aws resources

src/aws.go

@@ -1212,6 +1212,28 @@ var tFLookup = map[string]interface{}{ //nolint:gochecknoglobals
 	"aws_securitylake_custom_log_source":                               awsSecuritylakeCustomLogSource,
 	"aws_transfer_access":                                              awsTransferAccess,
 	"aws_transfer_tag":                                                 awsTransferTag,
+	"aws_detective_member":                                             awsDetectiveMember,
+	"aws_detective_organization_configuration":                         awsDetectiveOrganizationConfiguration,
+	"aws_eks_access_policy_association":                                awsEksAccessPolicyAssociation,
+	"aws_emrcontainers_job_template":                                   awsEmrcontainersJobTemplate,
+	"aws_fms_admin_account":                                            awsFmsAdminAccount,
+	"aws_glue_catalog_table_optimizer":                                 awsGlueCatalogTableOptimizer,
+	"aws_glue_partition_index":                                         awsGluePartitionIndex,
+	"aws_grafana_license_association":                                  awsGrafanaLicenseAssociation,
+	"aws_grafana_workspace_service_account":                            awsGrafanaWorkspaceServiceAccount,
+	"aws_grafana_workspace_service_account_token":                      awsGrafanaWorkspaceServiceAccountToken,
+	"aws_internet_gateway_attachment":                                  awsInternetGatewayAttachment,
+	"aws_kendra_experience":                                            awsKendraExperience,
+	"aws_kendra_query_suggestions_block_list":                          awsKendraQuerySuggestionsBlockList,
+	"aws_kendra_thesaurus":                                             awsKendraThesaurus,
+	"aws_prometheus_alert_manager_definition":                          awsPrometheusAlertManagerDefinition,
+	"aws_prometheus_scraper":                                           awsPrometheusScraper,
+	"aws_prometheus_workspace":                                         awsPrometheusWorkspace,
+	"aws_rds_certificate":                                              awsRdsCertificate,
+	"aws_rds_cluster_snapshot_copy":                                    awsRdsClusterSnapshotCopy,
+	"aws_rds_custom_db_engine_version":                                 awsRdsCustomDbEngineVersion,
+	"aws_rds_export_task":                                              awsRdsExportTask,
+	"aws_rds_reserved_instance":                                        awsRdsReservedInstance,
 }
 
 // GetAWSPermissions for AWS resources.

src/coverage/aws.md

@@ -1,13 +1,11 @@
 # todo aws
 
-Resource percentage coverage   80.94
+Resource percentage coverage   82.43
 Datasource percentage coverage 100.00
 
 ./resource.ps1 aws_cognito_managed_user_pool_client
 ./resource.ps1 aws_dataexchange_data_set
 ./resource.ps1 aws_dataexchange_revision
-./resource.ps1 aws_detective_member
-./resource.ps1 aws_detective_organization_configuration
 ./resource.ps1 aws_devicefarm_device_pool
 ./resource.ps1 aws_devicefarm_instance_profile
 ./resource.ps1 aws_devicefarm_network_profile
@@ -61,29 +59,21 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_ecs_account_setting_default
 ./resource.ps1 aws_ecs_cluster_capacity_providers
 ./resource.ps1 aws_eip_domain_name
-./resource.ps1 aws_eks_access_policy_association
 ./resource.ps1 aws_elasticache_reserved_cache_node
 ./resource.ps1 aws_elasticache_serverless_cache
 ./resource.ps1 aws_elasticache_user_group_association
 ./resource.ps1 aws_elasticsearch_domain_saml_options
 ./resource.ps1 aws_elasticsearch_vpc_endpoint
 ./resource.ps1 aws_elastictranscoder_pipeline
 ./resource.ps1 aws_elastictranscoder_preset
-./resource.ps1 aws_emrcontainers_job_template
 ./resource.ps1 aws_finspace_kx_cluster
 ./resource.ps1 aws_finspace_kx_database
 ./resource.ps1 aws_finspace_kx_dataview
 ./resource.ps1 aws_finspace_kx_scaling_group
 ./resource.ps1 aws_finspace_kx_user
 ./resource.ps1 aws_finspace_kx_volume
-./resource.ps1 aws_fms_admin_account
-./resource.ps1 aws_glue_catalog_table_optimizer
-./resource.ps1 aws_glue_partition_index
-./resource.ps1 aws_grafana_license_association
 ./resource.ps1 aws_grafana_role_association
 ./resource.ps1 aws_grafana_workspace_saml_configuration
-./resource.ps1 aws_grafana_workspace_service_account
-./resource.ps1 aws_grafana_workspace_service_account_token
 ./resource.ps1 aws_guardduty_detector_feature
 ./resource.ps1 aws_guardduty_invite_accepter
 ./resource.ps1 aws_guardduty_organization_admin_account
@@ -94,16 +84,12 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_iam_organizations_features
 ./resource.ps1 aws_iam_role_policy_attachments_exclusive
 ./resource.ps1 aws_iam_user_policy_attachments_exclusive
-./resource.ps1 aws_internet_gateway_attachment
 ./resource.ps1 aws_iot_event_configurations
 ./resource.ps1 aws_iot_indexing_configuration
 ./resource.ps1 aws_iot_logging_options
 ./resource.ps1 aws_iot_policy_attachment
 ./resource.ps1 aws_iot_thing_group_membership
 ./resource.ps1 aws_iot_thing_principal_attachment
-./resource.ps1 aws_kendra_experience
-./resource.ps1 aws_kendra_query_suggestions_block_list
-./resource.ps1 aws_kendra_thesaurus
 ./resource.ps1 aws_kinesis_analytics_application
 ./resource.ps1 aws_kinesisanalyticsv2_application_snapshot
 ./resource.ps1 aws_lakeformation_lf_tag
@@ -196,20 +182,12 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_pinpointsmsvoicev2_configuration_set
 ./resource.ps1 aws_pinpointsmsvoicev2_opt_out_list
 ./resource.ps1 aws_pinpointsmsvoicev2_phone_number
-./resource.ps1 aws_prometheus_alert_manager_definition
 ./resource.ps1 aws_prometheus_rule_group_namespace
-./resource.ps1 aws_prometheus_scraper
-./resource.ps1 aws_prometheus_workspace
 ./resource.ps1 aws_qldb_ledger
 ./resource.ps1 aws_ram_resource_share_accepter
 ./resource.ps1 aws_ram_sharing_with_organization
 ./resource.ps1 aws_rbin_rule
-./resource.ps1 aws_rds_certificate
-./resource.ps1 aws_rds_cluster_snapshot_copy
-./resource.ps1 aws_rds_custom_db_engine_version
-./resource.ps1 aws_rds_export_task
 ./resource.ps1 aws_rds_instance_state
-./resource.ps1 aws_rds_reserved_instance
 ./resource.ps1 aws_redshift_cluster_snapshot
 ./resource.ps1 aws_redshift_data_share_authorization
 ./resource.ps1 aws_redshift_data_share_consumer_association

src/files.go

@@ -3420,3 +3420,69 @@ var awsTransferAccess []byte
 
 //go:embed mapping/aws/resource/transfer/aws_transfer_tag.json
 var awsTransferTag []byte
+
+//go:embed mapping/aws/resource/detective/aws_detective_member.json
+var awsDetectiveMember []byte
+
+//go:embed mapping/aws/resource/detective/aws_detective_organization_configuration.json
+var awsDetectiveOrganizationConfiguration []byte
+
+//go:embed mapping/aws/resource/eks/aws_eks_access_policy_association.json
+var awsEksAccessPolicyAssociation []byte
+
+//go:embed mapping/aws/resource/elasticmapreduce/aws_emrcontainers_job_template.json
+var awsEmrcontainersJobTemplate []byte
+
+//go:embed mapping/aws/resource/fms/aws_fms_admin_account.json
+var awsFmsAdminAccount []byte
+
+//go:embed mapping/aws/resource/glue/aws_glue_catalog_table_optimizer.json
+var awsGlueCatalogTableOptimizer []byte
+
+//go:embed mapping/aws/resource/glue/aws_glue_partition_index.json
+var awsGluePartitionIndex []byte
+
+//go:embed mapping/aws/resource/grafana/aws_grafana_license_association.json
+var awsGrafanaLicenseAssociation []byte
+
+//go:embed mapping/aws/resource/grafana/aws_grafana_workspace_service_account.json
+var awsGrafanaWorkspaceServiceAccount []byte
+
+//go:embed mapping/aws/resource/grafana/aws_grafana_workspace_service_account_token.json
+var awsGrafanaWorkspaceServiceAccountToken []byte
+
+//go:embed mapping/aws/resource/ec2/aws_internet_gateway_attachment.json
+var awsInternetGatewayAttachment []byte
+
+//go:embed mapping/aws/resource/kendra/aws_kendra_experience.json
+var awsKendraExperience []byte
+
+//go:embed mapping/aws/resource/kendra/aws_kendra_query_suggestions_block_list.json
+var awsKendraQuerySuggestionsBlockList []byte
+
+//go:embed mapping/aws/resource/kendra/aws_kendra_thesaurus.json
+var awsKendraThesaurus []byte
+
+//go:embed mapping/aws/resource/aps/aws_prometheus_alert_manager_definition.json
+var awsPrometheusAlertManagerDefinition []byte
+
+//go:embed mapping/aws/resource/aps/aws_prometheus_scraper.json
+var awsPrometheusScraper []byte
+
+//go:embed mapping/aws/resource/aps/aws_prometheus_workspace.json
+var awsPrometheusWorkspace []byte
+
+//go:embed mapping/aws/resource/rds/aws_rds_certificate.json
+var awsRdsCertificate []byte
+
+//go:embed mapping/aws/resource/rds/aws_rds_cluster_snapshot_copy.json
+var awsRdsClusterSnapshotCopy []byte
+
+//go:embed mapping/aws/resource/rds/aws_rds_custom_db_engine_version.json
+var awsRdsCustomDbEngineVersion []byte
+
+//go:embed mapping/aws/resource/rds/aws_rds_export_task.json
+var awsRdsExportTask []byte
+
+//go:embed mapping/aws/resource/rds/aws_rds_reserved_instance.json
+var awsRdsReservedInstance []byte

src/mapping/aws/resource/aps/aws_prometheus_alert_manager_definition.json

@@ -0,0 +1,26 @@
+[
+  {
+    "apply": [
+      "aps:CreateAlertManagerDefinition",
+      "aps:DescribeAlertManagerDefinition",
+      "aps:ListTagsForResource"
+    ],
+    "attributes": {
+      "tags": [
+        "aps:TagResource",
+        "aps:UntagResource"
+      ]
+    },
+    "destroy": [
+      "aps:DeleteAlertManagerDefinition"
+    ],
+    "modify": [
+      "aps:CreateAlertManagerDefinition",
+      "aps:PutAlertManagerDefinition",
+      "aps:DeleteAlertManagerDefinition"
+    ],
+    "plan": [
+      "aps:DescribeAlertManagerDefinition"
+    ]
+  }
+]

src/mapping/aws/resource/aps/aws_prometheus_scraper.json

@@ -0,0 +1,46 @@
+[
+  {
+    "apply": [
+      "aps:CreateScraper",
+      "aps:DeleteScraper",
+      "aps:DescribeScraper",
+      "aps:DescribeWorkspace",
+      "aps:ListTagsForResource",
+      "aps:UpdateScraper",
+      "ec2:DescribeSecurityGroups",
+      "ec2:DescribeSubnets",
+      "eks:AssociateAccessPolicy",
+      "eks:CreateAccessEntry",
+      "eks:DescribeCluster",
+      "iam:CreateServiceLinkedRole",
+      "iam:DeleteServiceLinkedRole"
+    ],
+    "attributes": {
+      "tags": [
+        "aps:TagResource",
+        "aps:UntagResource"
+      ]
+    },
+    "destroy": [
+      "aps:DeleteScraper",
+      "aps:DescribeScraper",
+      "aps:DescribeWorkspace",
+      "eks:AssociateAccessPolicy",
+      "eks:DescribeCluster",
+      "ec2:DescribeSubnets",
+      "ec2:DescribeSecurityGroups",
+      "iam:DeleteServiceLinkedRole"
+    ],
+    "modify": [
+      "aps:CreateScraper",
+      "aps:DescribeScraper",
+      "aps:UpdateScraper",
+      "aps:DescribeWorkspace",
+      "aps:ListTagsForResource"
+    ],
+    "plan": [
+      "aps:DescribeScraper",
+      "aps:ListTagsForResource"
+    ]
+  }
+]

src/mapping/aws/resource/aps/aws_prometheus_workspace.json

@@ -0,0 +1,45 @@
+[
+  {
+    "apply": [
+      "aps:CreateWorkspace",
+      "aps:DescribeWorkspace",
+      "aps:ListTagsForResource"
+    ],
+    "attributes": {
+      "kms_key_arn": [
+        "kms:CreateGrant",
+        "kms:Decrypt",
+        "kms:GenerateDataKey"
+      ],
+      "logging-configuration": [
+        "aps:CreateLoggingConfiguration",
+        "aps:DeleteLoggingConfiguration",
+        "aps:DescribeLoggingConfiguration",
+        "aps:UpdateLoggingConfiguration",
+        "logs:CreateLogDelivery",
+        "logs:DeleteLogDelivery",
+        "logs:GetLogDelivery",
+        "logs:ListLogDeliveries",
+        "logs:PutResourcePolicy",
+        "logs:UpdateLogDelivery"
+      ],
+      "tags": [
+        "aps:TagResource",
+        "aps:UntagResource"
+      ]
+    },
+    "destroy": [
+      "aps:DeleteWorkspace",
+      "aps:DescribeWorkspace"
+    ],
+    "modify": [
+      "aps:UpdateWorkspaceAlias",
+      "aps:DescribeWorkspace",
+      "aps:ListTagsForResource"
+    ],
+    "plan": [
+      "aps:DescribeWorkspace",
+      "aps:ListTagsForResource"
+    ]
+  }
+]

src/mapping/aws/resource/detective/aws_detective_member.json

@@ -0,0 +1,15 @@
+[
+  {
+    "apply": [
+      "detective:GetMembers",
+      "detective:CreateMembers",
+      "detective:DeleteMembers"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/detective/aws_detective_organization_configuration.json

@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "detective:DescribeOrganizationConfiguration",
+      "detective:UpdateOrganizationConfiguration"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/ec2/aws_internet_gateway_attachment.json

@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "ec2:AttachInternetGateway",
+      "ec2:DetachInternetGateway"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/eks/aws_eks_access_policy_association.json

@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "eks:DisassociateAccessPolicy",
+      "eks:AssociateAccessPolicy"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/elasticmapreduce/aws_emrcontainers_job_template.json

@@ -0,0 +1,15 @@
+[
+  {
+    "apply": [
+      "emr-containers:DescribeJobTemplate",
+      "emr-containers:CreateJobTemplate",
+      "emr-containers:DeleteJobTemplate"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/fms/aws_fms_admin_account.json

@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "fms:AssociateAdminAccount",
+      "fms:DisassociateAdminAccount"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]