data sources

src/aws_data_source.go

@@ -6,25 +6,33 @@ import "log"
 func GetAWSDataPermissions(result ResourceV2) []string {
 
 	TFLookup := map[string]interface{}{
-		"aws_vpcs":                            dataAwsVpcs,
-		"aws_subnet_ids":                      dataAwsSubnetIds,
-		"aws_subnet":                          dataAwsSubnetIds,
-		"aws_subnets":                         dataAwsSubnetIds,
-		"aws_ami":                             dataAwsAmi,
-		"aws_iam_policy":                      dataAwsIamPolicy,
-		"aws_iam_role":                        dataAwsIamRole,
-		"aws_s3_bucket":                       dataAwsS3Bucket,
-		"aws_vpc":                             dataAwsVpc,
-		"aws_availability_zones":              dataAwsAvailabilityZones,
-		"aws_caller_identity":                 placeholder,
-		"aws_iam_policy_document":             placeholder,
-		"aws_region":                          placeholder,
-		"aws_canonical_user_id":               placeholder,
-		"aws_route53_traffic_policy_document": placeholder,
-		"aws_cloudtrail_service_account":      placeholder,
-		"aws_inspector_rules_packages":        dataAwsInspectorRulesPackages,
-		"aws_route53_zone":                    dataAwsRoute53Zone,
-		"aws_kms_ciphertext":                  dataAwsKmsCiphertext,
+		"aws_vpcs":                             dataAwsVpcs,
+		"aws_subnet_ids":                       dataAwsSubnetIds,
+		"aws_subnet":                           dataAwsSubnetIds,
+		"aws_subnets":                          dataAwsSubnetIds,
+		"aws_ami":                              dataAwsAmi,
+		"aws_iam_policy":                       dataAwsIamPolicy,
+		"aws_iam_role":                         dataAwsIamRole,
+		"aws_s3_bucket":                        dataAwsS3Bucket,
+		"aws_vpc":                              dataAwsVpc,
+		"aws_availability_zones":               dataAwsAvailabilityZones,
+		"aws_caller_identity":                  placeholder,
+		"aws_iam_policy_document":              placeholder,
+		"aws_region":                           placeholder,
+		"aws_canonical_user_id":                placeholder,
+		"aws_route53_traffic_policy_document":  placeholder,
+		"aws_cloudtrail_service_account":       placeholder,
+		"aws_partition":                        placeholder,
+		"aws_inspector_rules_packages":         dataAwsInspectorRulesPackages,
+		"aws_route53_zone":                     dataAwsRoute53Zone,
+		"aws_kms_ciphertext":                   dataAwsKmsCiphertext,
+		"aws_kms_key":                          dataAwsKmsKey,
+		"aws_security_group":                   dataAwsSecurityGroup,
+		"aws_security_groups":                  dataAwsSecurityGroup,
+		"aws_sns_topic":                        dataAwsSnsTopic,
+		"aws_ssm_parameter":                    dataAwsSsmParameter,
+		"aws_route_tables":                     dataAwsRouteTables,
+		"aws_elastic_beanstalk_solution_stack": dataAwsElasticBeanstalkSolutionStack,
 	}
 
 	var Permissions []string

src/files_datasource.go

@@ -37,5 +37,23 @@ var dataAwsInspectorRulesPackages []byte
 //go:embed mapping/aws/data/aws_route53_zone.json
 var dataAwsRoute53Zone []byte
 
+//go:embed mapping/aws/data/aws_security_group.json
+var dataAwsSecurityGroup []byte
+
+//go:embed mapping/aws/data/aws_sns_topic.json
+var dataAwsSnsTopic []byte
+
+//go:embed mapping/aws/data/aws_ssm_parameter.json
+var dataAwsSsmParameter []byte
+
 //go:embed mapping/aws/data/aws_kms_ciphertext.json
 var dataAwsKmsCiphertext []byte
+
+//go:embed mapping/aws/data/aws_kms_key.json
+var dataAwsKmsKey []byte
+
+//go:embed mapping/aws/data/aws_route_tables.json
+var dataAwsRouteTables []byte
+
+//go:embed mapping/aws/data/aws_elastic_beanstalk_solution_stack.json
+var dataAwsElasticBeanstalkSolutionStack []byte

src/mapping/aws/data/aws_elastic_beanstalk_solution_stack.json

@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [
+      "elasticbeanstalk:ListAvailableSolutionStacks"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/data/aws_kms_key.json

@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [
+      "kms:DescribeKey"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/data/aws_route_tables.json

@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [
+      "ec2:DescribeRouteTables"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/data/aws_security_group.json

@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [
+      "ec2:DescribeSecurityGroups"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/data/aws_sns_topic.json

@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [
+      "SNS:ListTopics"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/data/aws_ssm_parameter.json

@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [
+      "ssm:GetParameter"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

terraform/backup/data.aws_elastic_beanstalk_solution_stack.tf

@@ -0,0 +1,5 @@
+
+data "aws_elastic_beanstalk_solution_stack" "example" {
+  most_recent = true
+  name_regex  = "^64bit Amazon Linux 2018.03 v2.9.15 running Python"
+}

terraform/backup/data.aws_kms_key.tf

@@ -0,0 +1,7 @@
+
+data "aws_kms_key" "example" {
+  key_id = "34cdce9a-2322-427c-91bb-b572f435c032"
+}
+output "key" {
+  value = data.aws_kms_key.example
+}

terraform/backup/data.aws_route_tables.tf

@@ -0,0 +1,9 @@
+#data aws_organizations_organization "example" {}
+data "aws_route_tables" "example" {}
+
+output "routes" {
+  value = data.aws_route_tables.example
+}
+#data aws_s3_bucket_object "example" {}
+#data aws_ssoadmin_instances "example" {}
+#data aws_workspaces_bundle "example" {}

terraform/backup/data.aws_security_group.tf

@@ -0,0 +1,17 @@
+
+data "aws_security_group" "example" {
+  name = "launch-wizard-1"
+  tags = {
+    key = "value"
+  }
+}
+
+output "group" {
+  value = data.aws_security_group.example
+}
+
+data "aws_security_groups" "example" {
+}
+output "groups" {
+  value = data.aws_security_groups.example
+}

terraform/backup/data.aws_sns_topic.tf

@@ -0,0 +1,4 @@
+
+data "aws_sns_topic" "example" {
+  name = "*"
+}

terraform/backup/data.aws_ssm_parameter.tf

@@ -0,0 +1,4 @@
+
+data "aws_ssm_parameter" "example" {
+  name = "foo"
+}

terraform/data.tf

@@ -0,0 +1,6 @@
+
+data "aws_route_tables" "example" {}
+
+output "routes" {
+  value = data.aws_route_tables.example
+}

terraform/role/aws_iam_policy.basic.tf

@@ -5,7 +5,7 @@ resource "aws_iam_policy" "basic" {
     Statement = [
       {
         Action = [
-          "kms:Encrypt"
+          "ec2:DescribeRouteTables"
         ]
         Effect   = "Allow"
         Resource = "*"

todo.md

@@ -301,19 +301,11 @@
  aws_workspaces_workspace not implemented
 
  data.aws_directory_service_directory not implemented
- data.aws_elastic_beanstalk_solution_stack not implemented
  data.aws_kms_key not implemented
  data.aws_organizations_organization not implemented
- data.aws_partition not implemented
- data.aws_partition not implemented
  data.aws_route_tables not implemented
  data.aws_route_tables not implemented
  data.aws_s3_bucket_object not implemented
- data.aws_security_group not implemented
- data.aws_security_group not implemented
- data.aws_sns_topic not implemented
- data.aws_sns_topic not implemented
- data.aws_ssm_parameter not implemented
  data.aws_ssoadmin_instances not implemented
  data.aws_workspaces_bundle not implemented