministrator", + "organizations:DeregisterDelegatedAdministrator" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/qldb/aws_qldb_ledger.json b/src/mapping/aws/resource/qldb/aws_qldb_ledger.json new file mode 100644 index 00000000..48cc6972 --- /dev/null +++ b/src/mapping/aws/resource/qldb/aws_qldb_ledger.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "qldb:DescribeLedger", + "qldb:CreateLedger", + "qldb:DeleteLedger", + "qldb:UpdateLedger", + "qldb:ListTagsForResource" + ], + "attributes": { + "tags": [ + "qldb:TagResource", + "qldb:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ram/aws_ram_resource_share_accepter.json b/src/mapping/aws/resource/ram/aws_ram_resource_share_accepter.json new file mode 100644 index 00000000..6a4e3d19 --- /dev/null +++ b/src/mapping/aws/resource/ram/aws_ram_resource_share_accepter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ram:AcceptResourceShareInvitation" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ram/aws_ram_sharing_with_organization.json b/src/mapping/aws/resource/ram/aws_ram_sharing_with_organization.json new file mode 100644 index 00000000..acac24ba --- /dev/null +++ b/src/mapping/aws/resource/ram/aws_ram_sharing_with_organization.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ram:EnableSharingWithAwsOrganization" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rbin/aws_rbin_rule.json b/src/mapping/aws/resource/rbin/aws_rbin_rule.json new file mode 100644 index 00000000..1502c7d1 --- /dev/null +++ b/src/mapping/aws/resource/rbin/aws_rbin_rule.json @@ -0,0 +1,38 @@ +[ + { + "apply": [ + "rbin:GetRule", + "rbin:UpdateRule", + "rbin:LockRule", + "rbin:UnlockRule", + "rbin:ListTagsForResource", + "iam:PassRole", + "rbin:CreateRule", + "rbin:DeleteRule" + ], + "attributes": { + "tags": [ + "rbin:TagResource", + "rbin:UntagResource" + ] + }, + "destroy": [ + "rbin:GetRule", + "rbin:DeleteRule", + "iam:PassRole" + ], + "modify": [ + "rbin:GetRule", + "rbin:UpdateRule", + "rbin:LockRule", + "rbin:UnlockRule", + "rbin:ListTagsForResource", + "iam:PassRole" + ], + "plan": [ + "rbin:GetRule", + "rbin:ListTagsForResource", + "iam:PassRole" + ] + } +] diff --git a/src/mapping/aws/resource/rds/aws_rds_instance_state.json b/src/mapping/aws/resource/rds/aws_rds_instance_state.json new file mode 100644 index 00000000..e4e1f863 --- /dev/null +++ b/src/mapping/aws/resource/rds/aws_rds_instance_state.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "rds:StartDBInstance", + "rds:StopDBInstance" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/resiliencehub/aws_resiliencehub_resiliency_policy.json b/src/mapping/aws/resource/resiliencehub/aws_resiliencehub_resiliency_policy.json new file mode 100644 index 00000000..57bb912d --- /dev/null +++ b/src/mapping/aws/resource/resiliencehub/aws_resiliencehub_resiliency_policy.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "resiliencehub:CreateResiliencyPolicy", + "resiliencehub:DescribeResiliencyPolicy", + "resiliencehub:UpdateResiliencyPolicy", + "resiliencehub:ListTagsForResource" + ], + "attributes": { + "tags": [ + "resiliencehub:TagResource", + "resiliencehub:UntagResource" + ] + }, + "destroy": [ + "resiliencehub:DeleteResiliencyPolicy" + ], + "modify": [ + "resiliencehub:DescribeResiliencyPolicy", + "resiliencehub:UpdateResiliencyPolicy", + "resiliencehub:ListTagsForResource" + ], + "plan": [ + "resiliencehub:DescribeResiliencyPolicy", + "resiliencehub:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/resource-groups/aws_resourcegroups_resource.json b/src/mapping/aws/resource/resource-groups/aws_resourcegroups_resource.json new file mode 100644 index 00000000..48104d41 --- /dev/null +++ b/src/mapping/aws/resource/resource-groups/aws_resourcegroups_resource.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "resource-groups:AssociateResource", + "resource-groups:DisassociateResource" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/rum/aws_rum_metrics_destination.json b/src/mapping/aws/resource/rum/aws_rum_metrics_destination.json new file mode 100644 index 00000000..b5bb702e --- /dev/null +++ b/src/mapping/aws/resource/rum/aws_rum_metrics_destination.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "rum:DeleteRumMetricsDestination", + "rum:PutRumMetricsDestination" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/securityhub/aws_securityhub_member.json b/src/mapping/aws/resource/securityhub/aws_securityhub_member.json index 202a3f84..6a1532fb 100644 --- a/src/mapping/aws/resource/securityhub/aws_securityhub_member.json +++ b/src/mapping/aws/resource/securityhub/aws_securityhub_member.json @@ -6,6 +6,9 @@ "securityhub:DeleteMembers" ], "attributes": { + "invite": [ + "securityhub:InviteMembers" + ], "tags": [] }, "destroy": [], diff --git a/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_provisioning_artifact.json b/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_provisioning_artifact.json index 47ee04c3..932b5543 100644 --- a/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_provisioning_artifact.json +++ b/src/mapping/aws/resource/servicecatalog/aws_servicecatalog_provisioning_artifact.json @@ -1,10 +1,10 @@ [ { "apply": [ + "servicecatalog:DescribeProvisioningArtifact", "servicecatalog:CreateProvisioningArtifact", "servicecatalog:DeleteProvisioningArtifact", - "servicecatalog:UpdateProvisioningArtifact", - "servicecatalog:DescribeProvisioningArtifact" + "servicecatalog:UpdateProvisioningArtifact" ], "attributes": { "tags": [] diff --git a/src/mapping/aws/resource/shield/aws_shield_application_layer_automatic_response.json b/src/mapping/aws/resource/shield/aws_shield_application_layer_automatic_response.json new file mode 100644 index 00000000..7c2679d3 --- /dev/null +++ b/src/mapping/aws/resource/shield/aws_shield_application_layer_automatic_response.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "shield:DisableApplicationLayerAutomaticResponse", + "shield:EnableApplicationLayerAutomaticResponse", + "shield:UpdateApplicationLayerAutomaticResponse" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/shield/aws_shield_drt_access_log_bucket_association.json b/src/mapping/aws/resource/shield/aws_shield_drt_access_log_bucket_association.json new file mode 100644 index 00000000..89677586 --- /dev/null +++ b/src/mapping/aws/resource/shield/aws_shield_drt_access_log_bucket_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "shield:AssociateDRTLogBucket", + "shield:DisassociateDRTLogBucket" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/shield/aws_shield_drt_access_role_arn_association.json b/src/mapping/aws/resource/shield/aws_shield_drt_access_role_arn_association.json new file mode 100644 index 00000000..5cf0a44c --- /dev/null +++ b/src/mapping/aws/resource/shield/aws_shield_drt_access_role_arn_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "shield:AssociateDRTRole", + "shield:DisassociateDRTRole" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/shield/aws_shield_protection_health_check_association.json b/src/mapping/aws/resource/shield/aws_shield_protection_health_check_association.json new file mode 100644 index 00000000..2d79810d --- /dev/null +++ b/src/mapping/aws/resource/shield/aws_shield_protection_health_check_association.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "shield:AssociateHealthCheck", + "shield:DisassociateHealthCheck" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/timestream/aws_timestreamquery_scheduled_query.json b/src/mapping/aws/resource/timestream/aws_timestreamquery_scheduled_query.json new file mode 100644 index 00000000..73389403 --- /dev/null +++ b/src/mapping/aws/resource/timestream/aws_timestreamquery_scheduled_query.json @@ -0,0 +1,31 @@ +[ + { + "apply": [ + "timestream:CreateScheduledQuery", + "timestream:DescribeScheduledQuery", + "timestream:ListTagsForResource", + "timestream:DescribeEndpoints", + "timestream:UpdateScheduledQuery", + "timestream:DeleteScheduledQuery" + ], + "attributes": { + "tags": [ + "timestream:TagResource", + "timestream:UntagResource" + ] + }, + "destroy": [ + "timestream:DeleteScheduledQuery", + "timestream:DescribeEndpoints" + ], + "modify": [ + "timestream:UpdateScheduledQuery", + "timestream:DescribeEndpoints" + ], + "plan": [ + "timestream:DescribeScheduledQuery", + "timestream:ListTagsForResource", + "timestream:DescribeEndpoints" + ] + } +] diff --git a/src/mapping/aws/resource/verified-access/aws_verifiedaccess_instance_trust_provider_attachment.json b/src/mapping/aws/resource/verified-access/aws_verifiedaccess_instance_trust_provider_attachment.json new file mode 100644 index 00000000..37c0d3f5 --- /dev/null +++ b/src/mapping/aws/resource/verified-access/aws_verifiedaccess_instance_trust_provider_attachment.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "verified-access:AllowVerifiedAccess" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_schema.json b/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_schema.json new file mode 100644 index 00000000..73ee8a38 --- /dev/null +++ b/src/mapping/aws/resource/verifiedpermissions/aws_verifiedpermissions_schema.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "verifiedpermissions:PutSchema", + "verifiedpermissions:GetSchema" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/terraform/aws/backup/aws_cognito_managed_user_pool_client.tf b/terraform/aws/backup/aws_cognito_managed_user_pool_client.tf new file mode 100644 index 00000000..36492c98 --- /dev/null +++ b/terraform/aws/backup/aws_cognito_managed_user_pool_client.tf @@ -0,0 +1 @@ +resource "aws_cognito_managed_user_pool_client" "pike" {} diff --git a/terraform/aws/backup/aws_ebs_fast_snapshot_restore.tf b/terraform/aws/backup/aws_ebs_fast_snapshot_restore.tf new file mode 100644 index 00000000..a2cc4139 --- /dev/null +++ b/terraform/aws/backup/aws_ebs_fast_snapshot_restore.tf @@ -0,0 +1 @@ +resource "aws_ebs_fast_snapshot_restore" "pike" {} diff --git a/terraform/aws/backup/aws_ecr_account_setting.tf b/terraform/aws/backup/aws_ecr_account_setting.tf new file mode 100644 index 00000000..75a9fbf8 --- /dev/null +++ b/terraform/aws/backup/aws_ecr_account_setting.tf @@ -0,0 +1 @@ +resource "aws_ecr_account_setting" "pike" {} diff --git a/terraform/aws/backup/aws_ecs_account_setting_default.tf b/terraform/aws/backup/aws_ecs_account_setting_default.tf new file mode 100644 index 00000000..cbcd302a --- /dev/null +++ b/terraform/aws/backup/aws_ecs_account_setting_default.tf @@ -0,0 +1 @@ +resource "aws_ecs_account_setting_default" "pike" {} diff --git a/terraform/aws/backup/aws_ecs_cluster_capacity_providers.tf b/terraform/aws/backup/aws_ecs_cluster_capacity_providers.tf new file mode 100644 index 00000000..74091458 --- /dev/null +++ b/terraform/aws/backup/aws_ecs_cluster_capacity_providers.tf @@ -0,0 +1 @@ +resource "aws_ecs_cluster_capacity_providers" "pike" {} diff --git a/terraform/aws/backup/aws_eip_domain_name.tf b/terraform/aws/backup/aws_eip_domain_name.tf new file mode 100644 index 00000000..df8036dc --- /dev/null +++ b/terraform/aws/backup/aws_eip_domain_name.tf @@ -0,0 +1 @@ +resource "aws_eip_domain_name" "pike" {} diff --git a/terraform/aws/backup/aws_elasticache_reserved_cache_node.tf b/terraform/aws/backup/aws_elasticache_reserved_cache_node.tf new file mode 100644 index 00000000..26dd09a7 --- /dev/null +++ b/terraform/aws/backup/aws_elasticache_reserved_cache_node.tf @@ -0,0 +1 @@ +resource "aws_elasticache_reserved_cache_node" "pike" {} diff --git a/terraform/aws/backup/aws_elasticache_serverless_cache.tf b/terraform/aws/backup/aws_elasticache_serverless_cache.tf new file mode 100644 index 00000000..f5554c74 --- /dev/null +++ b/terraform/aws/backup/aws_elasticache_serverless_cache.tf @@ -0,0 +1 @@ +resource "aws_elasticache_serverless_cache" "pike" {} diff --git a/terraform/aws/backup/aws_elasticache_user_group_association.tf b/terraform/aws/backup/aws_elasticache_user_group_association.tf new file mode 100644 index 00000000..2ee9cf34 --- /dev/null +++ b/terraform/aws/backup/aws_elasticache_user_group_association.tf @@ -0,0 +1 @@ +resource "aws_elasticache_user_group_association" "pike" {} diff --git a/terraform/aws/backup/aws_elasticsearch_domain_saml_options.tf b/terraform/aws/backup/aws_elasticsearch_domain_saml_options.tf new file mode 100644 index 00000000..67dd0142 --- /dev/null +++ b/terraform/aws/backup/aws_elasticsearch_domain_saml_options.tf @@ -0,0 +1,27 @@ +resource "aws_elasticsearch_domain" "example" { + domain_name = "example" + elasticsearch_version = "1.5" + + cluster_config { + instance_type = "r4.large.elasticsearch" + } + + snapshot_options { + automated_snapshot_start_hour = 23 + } + + tags = { + Domain = "TestDomain" + } +} + +resource "aws_elasticsearch_domain_saml_options" "example" { + domain_name = aws_elasticsearch_domain.example.domain_name + saml_options { + enabled = true + idp { + entity_id = "https://example.com" + metadata_content = file("./saml-metadata.xml") + } + } +} diff --git a/terraform/aws/backup/aws_elasticsearch_vpc_endpoint.tf b/terraform/aws/backup/aws_elasticsearch_vpc_endpoint.tf new file mode 100644 index 00000000..c3cbb7d3 --- /dev/null +++ b/terraform/aws/backup/aws_elasticsearch_vpc_endpoint.tf @@ -0,0 +1 @@ +# resource "aws_elasticsearch_vpc_endpoint" "pike" {} diff --git a/terraform/aws/backup/aws_grafana_role_association.tf b/terraform/aws/backup/aws_grafana_role_association.tf new file mode 100644 index 00000000..f4bae1b5 --- /dev/null +++ b/terraform/aws/backup/aws_grafana_role_association.tf @@ -0,0 +1,29 @@ +resource "aws_grafana_role_association" "example" { + role = "ADMIN" + user_ids = ["USER_ID_1", "USER_ID_2"] + workspace_id = aws_grafana_workspace.example.id +} + +resource "aws_grafana_workspace" "example" { + account_access_type = "CURRENT_ACCOUNT" + authentication_providers = ["SAML"] + permission_type = "SERVICE_MANAGED" + role_arn = aws_iam_role.assume.arn +} + +resource "aws_iam_role" "assume" { + name = "grafana-assume" + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Sid = "" + Principal = { + Service = "grafana.amazonaws.com" + } + }, + ] + }) +} diff --git a/terraform/aws/backup/aws_grafana_workspace_saml_configuration.tf b/terraform/aws/backup/aws_grafana_workspace_saml_configuration.tf new file mode 100644 index 00000000..3e28ca5b --- /dev/null +++ b/terraform/aws/backup/aws_grafana_workspace_saml_configuration.tf @@ -0,0 +1,29 @@ +resource "aws_grafana_workspace_saml_configuration" "example" { + editor_role_values = ["editor"] + idp_metadata_url = "https://my_idp_metadata.url" + workspace_id = aws_grafana_workspace.example.id +} + +resource "aws_grafana_workspace" "example" { + account_access_type = "CURRENT_ACCOUNT" + authentication_providers = ["SAML"] + permission_type = "SERVICE_MANAGED" + role_arn = aws_iam_role.assume.arn +} + +resource "aws_iam_role" "assume" { + name = "grafana-assume" + assume_role_policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Sid = "" + Principal = { + Service = "grafana.amazonaws.com" + } + }, + ] + }) +} diff --git a/terraform/aws/backup/aws_iam_group_policy_attachments_exclusive.tf b/terraform/aws/backup/aws_iam_group_policy_attachments_exclusive.tf new file mode 100644 index 00000000..b70aa1fd --- /dev/null +++ b/terraform/aws/backup/aws_iam_group_policy_attachments_exclusive.tf @@ -0,0 +1 @@ +resource "aws_iam_group_policy_attachments_exclusive" "pike" {} diff --git a/terraform/aws/backup/aws_iam_organizations_features.tf b/terraform/aws/backup/aws_iam_organizations_features.tf new file mode 100644 index 00000000..5054dd9b --- /dev/null +++ b/terraform/aws/backup/aws_iam_organizations_features.tf @@ -0,0 +1,6 @@ +resource "aws_iam_organizations_features" "pike" { + enabled_features = [ + "RootCredentialsManagement", + "RootSessions" + ] +} diff --git a/terraform/aws/backup/aws_iam_role_policy_attachments_exclusive.tf b/terraform/aws/backup/aws_iam_role_policy_attachments_exclusive.tf new file mode 100644 index 00000000..6175b363 --- /dev/null +++ b/terraform/aws/backup/aws_iam_role_policy_attachments_exclusive.tf @@ -0,0 +1 @@ +resource "aws_iam_role_policy_attachments_exclusive" "pike" {} diff --git a/terraform/aws/backup/aws_iam_user_policy_attachments_exclusive.tf b/terraform/aws/backup/aws_iam_user_policy_attachments_exclusive.tf new file mode 100644 index 00000000..a81b8f6a --- /dev/null +++ b/terraform/aws/backup/aws_iam_user_policy_attachments_exclusive.tf @@ -0,0 +1 @@ +resource "aws_iam_user_policy_attachments_exclusive" "pike" {} diff --git a/terraform/aws/backup/aws_iot_event_configurations.tf b/terraform/aws/backup/aws_iot_event_configurations.tf new file mode 100644 index 00000000..d9b48758 --- /dev/null +++ b/terraform/aws/backup/aws_iot_event_configurations.tf @@ -0,0 +1 @@ +resource "aws_iot_event_configurations" "pike" {} diff --git a/terraform/aws/backup/aws_iot_indexing_configuration.tf b/terraform/aws/backup/aws_iot_indexing_configuration.tf new file mode 100644 index 00000000..2230622f --- /dev/null +++ b/terraform/aws/backup/aws_iot_indexing_configuration.tf @@ -0,0 +1 @@ +resource "aws_iot_indexing_configuration" "pike" {} diff --git a/terraform/aws/backup/aws_iot_logging_options.tf b/terraform/aws/backup/aws_iot_logging_options.tf new file mode 100644 index 00000000..705e7572 --- /dev/null +++ b/terraform/aws/backup/aws_iot_logging_options.tf @@ -0,0 +1 @@ +resource "aws_iot_logging_options" "pike" {} diff --git a/terraform/aws/backup/aws_iot_policy_attachment.tf b/terraform/aws/backup/aws_iot_policy_attachment.tf new file mode 100644 index 00000000..203322ae --- /dev/null +++ b/terraform/aws/backup/aws_iot_policy_attachment.tf @@ -0,0 +1 @@ +resource "aws_iot_policy_attachment" "pike" {} diff --git a/terraform/aws/backup/aws_iot_thing_group_membership.tf b/terraform/aws/backup/aws_iot_thing_group_membership.tf new file mode 100644 index 00000000..98acb18c --- /dev/null +++ b/terraform/aws/backup/aws_iot_thing_group_membership.tf @@ -0,0 +1 @@ +resource "aws_iot_thing_group_membership" "pike" {} diff --git a/terraform/aws/backup/aws_iot_thing_principal_attachment.tf b/terraform/aws/backup/aws_iot_thing_principal_attachment.tf new file mode 100644 index 00000000..e3caa502 --- /dev/null +++ b/terraform/aws/backup/aws_iot_thing_principal_attachment.tf @@ -0,0 +1 @@ +resource "aws_iot_thing_principal_attachment" "pike" {} diff --git a/terraform/aws/backup/aws_lb_listener_certificate.tf b/terraform/aws/backup/aws_lb_listener_certificate.tf new file mode 100644 index 00000000..b75c4432 --- /dev/null +++ b/terraform/aws/backup/aws_lb_listener_certificate.tf @@ -0,0 +1 @@ +resource "aws_lb_listener_certificate" "pike" {} diff --git a/terraform/aws/backup/aws_lb_ssl_negotiation_policy.tf b/terraform/aws/backup/aws_lb_ssl_negotiation_policy.tf new file mode 100644 index 00000000..b6282ccf --- /dev/null +++ b/terraform/aws/backup/aws_lb_ssl_negotiation_policy.tf @@ -0,0 +1 @@ +resource "aws_lb_ssl_negotiation_policy" "pike" {} diff --git a/terraform/aws/backup/aws_main_route_table_association.tf b/terraform/aws/backup/aws_main_route_table_association.tf new file mode 100644 index 00000000..a1611844 --- /dev/null +++ b/terraform/aws/backup/aws_main_route_table_association.tf @@ -0,0 +1 @@ +resource "aws_main_route_table_association" "pike" {} diff --git a/terraform/aws/backup/aws_memorydb_multi_region_cluster.tf b/terraform/aws/backup/aws_memorydb_multi_region_cluster.tf new file mode 100644 index 00000000..36ea125b --- /dev/null +++ b/terraform/aws/backup/aws_memorydb_multi_region_cluster.tf @@ -0,0 +1 @@ +resource "aws_memorydb_multi_region_cluster" "pike" {} diff --git a/terraform/aws/backup/aws_msk_single_scram_secret_association.tf b/terraform/aws/backup/aws_msk_single_scram_secret_association.tf new file mode 100644 index 00000000..22e2ee77 --- /dev/null +++ b/terraform/aws/backup/aws_msk_single_scram_secret_association.tf @@ -0,0 +1 @@ +resource "aws_msk_single_scram_secret_association" "pike" {} diff --git a/terraform/aws/backup/aws_mskconnect_custom_plugin.tf b/terraform/aws/backup/aws_mskconnect_custom_plugin.tf new file mode 100644 index 00000000..5c59c50e --- /dev/null +++ b/terraform/aws/backup/aws_mskconnect_custom_plugin.tf @@ -0,0 +1 @@ +resource "aws_mskconnect_custom_plugin" "pike" {} diff --git a/terraform/aws/backup/aws_mskconnect_worker_configuration.tf b/terraform/aws/backup/aws_mskconnect_worker_configuration.tf new file mode 100644 index 00000000..e448c2c0 --- /dev/null +++ b/terraform/aws/backup/aws_mskconnect_worker_configuration.tf @@ -0,0 +1 @@ +resource "aws_mskconnect_worker_configuration" "pike" {} diff --git a/terraform/aws/backup/aws_neptune_global_cluster.tf b/terraform/aws/backup/aws_neptune_global_cluster.tf new file mode 100644 index 00000000..30ec4579 --- /dev/null +++ b/terraform/aws/backup/aws_neptune_global_cluster.tf @@ -0,0 +1,5 @@ +resource "aws_neptune_global_cluster" "pike" { + global_cluster_identifier = "global-test" + engine = "neptune" + engine_version = "1.2.0.0" +} diff --git a/terraform/aws/backup/aws_network_interface_sg_attachment.tf b/terraform/aws/backup/aws_network_interface_sg_attachment.tf new file mode 100644 index 00000000..75c3f686 --- /dev/null +++ b/terraform/aws/backup/aws_network_interface_sg_attachment.tf @@ -0,0 +1,21 @@ + + +resource "aws_instance" "instance" { + instance_type = "t2.micro" + ami = "ami-091f18e98bc129c4e" + + tags = { + type = "terraform-test-instance" + } +} + +resource "aws_security_group" "sg" { + tags = { + type = "terraform-test-security-group" + } +} + +resource "aws_network_interface_sg_attachment" "sg_attachment" { + security_group_id = aws_security_group.sg.id + network_interface_id = aws_instance.instance.primary_network_interface_id +} diff --git a/terraform/aws/backup/aws_networkmanager_attachment_accepter.tf b/terraform/aws/backup/aws_networkmanager_attachment_accepter.tf new file mode 100644 index 00000000..560b71b5 --- /dev/null +++ b/terraform/aws/backup/aws_networkmanager_attachment_accepter.tf @@ -0,0 +1 @@ +resource "aws_networkmanager_attachment_accepter" "pike" {} diff --git a/terraform/aws/backup/aws_networkmanager_connection.tf b/terraform/aws/backup/aws_networkmanager_connection.tf new file mode 100644 index 00000000..be5e0d71 --- /dev/null +++ b/terraform/aws/backup/aws_networkmanager_connection.tf @@ -0,0 +1 @@ +resource "aws_networkmanager_connection" "pike" {} diff --git a/terraform/aws/backup/aws_networkmanager_core_network_policy_attachment.tf b/terraform/aws/backup/aws_networkmanager_core_network_policy_attachment.tf new file mode 100644 index 00000000..4b7e6fa6 --- /dev/null +++ b/terraform/aws/backup/aws_networkmanager_core_network_policy_attachment.tf @@ -0,0 +1 @@ +resource "aws_networkmanager_core_network_policy_attachment" "pike" {} diff --git a/terraform/aws/backup/aws_networkmanager_transit_gateway_connect_peer_association.tf b/terraform/aws/backup/aws_networkmanager_transit_gateway_connect_peer_association.tf new file mode 100644 index 00000000..3c73189a --- /dev/null +++ b/terraform/aws/backup/aws_networkmanager_transit_gateway_connect_peer_association.tf @@ -0,0 +1 @@ +resource "aws_networkmanager_transit_gateway_connect_peer_association" "pike" {} diff --git a/terraform/aws/backup/aws_networkmonitor_monitor.tf b/terraform/aws/backup/aws_networkmonitor_monitor.tf new file mode 100644 index 00000000..36a7d472 --- /dev/null +++ b/terraform/aws/backup/aws_networkmonitor_monitor.tf @@ -0,0 +1 @@ +resource "aws_networkmonitor_monitor" "pike" {} diff --git a/terraform/aws/backup/aws_networkmonitor_probe.tf b/terraform/aws/backup/aws_networkmonitor_probe.tf new file mode 100644 index 00000000..8224664f --- /dev/null +++ b/terraform/aws/backup/aws_networkmonitor_probe.tf @@ -0,0 +1 @@ +resource "aws_networkmonitor_probe" "pike" {} diff --git a/terraform/aws/backup/aws_organizations_delegated_administrator.tf b/terraform/aws/backup/aws_organizations_delegated_administrator.tf new file mode 100644 index 00000000..aa904d7b --- /dev/null +++ b/terraform/aws/backup/aws_organizations_delegated_administrator.tf @@ -0,0 +1 @@ +resource "aws_organizations_delegated_administrator" "pike" {} diff --git a/terraform/aws/backup/aws_prometheus_rule_group_namespace.tf b/terraform/aws/backup/aws_prometheus_rule_group_namespace.tf new file mode 100644 index 00000000..da439b5f --- /dev/null +++ b/terraform/aws/backup/aws_prometheus_rule_group_namespace.tf @@ -0,0 +1 @@ +resource "aws_prometheus_rule_group_namespace" "pike" {} diff --git a/terraform/aws/backup/aws_qldb_ledger.tf b/terraform/aws/backup/aws_qldb_ledger.tf new file mode 100644 index 00000000..fd873e4f --- /dev/null +++ b/terraform/aws/backup/aws_qldb_ledger.tf @@ -0,0 +1 @@ +resource "aws_qldb_ledger" "pike" {} diff --git a/terraform/aws/backup/aws_ram_resource_share_accepter.tf b/terraform/aws/backup/aws_ram_resource_share_accepter.tf new file mode 100644 index 00000000..762144d4 --- /dev/null +++ b/terraform/aws/backup/aws_ram_resource_share_accepter.tf @@ -0,0 +1 @@ +resource "aws_ram_resource_share_accepter" "pike" {} diff --git a/terraform/aws/backup/aws_ram_sharing_with_organization.tf b/terraform/aws/backup/aws_ram_sharing_with_organization.tf new file mode 100644 index 00000000..f9ac87fa --- /dev/null +++ b/terraform/aws/backup/aws_ram_sharing_with_organization.tf @@ -0,0 +1 @@ +resource "aws_ram_sharing_with_organization" "pike" {} diff --git a/terraform/aws/backup/aws_rbin_rule.tf b/terraform/aws/backup/aws_rbin_rule.tf new file mode 100644 index 00000000..25a3b3f6 --- /dev/null +++ b/terraform/aws/backup/aws_rbin_rule.tf @@ -0,0 +1 @@ +resource "aws_rbin_rule" "pike" {} diff --git a/terraform/aws/backup/aws_rds_instance_state.tf b/terraform/aws/backup/aws_rds_instance_state.tf new file mode 100644 index 00000000..ef46800a --- /dev/null +++ b/terraform/aws/backup/aws_rds_instance_state.tf @@ -0,0 +1 @@ +resource "aws_rds_instance_state" "pike" {} diff --git a/terraform/aws/backup/aws_resiliencehub_resiliency_policy.tf b/terraform/aws/backup/aws_resiliencehub_resiliency_policy.tf new file mode 100644 index 00000000..3db6b477 --- /dev/null +++ b/terraform/aws/backup/aws_resiliencehub_resiliency_policy.tf @@ -0,0 +1 @@ +resource "aws_resiliencehub_resiliency_policy" "pike" {} diff --git a/terraform/aws/backup/aws_resourcegroups_resource.tf b/terraform/aws/backup/aws_resourcegroups_resource.tf new file mode 100644 index 00000000..cb048966 --- /dev/null +++ b/terraform/aws/backup/aws_resourcegroups_resource.tf @@ -0,0 +1 @@ +resource "aws_resourcegroups_resource" "pike" {} diff --git a/terraform/aws/backup/aws_rum_metrics_destination.tf b/terraform/aws/backup/aws_rum_metrics_destination.tf new file mode 100644 index 00000000..43ca7bd1 --- /dev/null +++ b/terraform/aws/backup/aws_rum_metrics_destination.tf @@ -0,0 +1 @@ +resource "aws_rum_metrics_destination" "pike" {} diff --git a/terraform/aws/backup/aws_securityhub_invite_accepter.tf b/terraform/aws/backup/aws_securityhub_invite_accepter.tf index 1e720a7d..a66fe8c9 100644 --- a/terraform/aws/backup/aws_securityhub_invite_accepter.tf +++ b/terraform/aws/backup/aws_securityhub_invite_accepter.tf @@ -1 +1 @@ -# resource "aws_securityhub_invite_accepter" "pike" {} +resource "aws_securityhub_invite_accepter" "pike" {} diff --git a/terraform/aws/backup/aws_securityhub_member.tf b/terraform/aws/backup/aws_securityhub_member.tf index ddd66bc4..e9b721ea 100644 --- a/terraform/aws/backup/aws_securityhub_member.tf +++ b/terraform/aws/backup/aws_securityhub_member.tf @@ -1 +1 @@ -# resource "aws_securityhub_member" "pike" {} +resource "aws_securityhub_member" "pike" {} diff --git a/terraform/aws/backup/aws_serverlessapplicationrepository_cloudformation_stack.tf b/terraform/aws/backup/aws_serverlessapplicationrepository_cloudformation_stack.tf index f7ba5c10..7390aafa 100644 --- a/terraform/aws/backup/aws_serverlessapplicationrepository_cloudformation_stack.tf +++ b/terraform/aws/backup/aws_serverlessapplicationrepository_cloudformation_stack.tf @@ -1 +1 @@ -# resource "aws_serverlessapplicationrepository_cloudformation_stack" "pike" {} +resource "aws_serverlessapplicationrepository_cloudformation_stack" "pike" {} diff --git a/terraform/aws/backup/aws_servicecatalog_provisioning_artifact.tf b/terraform/aws/backup/aws_servicecatalog_provisioning_artifact.tf index d8eec017..7b105855 100644 --- a/terraform/aws/backup/aws_servicecatalog_provisioning_artifact.tf +++ b/terraform/aws/backup/aws_servicecatalog_provisioning_artifact.tf @@ -1 +1 @@ -#resource "aws_servicecatalog_provisioning_artifact" "pike" {} +resource "aws_servicecatalog_provisioning_artifact" "pike" {} diff --git a/terraform/aws/backup/aws_shield_application_layer_automatic_response.tf b/terraform/aws/backup/aws_shield_application_layer_automatic_response.tf new file mode 100644 index 00000000..6aaf209c --- /dev/null +++ b/terraform/aws/backup/aws_shield_application_layer_automatic_response.tf @@ -0,0 +1 @@ +resource "aws_shield_application_layer_automatic_response" "pike" {} diff --git a/terraform/aws/backup/aws_shield_drt_access_log_bucket_association.tf b/terraform/aws/backup/aws_shield_drt_access_log_bucket_association.tf new file mode 100644 index 00000000..afe5c447 --- /dev/null +++ b/terraform/aws/backup/aws_shield_drt_access_log_bucket_association.tf @@ -0,0 +1 @@ +resource "aws_shield_drt_access_log_bucket_association" "pike" {} diff --git a/terraform/aws/backup/aws_shield_drt_access_role_arn_association.tf b/terraform/aws/backup/aws_shield_drt_access_role_arn_association.tf new file mode 100644 index 00000000..ffd8b5b0 --- /dev/null +++ b/terraform/aws/backup/aws_shield_drt_access_role_arn_association.tf @@ -0,0 +1 @@ +resource "aws_shield_drt_access_role_arn_association" "pike" {} diff --git a/terraform/aws/backup/aws_shield_protection_health_check_association.tf b/terraform/aws/backup/aws_shield_protection_health_check_association.tf new file mode 100644 index 00000000..1f8daf50 --- /dev/null +++ b/terraform/aws/backup/aws_shield_protection_health_check_association.tf @@ -0,0 +1 @@ +resource "aws_shield_protection_health_check_association" "pike" {} diff --git a/terraform/aws/backup/aws_timestreamquery_scheduled_query.tf b/terraform/aws/backup/aws_timestreamquery_scheduled_query.tf new file mode 100644 index 00000000..9c757464 --- /dev/null +++ b/terraform/aws/backup/aws_timestreamquery_scheduled_query.tf @@ -0,0 +1 @@ +resource "aws_timestreamquery_scheduled_query" "pike" {} diff --git a/terraform/aws/backup/aws_verifiedaccess_instance_trust_provider_attachment.tf b/terraform/aws/backup/aws_verifiedaccess_instance_trust_provider_attachment.tf new file mode 100644 index 00000000..b37b30ab --- /dev/null +++ b/terraform/aws/backup/aws_verifiedaccess_instance_trust_provider_attachment.tf @@ -0,0 +1 @@ +resource "aws_verifiedaccess_instance_trust_provider_attachment" "pike" {} diff --git a/terraform/aws/backup/aws_verifiedpermissions_schema.tf b/terraform/aws/backup/aws_verifiedpermissions_schema.tf new file mode 100644 index 00000000..3f722a16 --- /dev/null +++ b/terraform/aws/backup/aws_verifiedpermissions_schema.tf @@ -0,0 +1 @@ +resource "aws_verifiedpermissions_schema" "pike" {} diff --git a/terraform/aws/backup/aws_vpc_endpoint_connection_accepter.tf b/terraform/aws/backup/aws_vpc_endpoint_connection_accepter.tf index 1335fcc0..0631eccf 100644 --- a/terraform/aws/backup/aws_vpc_endpoint_connection_accepter.tf +++ b/terraform/aws/backup/aws_vpc_endpoint_connection_accepter.tf @@ -1 +1 @@ -# resource "aws_vpc_endpoint_connection_accepter" "pike" {} +resource "aws_vpc_endpoint_connection_accepter" "pike" {} diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf index e4f45b61..f2734eff 100644 --- a/terraform/aws/role/aws_iam_policy.basic.tf +++ b/terraform/aws/role/aws_iam_policy.basic.tf @@ -7,54 +7,46 @@ resource "aws_iam_policy" "basic" { "Sid" : "VisualEditor0", "Effect" : "Allow", "Action" : [ + "iam:EnableOrganizationsRootCredentialsManagement", + "iam:DisableOrganizationsRootCredentialsManagement", + "dynamodb:DeleteItem", "dynamodb:DescribeTable", "dynamodb:GetItem", "dynamodb:PutItem", - "ec2:CreateIpam", - "ec2:CreateIpamPool", - "ec2:CreateSecurityGroup", - "ec2:CreateVPC", - "ec2:CreateVpcEndpoint", - "ec2:DeleteIpam", - "ec2:DeleteIpamPool", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVPC", - "ec2:DeleteVpcEndpoints", - "ec2:DescribeAccountAttributes", - "ec2:DescribeIpamPools", - "ec2:DescribeIpams", - "ec2:DescribeNetworkAcls", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribePrefixLists", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", - "ec2:DescribeTags", - "ec2:DescribeVpcAttribute", - "ec2:DescribeVpcEndpointServices", - "ec2:DescribeVpcEndpoints", "ec2:DescribeVpcs", - "ec2:ModifyIpam", - "ec2:ModifyIpamPool", - "ec2:ModifyVpcAttribute", - "ec2:ModifyVpcEndpoint", - "ec2:ModifyVpcTenancy", - "ec2:RevokeSecurityGroupEgress", - # "iam:CreateServiceLinkedRole", + "ec2:GetManagedPrefixListEntries", + "grafana:CreateWorkspace", + "grafana:DeleteWorkspace", + "grafana:DescribeWorkspace", + "grafana:DescribeWorkspaceAuthentication", + "grafana:DescribeWorkspaceConfiguration", + "grafana:UpdateWorkspace", + "grafana:UpdateWorkspaceAuthentication", + "grafana:UpdateWorkspaceConfiguration", + "iam:CreateRole", + "iam:CreateServiceLinkedRole", + "iam:DeleteRole", + "iam:GetRole", + "iam:ListAttachedRolePolicies", + "iam:ListInstanceProfilesForRole", + "iam:ListRolePolicies", + "iam:PassRole", + "organizations:DescribeOrganization", "s3:DeleteObject", "s3:GetObject", "s3:ListBucket", "s3:PutObject", - "vpc-lattice:CreateServiceNetworkVpcEndpointAssociation", - "vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation", - "ec2:DescribeIpamScopes", - "ec2:AssociateSecurityGroupVpc", - "ec2:AssociateVpcCidrBlock", - "ec2:AllocateIpamPoolCidr", - "ec2:DescribeSecurityGroupVpcAssociations", - "ec2:DisassociateSecurityGroupVpc", + "sso:CreateManagedApplicationInstance", + "sso:DeleteManagedApplicationInstance", + "sso:DescribeRegisteredRegions", + "sso:GetApplicationInstance", + "sso:GetSharedSsoConfiguration", + "sso:ListApplicationInstances", - "ec2:ModifyVpcEndpointServicePermissions" + "grafana:UpdatePermissions" ], "Resource" : [