aws weekly update

.github/workflows/codeql-analysis.yml

@@ -43,7 +43,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@08bc0cf022445eacafaa248bf48da20f26b8fd40 # codeql-bundle-v2.20.4
+        uses: github/codeql-action/init@1bb15d06a6fbb5d9d9ffd228746bf8ee208caec8 # codeql-bundle-v2.20.5
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -57,7 +57,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@08bc0cf022445eacafaa248bf48da20f26b8fd40 # codeql-bundle-v2.20.4
+        uses: github/codeql-action/autobuild@1bb15d06a6fbb5d9d9ffd228746bf8ee208caec8 # codeql-bundle-v2.20.5
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -70,4 +70,4 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@08bc0cf022445eacafaa248bf48da20f26b8fd40 # codeql-bundle-v2.20.4
+        uses: github/codeql-action/analyze@1bb15d06a6fbb5d9d9ffd228746bf8ee208caec8 # codeql-bundle-v2.20.5

.github/workflows/pr.yml

@@ -12,7 +12,7 @@ jobs:
         with:
           go-version: 1.23.x
       - name: Restore cache
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }}
@@ -37,7 +37,7 @@ jobs:
         with:
           go-version: ${{ matrix.go-version }}
       - name: Restore cache
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@0c907a75c2c80ebcb7f088228285e798b750cf8f # v4.2.1
         with:
           path: ~/go/pkg/mod
           key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }}

src/aws.go

@@ -1497,6 +1497,8 @@ var tFLookup = map[string]interface{}{ //nolint:gochecknoglobals
 	"aws_xray_sampling_rule":                                           awsXraySamplingRule,
 	"backend":                                                          s3backend,
 	"aws_cloudwatch_contributor_insight_rule":                          awsCloudwatchContributorInsightRule,
+	"aws_cloudwatch_contributor_managed_insight_rule":                  awsCloudwatchContributorManagedInsightRule,
+	"aws_qbusiness_application":                                        awsQbusinessApplication,
 }
 
 // GetAWSPermissions for AWS resources.

src/aws_datasource.go

@@ -586,6 +586,7 @@ var tFLookupDataAWS = map[string]interface{}{
 	"aws_ecs_clusters":                                                      dataAwsEcsClusters,
 	"aws_vpc_ipam":                                                          dataAwsVpcIpam,
 	"aws_vpc_ipams":                                                         dataAwsVpcIpam,
+	"aws_cloudwatch_contributor_managed_insight_rules":                      dataAwsCloudwatchContributorManagedInsightRules,
 }
 
 // GetAWSDataPermissions gets permissions required for datasource's.

src/coverage/aws.md

@@ -1,4 +1,4 @@
 # todo aws
 
-Resource percentage coverage   100.00
-Datasource percentage coverage 100.00
+Resource percentage coverage   99.86
+Datasource percentage coverage 99.83

src/files_aws.go

@@ -789,3 +789,9 @@ var awsElasticsearchVpcEndpoint []byte
 
 //go:embed mapping/aws/resource/cloudwatch/aws_cloudwatch_contributor_insight_rule.json
 var awsCloudwatchContributorInsightRule []byte
+
+//go:embed mapping/aws/resource/cloudwatch/aws_cloudwatch_contributor_managed_insight_rule.json
+var awsCloudwatchContributorManagedInsightRule []byte
+
+//go:embed mapping/aws/resource/qbusiness/aws_qbusiness_application.json
+var awsQbusinessApplication []byte

src/files_datasource.go

@@ -1554,3 +1554,6 @@ var dataAwsEcsClusters []byte
 
 //go:embed  mapping/aws/data/ec2/aws_vpc_ipam.json
 var dataAwsVpcIpam []byte
+
+//go:embed  mapping/aws/data/cloudwatch/aws_cloudwatch_contributor_managed_insight_rules.json
+var dataAwsCloudwatchContributorManagedInsightRules []byte

src/mapping/aws/data/cloudwatch/aws_cloudwatch_contributor_managed_insight_rules.json

@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "cloudwatch:ListManagedInsightRules"
+    ]
+  }
+]

src/mapping/aws/resource/cloudwatch/aws_cloudwatch_contributor_managed_insight_rule.json

@@ -0,0 +1,16 @@
+[
+  {
+    "apply": [
+      "cloudwatch:ListManagedInsightRules",
+      "cloudwatch:ListTagsForResource",
+      "cloudwatch:DeleteInsightRules",
+      "cloudwatch:PutManagedInsightRules"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/qbusiness/aws_qbusiness_application.json

@@ -0,0 +1,16 @@
+[
+  {
+    "apply": [
+      "qbusiness:GetApplication",
+      "qbusiness:CreateApplication",
+      "qbusiness:DeleteApplication",
+      "qbusiness:UpdateApplication"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

terraform/aws/backup/aws_cloudwatch_contributor_managed_insight_rule.tf

@@ -0,0 +1,5 @@
+resource "aws_cloudwatch_contributor_managed_insight_rule" "pike" {
+  resource_arn  = "arn:aws:logs:eu-west-2:680235478471:log-group:/aws/connect/pike2"
+  template_name = "VpcEndpointService-BytesByEndpointId-v2"
+  # rule_state    = "DISABLED"
+}

terraform/aws/backup/aws_qbusiness_application.tf

@@ -0,0 +1,9 @@
+resource "aws_qbusiness_application" "pike" {
+  display_name                 = "pike"
+  iam_service_role_arn         = aws_iam_role.example.arn
+  identity_center_instance_arn = tolist(data.aws_ssoadmin_instances.example.arns)[0]
+
+  attachments_configuration {
+    attachments_control_mode = "ENABLED"
+  }
+}

terraform/aws/backup/data.aws_cloudwatch_contributor_managed_insight_rules.tf

@@ -0,0 +1,7 @@
+data "aws_cloudwatch_contributor_managed_insight_rules" "pike" {
+  resource_arn = "arn:aws:ec2:us-west-2:680235478471:resource-name/resourceid"
+}
+
+output "aws_cloudwatch_contributor_managed_insight_rules" {
+  value = data.aws_cloudwatch_contributor_managed_insight_rules.pike
+}

terraform/aws/role/aws_iam_policy.basic.tf

@@ -7,14 +7,18 @@ resource "aws_iam_policy" "basic" {
         "Sid" : "VisualEditor0",
         "Effect" : "Allow",
         "Action" : [
-          "cloudwatch:PutInsightRule",
-          "cloudwatch:DescribeInsightRules",
+          # "cloudwatch:PutInsightRule",
+          # "cloudwatch:DescribeInsightRules",
+          # "cloudwatch:ListTagsForResource",
+          # "cloudwatch:DeleteInsightRules",
+          # //,
+          #
+          # "cloudwatch:TagResource",
+          # "cloudwatch:UntagResource"
+          "cloudwatch:ListManagedInsightRules",
           "cloudwatch:ListTagsForResource",
           "cloudwatch:DeleteInsightRules",
-          //,
-
-          "cloudwatch:TagResource",
-          "cloudwatch:UntagResource"
+          "cloudwatch:PutManagedInsightRules"
         ],
         "Resource" : [
           "*"