diff --git a/src/aws.go b/src/aws.go index 44de31f0..af742d84 100644 --- a/src/aws.go +++ b/src/aws.go @@ -1199,6 +1199,9 @@ var tFLookup = map[string]interface{}{ //nolint:gochecknoglobals "aws_config_organization_custom_policy_rule": awsConfigOrganizationCustomPolicyRule, "aws_config_organization_custom_rule": awsConfigOrganizationCustomRule, "aws_config_retention_configuration": awsConfigRetentionConfiguration, + "aws_costoptimizationhub_enrollment_status": awsCostoptimizationhubEnrollmentStatus, + "aws_costoptimizationhub_preferences": awsCostoptimizationhubPreferences, + "aws_customerprofiles_profile": awsCustomerprofilesProfile, } // GetAWSPermissions for AWS resources. diff --git a/src/coverage/aws.md b/src/coverage/aws.md index a37b2fe7..c4e9e70e 100644 --- a/src/coverage/aws.md +++ b/src/coverage/aws.md @@ -4,10 +4,6 @@ Resource percentage coverage 80.05 Datasource percentage coverage 100.00 ./resource.ps1 aws_cognito_managed_user_pool_client -./resource.ps1 aws_connect_lambda_function_association -./resource.ps1 aws_costoptimizationhub_enrollment_status -./resource.ps1 aws_costoptimizationhub_preferences -./resource.ps1 aws_customerprofiles_profile ./resource.ps1 aws_dataexchange_data_set ./resource.ps1 aws_dataexchange_revision ./resource.ps1 aws_detective_member diff --git a/src/files.go b/src/files.go index 7abd2f23..785963a9 100644 --- a/src/files.go +++ b/src/files.go @@ -3381,3 +3381,12 @@ var awsConfigOrganizationCustomRule []byte //go:embed mapping/aws/resource/config/aws_config_retention_configuration.json var awsConfigRetentionConfiguration []byte + +//go:embed mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_enrollment_status.json +var awsCostoptimizationhubEnrollmentStatus []byte + +//go:embed mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_preferences.json +var awsCostoptimizationhubPreferences []byte + +//go:embed mapping/aws/resource/profile/aws_customerprofiles_profile.json +var awsCustomerprofilesProfile []byte diff --git a/src/mapping/aws/resource/connect/aws_connect_lambda_function_association.json b/src/mapping/aws/resource/connect/aws_connect_lambda_function_association.json index a92d6fda..0a13d194 100644 --- a/src/mapping/aws/resource/connect/aws_connect_lambda_function_association.json +++ b/src/mapping/aws/resource/connect/aws_connect_lambda_function_association.json @@ -15,4 +15,4 @@ "modify": [], "plan": [] } -] +] diff --git a/src/mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_enrollment_status.json b/src/mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_enrollment_status.json new file mode 100644 index 00000000..61afb502 --- /dev/null +++ b/src/mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_enrollment_status.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "cost-optimization-hub:UpdateEnrollmentStatus", + "cost-optimization-hub:ListEnrollmentStatuses" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_preferences.json b/src/mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_preferences.json new file mode 100644 index 00000000..1db18633 --- /dev/null +++ b/src/mapping/aws/resource/cost-optimization-hub/aws_costoptimizationhub_preferences.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "cost-optimization-hub:GetPreferences", + "cost-optimization-hub:UpdatePreferences" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/profile/aws_customerprofiles_domain.json b/src/mapping/aws/resource/profile/aws_customerprofiles_domain.json index a9e3e3f9..0e5f75eb 100644 --- a/src/mapping/aws/resource/profile/aws_customerprofiles_domain.json +++ b/src/mapping/aws/resource/profile/aws_customerprofiles_domain.json @@ -4,7 +4,8 @@ "profile:CreateDomain", "profile:DeleteDomain", "profile:GetDomain", - "profile:UpdateDomain" + "profile:UpdateDomain", + "profile:ListTagsForResource" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/profile/aws_customerprofiles_profile.json b/src/mapping/aws/resource/profile/aws_customerprofiles_profile.json new file mode 100644 index 00000000..475f05c4 --- /dev/null +++ b/src/mapping/aws/resource/profile/aws_customerprofiles_profile.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "profile:CreateProfile", + "profile:DeleteProfile", + "profile:UpdateProfile", + "profile:ListTagsForResource" + ], + "attributes": { + "tags": [ + "profile:UntagResource", + "profile:TagResource" + ] + }, + "destroy": [ + "profile:DeleteProfile" + ], + "modify": [ + "profile:UpdateProfile" + ], + "plan": [] + } +] diff --git a/terraform/aws/backup/aws_costoptimizationhub_enrollment_status.tf b/terraform/aws/backup/aws_costoptimizationhub_enrollment_status.tf new file mode 100644 index 00000000..a4aaadc4 --- /dev/null +++ b/terraform/aws/backup/aws_costoptimizationhub_enrollment_status.tf @@ -0,0 +1 @@ +resource "aws_costoptimizationhub_enrollment_status" "pike" {} diff --git a/terraform/aws/backup/aws_costoptimizationhub_preferences.tf b/terraform/aws/backup/aws_costoptimizationhub_preferences.tf new file mode 100644 index 00000000..570390d8 --- /dev/null +++ b/terraform/aws/backup/aws_costoptimizationhub_preferences.tf @@ -0,0 +1 @@ +resource "aws_costoptimizationhub_preferences" "pike" {} diff --git a/terraform/aws/backup/aws_customerprofiles_profile.tf b/terraform/aws/backup/aws_customerprofiles_profile.tf new file mode 100644 index 00000000..2a3eea57 --- /dev/null +++ b/terraform/aws/backup/aws_customerprofiles_profile.tf @@ -0,0 +1,3 @@ +resource "aws_customerprofiles_profile" "pike" { + domain_name = "example" +} diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf index c1d46bc6..adf6c9a4 100644 --- a/terraform/aws/role/aws_iam_policy.basic.tf +++ b/terraform/aws/role/aws_iam_policy.basic.tf @@ -7,67 +7,9 @@ resource "aws_iam_policy" "basic" { "Sid" : "VisualEditor0", "Effect" : "Allow", "Action" : [ - - "config:DeleteConfigRule", - "config:DescribeComplianceByConfigRule", - "config:DescribeConfigRules", - "config:ListTagsForResource", - "config:PutConfigRule", - "dynamodb:DeleteItem", - "dynamodb:DescribeTable", - "dynamodb:GetItem", - "dynamodb:PutItem", - "ec2:DescribeAccountAttributes", - "ec2:DescribeImages", - "ec2:DescribeInstanceAttribute", - "ec2:DescribeInstanceCreditSpecifications", - "ec2:DescribeInstanceTypes", - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeTags", - "ec2:DescribeVolumes", - "ec2:ModifyInstanceAttribute", - "ec2:RunInstances", - "ec2:StartInstances", - "ec2:StopInstances", - "ec2:TerminateInstances", - "logs:CreateLogGroup", - "logs:DeleteLogGroup", - "logs:DescribeLogGroups", - "logs:ListTagsLogGroup", - "s3:DeleteObject", - "s3:GetObject", - "s3:ListBucket", - "s3:PutObject", - - # aws_cloudwatch_log_delivery_source - "logs:PutDeliverySource", - "logs:DeleteDeliverySource", - - # aws_cloudwatch_log_group - "logs:ListTagsForResource", - - # aws_cloudwatch_log_index_policy - "logs:PutIndexPolicy", - "logs:DeleteIndexPolicy", - "logs:DescribeIndexPolicies", - - # aws_cloudwatch_log_delivery_destination - "logs:PutDeliveryDestination", - "logs:GetDeliveryDestination", - "logs:DescribeDeliveryDestinations", - "logs:DeleteDeliveryDestination", - - # aws_cloudwatch_log_anomaly_detector - "logs:CreateLogAnomalyDetector", - "logs:GetLogAnomalyDetector", - "logs:DeleteLogAnomalyDetector", - "logs:UpdateLogAnomalyDetector", - - # aws_cloudwatch_log_delivery_destination_policy - "logs:PutDeliveryDestinationPolicy", - "logs:GetDeliveryDestinationPolicy", - "logs:DeleteDeliveryDestinationPolicy" + "profile:CreateProfile", + "profile:DeleteProfile", + "profile:UpdateProfile" ], "Resource" : [ "*"