diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1f4153d5..e1bc215e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,6 +43,6 @@ jobs: run: go test ./... -coverprofile=./cover.out - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@fa9a6909dc02281d24b410b6ee3dd8c5675a2e76 # v4.3.0 + uses: codecov/codecov-action@f1b7348826d750ac29741abc9d1623d8da5dcd4f # v4.3.1 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} diff --git a/src/aws.go b/src/aws.go index 2126d245..3d5c6135 100644 --- a/src/aws.go +++ b/src/aws.go @@ -734,6 +734,27 @@ func AwsLookup(name string) interface{} { "aws_bedrockagent_agent": awsBedrockagentAgent, "aws_bedrockagent_agent_action_group": awsBedrockagentActionGroup, "aws_bedrockagent_agent_alias": awsBedrockagentAgentAlias, + "aws_datasync_agent": awsDatasyncAgent, + "aws_datasync_location_azure_blob": awsDatasyncLocationAzureBlob, + "aws_datasync_location_efs": awsDatasyncLocationEfs, + "aws_datasync_location_fsx_lustre_file_system": awsDatasyncLocationFsxLustreFileSystem, + "aws_datasync_location_fsx_ontap_file_system": awsDatasyncLocationFsxOntapFileSystem, + "aws_datasync_location_fsx_openzfs_file_system": awsDatasyncLocationFsxOpenzfsFileSystem, + "aws_datasync_location_fsx_windows_file_system": awsDatasyncLocationFsxWindowsFileSystem, + "aws_datasync_location_hdfs": awsDatasyncLocationHdfs, + "aws_datasync_location_nfs": awsDatasyncLocationNfs, + "aws_datasync_location_object_storage": awsDatasyncLocationObjectStorage, + "aws_datasync_location_s3": awsDatasyncLocationS3, + "aws_datasync_location_smb": awsDatasyncLocationSmb, + "aws_datasync_task": awsDatasyncTask, + "aws_fsx_lustre_file_system": awsFsxLustreFileSystem, + "aws_fsx_windows_file_system": awsFsxWindowsFileSystem, + "aws_fsx_backup": awsFsxBackup, + "aws_fsx_data_repository_association": awsFsxDataRepositoryAssociation, + "aws_fsx_file_cache": awsFsxFileCache, + "aws_fsx_ontap_file_system": awsFsxOntapFileSystem, + "aws_fsx_ontap_storage_virtual_machine": awsFsxOntapStorageVirtualMachine, + "aws_fsx_ontap_volume": awsFsxOntapVolume, } return TFLookup[name] diff --git a/src/coverage/aws.md b/src/coverage/aws.md index 1c9d3557..72563c5c 100644 --- a/src/coverage/aws.md +++ b/src/coverage/aws.md @@ -1,7 +1,7 @@ # todo aws -Resource percentage coverage 48.49 -Datasource percentage coverage 99.81 +Resource percentage coverage 50.33 +Datasource percentage coverage 100.00 ./resource.ps1 aws_accessanalyzer_archive_rule ./resource.ps1 aws_account_region @@ -55,6 +55,8 @@ Datasource percentage coverage 99.81 ./resource.ps1 aws_appsync_resolver ./resource.ps1 aws_appsync_type ./resource.ps1 aws_athena_prepared_statement +./resource.ps1 aws_bcmdataexports_export +./resource.ps1 aws_bedrockagent_knowledge_base ./resource.ps1 aws_chime_voice_connector ./resource.ps1 aws_chime_voice_connector_group ./resource.ps1 aws_chime_voice_connector_logging @@ -97,19 +99,6 @@ Datasource percentage coverage 99.81 ./resource.ps1 aws_customerprofiles_profile ./resource.ps1 aws_dataexchange_data_set ./resource.ps1 aws_dataexchange_revision -./resource.ps1 aws_datasync_agent -./resource.ps1 aws_datasync_location_azure_blob -./resource.ps1 aws_datasync_location_efs -./resource.ps1 aws_datasync_location_fsx_lustre_file_system -./resource.ps1 aws_datasync_location_fsx_ontap_file_system -./resource.ps1 aws_datasync_location_fsx_openzfs_file_system -./resource.ps1 aws_datasync_location_fsx_windows_file_system -./resource.ps1 aws_datasync_location_hdfs -./resource.ps1 aws_datasync_location_nfs -./resource.ps1 aws_datasync_location_object_storage -./resource.ps1 aws_datasync_location_s3 -./resource.ps1 aws_datasync_location_smb -./resource.ps1 aws_datasync_task ./resource.ps1 aws_db_instance_automated_backups_replication ./resource.ps1 aws_db_instance_role_association ./resource.ps1 aws_db_proxy @@ -243,14 +232,6 @@ Datasource percentage coverage 99.81 ./resource.ps1 aws_fis_experiment_template ./resource.ps1 aws_fms_admin_account ./resource.ps1 aws_fms_policy -./resource.ps1 aws_fsx_backup -./resource.ps1 aws_fsx_data_repository_association -./resource.ps1 aws_fsx_file_cache -./resource.ps1 aws_fsx_lustre_file_system -./resource.ps1 aws_fsx_ontap_file_system -./resource.ps1 aws_fsx_ontap_storage_virtual_machine -./resource.ps1 aws_fsx_ontap_volume -./resource.ps1 aws_fsx_windows_file_system ./resource.ps1 aws_gamelift_alias ./resource.ps1 aws_gamelift_build ./resource.ps1 aws_gamelift_fleet @@ -258,6 +239,7 @@ Datasource percentage coverage 99.81 ./resource.ps1 aws_gamelift_game_session_queue ./resource.ps1 aws_gamelift_script ./resource.ps1 aws_globalaccelerator_accelerator +./resource.ps1 aws_globalaccelerator_cross_account_attachment ./resource.ps1 aws_globalaccelerator_custom_routing_accelerator ./resource.ps1 aws_globalaccelerator_custom_routing_endpoint_group ./resource.ps1 aws_globalaccelerator_custom_routing_listener @@ -679,6 +661,7 @@ Datasource percentage coverage 99.81 ./resource.ps1 aws_transfer_user ./resource.ps1 aws_transfer_workflow ./resource.ps1 aws_verifiedaccess_instance_trust_provider_attachment +./resource.ps1 aws_verifiedpermissions_policy ./resource.ps1 aws_verifiedpermissions_policy_store ./resource.ps1 aws_verifiedpermissions_policy_template ./resource.ps1 aws_verifiedpermissions_schema diff --git a/src/coverage/google.md b/src/coverage/google.md index 1ea2d8ae..061d4b8d 100755 --- a/src/coverage/google.md +++ b/src/coverage/google.md @@ -1,7 +1,7 @@ # todo google -Resource percentage coverage 21.63 -Datasource percentage coverage 87.10 +Resource percentage coverage 21.58 +Datasource percentage coverage 86.48 ./resource.ps1 google_access_context_manager_access_level_condition ./resource.ps1 google_access_context_manager_service_perimeter_dry_run_resource @@ -221,6 +221,7 @@ Datasource percentage coverage 87.10 ./resource.ps1 google_compute_router_interface ./resource.ps1 google_compute_router_nat ./resource.ps1 google_compute_router_peer +./resource.ps1 google_compute_security_policy_rule ./resource.ps1 google_compute_service_attachment ./resource.ps1 google_compute_shared_vpc_host_project ./resource.ps1 google_compute_shared_vpc_service_project @@ -618,6 +619,7 @@ Datasource percentage coverage 87.10 ./resource.ps1 google_privateca_certificate_template_iam_binding ./resource.ps1 google_privateca_certificate_template_iam_member ./resource.ps1 google_privateca_certificate_template_iam_policy +./resource.ps1 google_privileged_access_manager_entitlement ./resource.ps1 google_project ./resource.ps1 google_project_access_approval_settings ./resource.ps1 google_project_default_service_accounts @@ -737,6 +739,8 @@ Datasource percentage coverage 87.10 ./resource.ps1 google_runtimeconfig_variable -type data ./resource.ps1 google_scc_source_iam_policy -type data ./resource.ps1 google_secure_source_manager_instance_iam_policy -type data +./resource.ps1 google_storage_bucket_objects -type data +./resource.ps1 google_storage_buckets -type data ./resource.ps1 google_tags_tag_key_iam_policy -type data ./resource.ps1 google_tags_tag_keys -type data ./resource.ps1 google_tags_tag_value -type data diff --git a/src/files.go b/src/files.go index 062e1b84..93a3186e 100644 --- a/src/files.go +++ b/src/files.go @@ -1842,3 +1842,66 @@ var awsBedrockagentActionGroup []byte //go:embed mapping/aws/resource/bedrock/aws_bedrockagent_agent_alias.json var awsBedrockagentAgentAlias []byte + +//go:embed mapping/aws/resource/datasync/aws_datasync_agent.json +var awsDatasyncAgent []byte + +//go:embed mapping/aws/resource/datasync/aws_datasync_location_azure_blob.json +var awsDatasyncLocationAzureBlob []byte + +//go:embed mapping/aws/resource/datasync/aws_datasync_location_efs.json +var awsDatasyncLocationEfs []byte + +//go:embed mapping/aws/resource/datasync/aws_datasync_location_fsx_lustre_file_system.json +var awsDatasyncLocationFsxLustreFileSystem []byte + +//go:embed mapping/aws/resource/datasync/aws_datasync_location_fsx_ontap_file_system.json +var awsDatasyncLocationFsxOntapFileSystem []byte + +//go:embed mapping/aws/resource/datasync/aws_datasync_location_fsx_openzfs_file_system.json +var awsDatasyncLocationFsxOpenzfsFileSystem []byte + +//go:embed mapping/aws/resource/datasync/aws_datasync_location_fsx_windows_file_system.json +var awsDatasyncLocationFsxWindowsFileSystem []byte + +//go:embed mapping/aws/resource/datasync/aws_datasync_location_hdfs.json +var awsDatasyncLocationHdfs []byte + +//go:embed mapping/aws/resource/datasync/aws_datasync_location_nfs.json +var awsDatasyncLocationNfs []byte + +//go:embed mapping/aws/resource/datasync/aws_datasync_location_object_storage.json +var awsDatasyncLocationObjectStorage []byte + +//go:embed mapping/aws/resource/datasync/aws_datasync_location_s3.json +var awsDatasyncLocationS3 []byte + +//go:embed mapping/aws/resource/datasync/aws_datasync_location_smb.json +var awsDatasyncLocationSmb []byte + +//go:embed mapping/aws/resource/datasync/aws_datasync_task.json +var awsDatasyncTask []byte + +//go:embed mapping/aws/resource/fsx/aws_fsx_lustre_file_system.json +var awsFsxLustreFileSystem []byte + +//go:embed mapping/aws/resource/fsx/aws_fsx_windows_file_system.json +var awsFsxWindowsFileSystem []byte + +//go:embed mapping/aws/resource/fsx/aws_fsx_backup.json +var awsFsxBackup []byte + +//go:embed mapping/aws/resource/fsx/aws_fsx_data_repository_association.json +var awsFsxDataRepositoryAssociation []byte + +//go:embed mapping/aws/resource/fsx/aws_fsx_file_cache.json +var awsFsxFileCache []byte + +//go:embed mapping/aws/resource/fsx/aws_fsx_ontap_file_system.json +var awsFsxOntapFileSystem []byte + +//go:embed mapping/aws/resource/fsx/aws_fsx_ontap_storage_virtual_machine.json +var awsFsxOntapStorageVirtualMachine []byte + +//go:embed mapping/aws/resource/fsx/aws_fsx_ontap_volume.json +var awsFsxOntapVolume []byte diff --git a/src/mapping/aws/resource/datasync/aws_datasync_agent.json b/src/mapping/aws/resource/datasync/aws_datasync_agent.json new file mode 100644 index 00000000..51a74624 --- /dev/null +++ b/src/mapping/aws/resource/datasync/aws_datasync_agent.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "datasync:UpdateAgent", + "datasync:DeleteAgent", + "datasync:CreateAgent", + "datasync:DescribeAgent" + ], + "attributes": { + "tags": [ + "datasync:TagResource", + "datasync:UntagResource" + ] + }, + "destroy": [ + "datasync:DeleteAgent" + ], + "modify": [ + "datasync:UpdateAgent" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_azure_blob.json b/src/mapping/aws/resource/datasync/aws_datasync_location_azure_blob.json new file mode 100644 index 00000000..604c182b --- /dev/null +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_azure_blob.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "datasync:UpdateLocationAzureBlob", + "datasync:CreateLocationAzureBlob", + "datasync:DescribeLocationAzureBlob" + ], + "attributes": { + "tags": [ + "datasync:TagResource", + "datasync:UntagResource" + ] + }, + "destroy": [ + "datasync:DeleteLocation" + ], + "modify": [ + "datasync:UpdateLocationAzureBlob" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_efs.json b/src/mapping/aws/resource/datasync/aws_datasync_location_efs.json new file mode 100644 index 00000000..9d45eb1f --- /dev/null +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_efs.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "datasync:DescribeLocationEfs", + "datasync:CreateLocationEfs" + ], + "attributes": { + "tags": [ + "datasync:TagResource", + "datasync:UntagResource" + ] + }, + "destroy": [ + "datasync:DeleteLocation" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_lustre_file_system.json b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_lustre_file_system.json new file mode 100644 index 00000000..2d229cd0 --- /dev/null +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_lustre_file_system.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "datasync:DescribeLocationFsxLustre", + "datasync:CreateLocationFsxLustre", + "datasync:DeleteLocation" + ], + "attributes": { + "tags": [ + "datasync:TagResource", + "datasync:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_ontap_file_system.json b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_ontap_file_system.json new file mode 100644 index 00000000..c3eab5cb --- /dev/null +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_ontap_file_system.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "datasync:DescribeLocationFsxOntap", + "datasync:CreateLocationFsxOntap", + "datasync:DeleteLocation" + ], + "attributes": { + "tags": [ + "datasync:TagResource", + "datasync:UntagResource" + ] + }, + "destroy": [ + "datasync:DeleteLocation" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_openzfs_file_system.json b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_openzfs_file_system.json new file mode 100644 index 00000000..aac33c4a --- /dev/null +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_openzfs_file_system.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "datasync:DescribeLocationFsxOpenZfs", + "datasync:CreateLocationFsxOpenZfs", + "datasync:DeleteLocation" + ], + "attributes": { + "tags": [ + "datasync:TagResource", + "datasync:UntagResource" + ] + }, + "destroy": [ + "datasync:DeleteLocation" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_windows_file_system.json b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_windows_file_system.json new file mode 100644 index 00000000..7e531166 --- /dev/null +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_fsx_windows_file_system.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "datasync:CreateLocationFsxWindows", + "datasync:DescribeLocationFsxWindows" + ], + "attributes": { + "tags": [ + "datasync:TagResource", + "datasync:UntagResource" + ] + }, + "destroy": [ + "datasync:DeleteLocation" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_hdfs.json b/src/mapping/aws/resource/datasync/aws_datasync_location_hdfs.json new file mode 100644 index 00000000..b0bccfc3 --- /dev/null +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_hdfs.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "datasync:UpdateLocationHdfs", + "datasync:CreateLocationHdfs", + "datasync:DeleteLocation", + "datasync:DescribeLocationHdfs" + ], + "attributes": { + "tags": [ + "datasync:TagResource", + "datasync:UntagResource" + ] + }, + "destroy": [ + "datasync:DeleteLocation" + ], + "modify": [ + "datasync:UpdateLocationHdfs" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_nfs.json b/src/mapping/aws/resource/datasync/aws_datasync_location_nfs.json new file mode 100644 index 00000000..9c70973b --- /dev/null +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_nfs.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "datasync:DescribeLocationNfs", + "datasync:CreateLocationNfs", + "datasync:DeleteLocation", + "datasync:UpdateLocationNfs" + ], + "attributes": { + "tags": [ + "datasync:TagResource", + "datasync:UntagResource" + ] + }, + "destroy": [ + "datasync:DeleteLocation" + ], + "modify": [ + "datasync:UpdateLocationNfs" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_object_storage.json b/src/mapping/aws/resource/datasync/aws_datasync_location_object_storage.json new file mode 100644 index 00000000..868c96ba --- /dev/null +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_object_storage.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "datasync:DescribeLocationObjectStorage", + "datasync:CreateLocationObjectStorage" + ], + "attributes": { + "tags": [ + "datasync:TagResource", + "datasync:UntagResource" + ] + }, + "destroy": [ + "datasync:DeleteLocation" + ], + "modify": [ + "datasync:UpdateLocationObjectStorage" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_s3.json b/src/mapping/aws/resource/datasync/aws_datasync_location_s3.json new file mode 100644 index 00000000..0d429abd --- /dev/null +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_s3.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "datasync:CreateLocationS3", + "datasync:DescribeLocationS3", + "datasync:DeleteLocation" + ], + "attributes": { + "tags": [ + "datasync:TagResource", + "datasync:UntagResource" + ] + }, + "destroy": [ + "datasync:DeleteLocation" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_location_smb.json b/src/mapping/aws/resource/datasync/aws_datasync_location_smb.json new file mode 100644 index 00000000..5da79a41 --- /dev/null +++ b/src/mapping/aws/resource/datasync/aws_datasync_location_smb.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "datasync:DescribeLocationSmb", + "datasync:CreateLocationSmb", + "datasync:UpdateLocationSmb", + "datasync:DeleteLocation" + ], + "attributes": { + "tags": [ + "datasync:TagResource", + "datasync:UntagResource" + ] + }, + "destroy": [ + "datasync:DeleteLocation" + ], + "modify": [ + "datasync:UpdateLocationSmb" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/datasync/aws_datasync_task.json b/src/mapping/aws/resource/datasync/aws_datasync_task.json new file mode 100644 index 00000000..8d62e453 --- /dev/null +++ b/src/mapping/aws/resource/datasync/aws_datasync_task.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "datasync:CreateTask", + "datasync:DescribeTask", + "datasync:DeleteTask", + "datasync:UpdateTask" + ], + "attributes": { + "tags": [ + "datasync:TagResource", + "datasync:UntagResource" + ] + }, + "destroy": [ + "datasync:DeleteTask" + ], + "modify": [ + "datasync:UpdateTask" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/fsx/aws_fsx_backup.json b/src/mapping/aws/resource/fsx/aws_fsx_backup.json new file mode 100644 index 00000000..794641c8 --- /dev/null +++ b/src/mapping/aws/resource/fsx/aws_fsx_backup.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "fsx:CreateBackup", + "fsx:DeleteBackup" + ], + "attributes": { + "tags": [ + "fsx:TagResource", + "fsx:UntagResource" + ] + }, + "destroy": [ + "fsx:DeleteBackup" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/fsx/aws_fsx_data_repository_association.json b/src/mapping/aws/resource/fsx/aws_fsx_data_repository_association.json new file mode 100644 index 00000000..cecf95b6 --- /dev/null +++ b/src/mapping/aws/resource/fsx/aws_fsx_data_repository_association.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "fsx:CreateDataRepositoryAssociation", + "fsx:DeleteDataRepositoryAssociation", + "fsx:UpdateDataRepositoryAssociation", + "fsx:DescribeDataRepositoryAssociations", + "iam:CreateServiceLinkedRole", + "iam:AttachRolePolicy", + "iam:PutRolePolicy" + ], + "attributes": { + "tags": [ + "fsx:TagResource", + "fsx:UntagResource" + ] + }, + "destroy": [ + "fsx:DeleteDataRepositoryAssociation" + ], + "modify": [ + "fsx:UpdateDataRepositoryAssociation" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/fsx/aws_fsx_file_cache.json b/src/mapping/aws/resource/fsx/aws_fsx_file_cache.json new file mode 100644 index 00000000..76f6bf47 --- /dev/null +++ b/src/mapping/aws/resource/fsx/aws_fsx_file_cache.json @@ -0,0 +1,28 @@ +[ + { + "apply": [ + "fsx:CreateFileCache", + "fsx:DeleteFileCache", + "fsx:UpdateFileCache", + "ec2:DescribeVpcs", + "fsx:DescribeFileCaches", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "fsx:ListTagsForResource" + ], + "attributes": { + "tags": [ + "fsx:TagResource", + "fsx:UntagResource" + ] + }, + "destroy": [ + "fsx:DeleteFileCache" + ], + "modify": [ + "fsx:UpdateFileCache" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/fsx/aws_fsx_lustre_file_system.json b/src/mapping/aws/resource/fsx/aws_fsx_lustre_file_system.json new file mode 100644 index 00000000..6bf44efa --- /dev/null +++ b/src/mapping/aws/resource/fsx/aws_fsx_lustre_file_system.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "fsx:DescribeFileSystems", + "fsx:CreateFileSystem", + "fsx:DeleteFileSystem", + "fsx:UpdateFileSystem", + "iam:CreateServiceLinkedRole", + "iam:AttachRolePolicy", + "iam:PutRolePolicy" + ], + "attributes": { + "tags": [ + "fsx:TagResource", + "fsx:UntagResource" + ] + }, + "destroy": [ + "fsx:DeleteFileSystem" + ], + "modify": [ + "fsx:UpdateFileSystem" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/fsx/aws_fsx_ontap_file_system.json b/src/mapping/aws/resource/fsx/aws_fsx_ontap_file_system.json new file mode 100644 index 00000000..6bf44efa --- /dev/null +++ b/src/mapping/aws/resource/fsx/aws_fsx_ontap_file_system.json @@ -0,0 +1,26 @@ +[ + { + "apply": [ + "fsx:DescribeFileSystems", + "fsx:CreateFileSystem", + "fsx:DeleteFileSystem", + "fsx:UpdateFileSystem", + "iam:CreateServiceLinkedRole", + "iam:AttachRolePolicy", + "iam:PutRolePolicy" + ], + "attributes": { + "tags": [ + "fsx:TagResource", + "fsx:UntagResource" + ] + }, + "destroy": [ + "fsx:DeleteFileSystem" + ], + "modify": [ + "fsx:UpdateFileSystem" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/fsx/aws_fsx_ontap_storage_virtual_machine.json b/src/mapping/aws/resource/fsx/aws_fsx_ontap_storage_virtual_machine.json new file mode 100644 index 00000000..a0c1b2af --- /dev/null +++ b/src/mapping/aws/resource/fsx/aws_fsx_ontap_storage_virtual_machine.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "fsx:CreateStorageVirtualMachine", + "fsx:DeleteStorageVirtualMachine", + "fsx:UpdateStorageVirtualMachine" + ], + "attributes": { + "tags": [ + "fsx:TagResource", + "fsx:UntagResource" + ] + }, + "destroy": [ + "fsx:DeleteStorageVirtualMachine" + ], + "modify": [ + "fsx:UpdateStorageVirtualMachine" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/fsx/aws_fsx_ontap_volume.json b/src/mapping/aws/resource/fsx/aws_fsx_ontap_volume.json new file mode 100644 index 00000000..41498f64 --- /dev/null +++ b/src/mapping/aws/resource/fsx/aws_fsx_ontap_volume.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "fsx:CreateVolume", + "fsx:DeleteVolume", + "fsx:UpdateVolume" + ], + "attributes": { + "tags": [ + "fsx:TagResource", + "fsx:UntagResource" + ] + }, + "destroy": [ + "fsx:DeleteVolume" + ], + "modify": [ + "fsx:UpdateVolume" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/fsx/aws_fsx_windows_file_system.json b/src/mapping/aws/resource/fsx/aws_fsx_windows_file_system.json new file mode 100644 index 00000000..290afc0e --- /dev/null +++ b/src/mapping/aws/resource/fsx/aws_fsx_windows_file_system.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "fsx:DescribeFileSystems", + "fsx:CreateFileSystem", + "fsx:DeleteFileSystem", + "fsx:UpdateFileSystem" + ], + "attributes": { + "tags": [ + "fsx:TagResource", + "fsx:UntagResource" + ] + }, + "destroy": [ + "fsx:DeleteFileSystem" + ], + "modify": [ + "fsx:UpdateFileSystem" + ], + "plan": [] + } +] diff --git a/terraform/aws/backup/aws_datasync_agent.tf b/terraform/aws/backup/aws_datasync_agent.tf new file mode 100644 index 00000000..e841810e --- /dev/null +++ b/terraform/aws/backup/aws_datasync_agent.tf @@ -0,0 +1,7 @@ +resource "aws_datasync_agent" "pike" { + ip_address = "1.2.3.4" + name = "example" + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_datasync_location_azure_blob.tf b/terraform/aws/backup/aws_datasync_location_azure_blob.tf new file mode 100644 index 00000000..ae71518d --- /dev/null +++ b/terraform/aws/backup/aws_datasync_location_azure_blob.tf @@ -0,0 +1,13 @@ +resource "aws_datasync_location_azure_blob" "pike" { + agent_arns = [aws_datasync_agent.pike.arn] + authentication_type = "SAS" + container_url = "https://myaccount.blob.core.windows.net/mycontainer" + + sas_configuration { + token = "sp=r&st=2023-12-20T14:54:52Z&se=2023-12-20T22:54:52Z&spr=https&sv=2021-06-08&sr=c&sig=aBBKDWQvyuVcTPH9EBp%2FXTI9E%2F%2Fmq171%2BZU178wcwqU%3D" + } + + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_datasync_location_efs.tf b/terraform/aws/backup/aws_datasync_location_efs.tf new file mode 100644 index 00000000..4b24e73a --- /dev/null +++ b/terraform/aws/backup/aws_datasync_location_efs.tf @@ -0,0 +1,20 @@ +resource "aws_datasync_location_efs" "pike" { + # The below example uses aws_efs_mount_target as a reference to ensure a mount target already exists when resource creation occurs. + # You can accomplish the same behavior with depends_on or an aws_efs_mount_target data source reference. + efs_file_system_arn = aws_efs_mount_target.pike.file_system_arn + + ec2_config { + security_group_arns = [aws_security_group.example.arn] + subnet_arn = data.aws_subnet.selected.arn + } + + tags = { + pike = "permissions" + } +} + +data "aws_subnet" "selected" { + id = data.aws_subnets.example.ids[0] +} + +resource "aws_efs_mount_target" "pike" {} diff --git a/terraform/aws/backup/aws_datasync_location_fsx_lustre_file_system.tf b/terraform/aws/backup/aws_datasync_location_fsx_lustre_file_system.tf new file mode 100644 index 00000000..a0104d0d --- /dev/null +++ b/terraform/aws/backup/aws_datasync_location_fsx_lustre_file_system.tf @@ -0,0 +1,12 @@ +resource "aws_datasync_location_fsx_lustre_file_system" "pike" { + fsx_filesystem_arn = aws_fsx_lustre_file_system.pike.arn + security_group_arns = [aws_security_group.example.arn] + + tags = { + pike = "permissions" + } +} + +resource "aws_fsx_lustre_file_system" "pike" { + subnet_ids = [data.aws_subnets.example.ids[0]] +} diff --git a/terraform/aws/backup/aws_datasync_location_fsx_ontap_file_system.tf b/terraform/aws/backup/aws_datasync_location_fsx_ontap_file_system.tf new file mode 100644 index 00000000..441ed61c --- /dev/null +++ b/terraform/aws/backup/aws_datasync_location_fsx_ontap_file_system.tf @@ -0,0 +1,16 @@ +resource "aws_datasync_location_fsx_ontap_file_system" "pike" { + fsx_filesystem_arn = aws_fsx_ontap_file_system.test.arn + security_group_arns = [aws_security_group.example.arn] + storage_virtual_machine_arn = aws_fsx_ontap_storage_virtual_machine.test.arn + + protocol { + nfs { + mount_options { + version = "NFS3" + } + } + } + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_datasync_location_fsx_openzfs_file_system.tf b/terraform/aws/backup/aws_datasync_location_fsx_openzfs_file_system.tf new file mode 100644 index 00000000..bd70c643 --- /dev/null +++ b/terraform/aws/backup/aws_datasync_location_fsx_openzfs_file_system.tf @@ -0,0 +1,29 @@ +resource "aws_datasync_location_fsx_openzfs_file_system" "pike" { + + fsx_filesystem_arn = aws_fsx_openzfs_file_system.example.arn + security_group_arns = [aws_security_group.example.arn] + + protocol { + nfs { + mount_options { + version = "AUTOMATIC" + } + } + } + + tags = { + pike = "permissions" + } +} + +resource "aws_fsx_openzfs_file_system" "example" { + storage_capacity = 64 + subnet_ids = ["subnet-09ff91b5b0adb1fd4"] + deployment_type = "SINGLE_AZ_1" + throughput_capacity = 64 + kms_key_id = "arn:aws:kms:eu-west-2:680235478471:key/34cdce9a-2322-427c-91bb-b572f435c032" + security_group_ids = ["sg-06b8c96aaccf3a2a1"] + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_datasync_location_fsx_windows_file_system.tf b/terraform/aws/backup/aws_datasync_location_fsx_windows_file_system.tf new file mode 100644 index 00000000..793a7fae --- /dev/null +++ b/terraform/aws/backup/aws_datasync_location_fsx_windows_file_system.tf @@ -0,0 +1,19 @@ +resource "aws_datasync_location_fsx_windows_file_system" "pike" { + fsx_filesystem_arn = aws_fsx_windows_file_system.pike.arn + user = "SomeUser" + password = "SuperSecretPassw0rd" + security_group_arns = [aws_security_group.example.arn] + + tags = { + pike = "permissions" + } +} + +resource "aws_security_group" "example" {} + +resource "aws_fsx_windows_file_system" "pike" { + subnet_ids = data.aws_subnets.example.ids + throughput_capacity = 8 +} + +data "aws_subnets" "example" {} diff --git a/terraform/aws/backup/aws_datasync_location_hdfs.tf b/terraform/aws/backup/aws_datasync_location_hdfs.tf new file mode 100644 index 00000000..dd8cfe66 --- /dev/null +++ b/terraform/aws/backup/aws_datasync_location_hdfs.tf @@ -0,0 +1,36 @@ +resource "aws_datasync_location_hdfs" "pike" { + agent_arns = [aws_datasync_agent.pike.arn] + authentication_type = "SIMPLE" + simple_user = "example" + + name_node { + hostname = aws_instance.example.private_dns + port = 80 + } +} + + +data "aws_ami" "ubuntu" { + most_recent = true + + filter { + name = "name" + values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } + + owners = ["099720109477"] # Canonical +} + +resource "aws_instance" "example" { + ami = data.aws_ami.ubuntu.id + instance_type = "t3.micro" + + tags = { + Name = "HelloWorld" + } +} diff --git a/terraform/aws/backup/aws_datasync_location_nfs.tf b/terraform/aws/backup/aws_datasync_location_nfs.tf new file mode 100644 index 00000000..9d58ac1c --- /dev/null +++ b/terraform/aws/backup/aws_datasync_location_nfs.tf @@ -0,0 +1,25 @@ +resource "aws_datasync_location_nfs" "source_pike" { + server_hostname = "nfs.example.com" + subdirectory = "/exported/path" + + on_prem_config { + agent_arns = [aws_datasync_agent.pike.arn] + } + + tags = { + pike = "permissions" + } +} + +resource "aws_datasync_location_nfs" "destination_pike" { + server_hostname = "nfs.example.com" + subdirectory = "/exported/path" + + on_prem_config { + agent_arns = [aws_datasync_agent.pike.arn] + } + + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_datasync_location_object_storage.tf b/terraform/aws/backup/aws_datasync_location_object_storage.tf new file mode 100644 index 00000000..5394df5f --- /dev/null +++ b/terraform/aws/backup/aws_datasync_location_object_storage.tf @@ -0,0 +1,9 @@ +resource "aws_datasync_location_object_storage" "pike" { + agent_arns = [aws_datasync_agent.pike.arn] + server_hostname = "example" + bucket_name = "example" + + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_datasync_location_s3.tf b/terraform/aws/backup/aws_datasync_location_s3.tf new file mode 100644 index 00000000..f9106374 --- /dev/null +++ b/terraform/aws/backup/aws_datasync_location_s3.tf @@ -0,0 +1,28 @@ +resource "aws_datasync_location_s3" "destination_pike" { + s3_bucket_arn = aws_s3_bucket.datasync.arn + subdirectory = "/example/prefix" + + s3_config { + bucket_access_role_arn = aws_iam_role.datasync.arn + } +} + +resource "aws_iam_role" "datasync" { + assume_role_policy = jsonencode( + { + "Version" : "2012-10-17", + "Statement" : [ + { + "Effect" : "Allow", + "Principal" : { "AWS" : "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root" }, + "Action" : "sts:AssumeRole", + } + ] + } + ) +} + +data "aws_caller_identity" "current" {} + + +resource "aws_s3_bucket" "datasync" {} diff --git a/terraform/aws/backup/aws_datasync_location_smb.tf b/terraform/aws/backup/aws_datasync_location_smb.tf new file mode 100644 index 00000000..d6582bf8 --- /dev/null +++ b/terraform/aws/backup/aws_datasync_location_smb.tf @@ -0,0 +1,13 @@ +resource "aws_datasync_location_smb" "pike" { + server_hostname = "smb.example.com" + subdirectory = "/exported/path" + + user = "Guest" + password = "ANotGreatPassword" + + agent_arns = [aws_datasync_agent.pike.arn] + + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_datasync_task.tf b/terraform/aws/backup/aws_datasync_task.tf new file mode 100644 index 00000000..4bd30f87 --- /dev/null +++ b/terraform/aws/backup/aws_datasync_task.tf @@ -0,0 +1,13 @@ +resource "aws_datasync_task" "pike" { + destination_location_arn = aws_datasync_location_s3.destination_pike.arn + name = "example" + source_location_arn = aws_datasync_location_nfs.source_pike.arn + + options { + bytes_per_second = -1 + } + + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_fsx_backup.tf b/terraform/aws/backup/aws_fsx_backup.tf new file mode 100644 index 00000000..66e3d6d7 --- /dev/null +++ b/terraform/aws/backup/aws_fsx_backup.tf @@ -0,0 +1,6 @@ +resource "aws_fsx_backup" "pike" { + file_system_id = aws_fsx_lustre_file_system.pike.id + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_fsx_data_repository_association.tf b/terraform/aws/backup/aws_fsx_data_repository_association.tf new file mode 100644 index 00000000..a0dce0e2 --- /dev/null +++ b/terraform/aws/backup/aws_fsx_data_repository_association.tf @@ -0,0 +1,33 @@ +resource "aws_s3_bucket" "example" { + bucket = "my-bucket-is-mine" + acl = "private" +} + +# resource "aws_s3_bucket_acl" "example" { +# bucket = aws_s3_bucket.example.id +# acl = "private" +# } + +resource "aws_fsx_lustre_file_system" "example" { + storage_capacity = 1200 + subnet_ids = [data.aws_subnets.example.ids[0]] + deployment_type = "PERSISTENT_2" + + per_unit_storage_throughput = 125 +} + +resource "aws_fsx_data_repository_association" "example" { + file_system_id = aws_fsx_lustre_file_system.example.id + data_repository_path = "s3://${aws_s3_bucket.example.id}" + file_system_path = "/my-bucket" + + s3 { + auto_export_policy { + events = ["NEW", "CHANGED", "DELETED"] + } + + auto_import_policy { + events = ["NEW", "CHANGED", "DELETED"] + } + } +} diff --git a/terraform/aws/backup/aws_fsx_file_cache.tf b/terraform/aws/backup/aws_fsx_file_cache.tf new file mode 100644 index 00000000..2f7d626c --- /dev/null +++ b/terraform/aws/backup/aws_fsx_file_cache.tf @@ -0,0 +1,30 @@ +resource "aws_fsx_file_cache" "example" { + + data_repository_association { + data_repository_path = "nfs://filer.domain.com" + data_repository_subdirectories = ["test", "test2"] + file_cache_path = "/ns1" + + nfs { + dns_ips = ["192.168.0.1", "192.168.0.2"] + version = "NFS3" + } + } + + file_cache_type = "LUSTRE" + file_cache_type_version = "2.12" + + lustre_configuration { + deployment_type = "CACHE_1" + metadata_configuration { + storage_capacity = 2400 + } + per_unit_storage_throughput = 1000 + weekly_maintenance_start_time = "2:05:00" + } + + subnet_ids = [data.aws_subnets.example.ids[0]] + storage_capacity = 1200 +} + +data "aws_subnets" "example" {} diff --git a/terraform/aws/backup/aws_fsx_lustre_file_system.tf b/terraform/aws/backup/aws_fsx_lustre_file_system.tf new file mode 100644 index 00000000..c39f3f40 --- /dev/null +++ b/terraform/aws/backup/aws_fsx_lustre_file_system.tf @@ -0,0 +1,5 @@ +resource "aws_fsx_lustre_file_system" "pike" { + import_path = "s3://${aws_s3_bucket.example.bucket}" + storage_capacity = 1200 + subnet_ids = [data.aws_subnets.example.ids[0]] +} diff --git a/terraform/aws/backup/aws_fsx_ontap_file_system.tf b/terraform/aws/backup/aws_fsx_ontap_file_system.tf new file mode 100644 index 00000000..271aa2a8 --- /dev/null +++ b/terraform/aws/backup/aws_fsx_ontap_file_system.tf @@ -0,0 +1,7 @@ +resource "aws_fsx_ontap_file_system" "pike" { + storage_capacity = 1024 + subnet_ids = [data.aws_subnets.example.ids[0], data.aws_subnets.example.ids[2]] + deployment_type = "MULTI_AZ_1" + throughput_capacity = 512 + preferred_subnet_id = data.aws_subnets.example.ids[0] +} diff --git a/terraform/aws/backup/aws_fsx_ontap_storage_virtual_machine.tf b/terraform/aws/backup/aws_fsx_ontap_storage_virtual_machine.tf new file mode 100644 index 00000000..fa7f77f6 --- /dev/null +++ b/terraform/aws/backup/aws_fsx_ontap_storage_virtual_machine.tf @@ -0,0 +1,7 @@ +resource "aws_fsx_ontap_storage_virtual_machine" "pike" { + file_system_id = aws_fsx_ontap_file_system.pike.id + name = "pike" + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_fsx_ontap_volume.tf b/terraform/aws/backup/aws_fsx_ontap_volume.tf new file mode 100644 index 00000000..a938f34a --- /dev/null +++ b/terraform/aws/backup/aws_fsx_ontap_volume.tf @@ -0,0 +1,7 @@ +resource "aws_fsx_ontap_volume" "pike" { + name = "test" + junction_path = "/test" + size_in_megabytes = 1024 + storage_efficiency_enabled = true + storage_virtual_machine_id = aws_fsx_ontap_storage_virtual_machine.pike.id +} diff --git a/terraform/aws/backup/aws_fsx_windows_file_system.tf b/terraform/aws/backup/aws_fsx_windows_file_system.tf new file mode 100644 index 00000000..62b37007 --- /dev/null +++ b/terraform/aws/backup/aws_fsx_windows_file_system.tf @@ -0,0 +1,6 @@ +resource "aws_fsx_windows_file_system" "pike" { + storage_capacity = 64 + subnet_ids = [data.aws_subnets.example.ids[0]] + deployment_type = "SINGLE_AZ_1" + throughput_capacity = 64 +} diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf index 8ab22414..c09c1fe3 100644 --- a/terraform/aws/role/aws_iam_policy.basic.tf +++ b/terraform/aws/role/aws_iam_policy.basic.tf @@ -7,22 +7,92 @@ resource "aws_iam_policy" "basic" { "Sid" : "0", "Effect" : "Allow", "Action" : [ - //aws_bedrock_provisioned_model_throughput - "bedrock:CreateProvisionedModelThroughput", - "bedrock:UpdateProvisionedModelThroughput", - "bedrock:DeleteProvisionedModelThroughput", - "bedrock:GetProvisionedModelThroughput", + //backup + "fsx:CreateBackup", + "fsx:DeleteBackup", + "fsx:TagResource", + "fsx:UntagResource", - //aws_bedrock_model_invocation_logging_configuration - "bedrock:PutModelInvocationLoggingConfiguration", - "bedrock:DeleteModelInvocationLoggingConfiguration", - "bedrock:GetModelInvocationLoggingConfiguration", + //aws_fsx_lustre_file_system & aws_fsx_windows_file_system + "fsx:DescribeFileSystems", + "fsx:CreateFileSystem", + "fsx:DeleteFileSystem", + "fsx:UpdateFileSystem", + "fsx:TagResource", + "fsx:UntagResource", - //aws_bedrock_custom_model - "bedrock:CreateModelCustomizationJob", - "bedrock:GetModelCustomizationJob", + //cache + "fsx:CreateFileCache", + "fsx:DeleteFileCache", + "fsx:UpdateFileCache", + "ec2:DescribeVpcs", + "fsx:DescribeFileCaches", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "fsx:ListTagsForResource", + "fsx:TagResource", + "fsx:UntagResource", + //aws_fsx_data_repository_association + "fsx:CreateDataRepositoryAssociation", + "fsx:DeleteDataRepositoryAssociation", + "fsx:UpdateDataRepositoryAssociation", + "fsx:DescribeDataRepositoryAssociations", + "fsx:TagResource", + "fsx:UntagResource", + "iam:CreateServiceLinkedRole", + "iam:AttachRolePolicy", + "iam:PutRolePolicy", + + //lustre + "iam:CreateServiceLinkedRole", + "iam:AttachRolePolicy", + "iam:PutRolePolicy", + "fsx:TagResource", + "fsx:UntagResource", + + //storage + "fsx:CreateStorageVirtualMachine", + "fsx:DeleteStorageVirtualMachine", + "fsx:UpdateStorageVirtualMachine", + "fsx:TagResource", + "fsx:UntagResource", + + //volume + "fsx:CreateVolume", + "fsx:DeleteVolume", + "fsx:UpdateVolume", + "fsx:TagResource", + "fsx:UntagResource", + + "ec2:DescribeSubnets", + "dynamodb:DeleteItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", + "dynamodb:PutItem", + "ec2:CreateSecurityGroup", + "ec2:CreateTags", + "ec2:DeleteSecurityGroup", + "ec2:DeleteTags", + "ec2:DescribeAccountAttributes", + "ec2:DescribeImages", + "ec2:DescribeInstanceAttribute", + "ec2:DescribeInstanceCreditSpecifications", + "ec2:DescribeInstanceTypes", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVolumes", + "ec2:ModifyInstanceAttribute", + "ec2:RevokeSecurityGroupEgress", + "ec2:RunInstances", + "ec2:StartInstances", + "ec2:StopInstances", + "ec2:TerminateInstances", "iam:CreateRole", "iam:DeleteRole", "iam:DeleteRolePolicy", @@ -32,7 +102,6 @@ resource "aws_iam_policy" "basic" { "iam:ListInstanceProfilesForRole", "iam:ListRolePolicies", "iam:PutRolePolicy", - "s3:CreateBucket", "s3:DeleteBucket", "s3:DeleteObject", @@ -54,8 +123,7 @@ resource "aws_iam_policy" "basic" { "s3:ListBucket", "s3:PutBucketPolicy", "s3:PutObject", - - + "s3:PutBucketAcl", ], "Resource" : "*", }