diff --git a/src/aws.go b/src/aws.go index 06f4ea57..346dc163 100644 --- a/src/aws.go +++ b/src/aws.go @@ -1395,6 +1395,19 @@ var tFLookup = map[string]interface{}{ //nolint:gochecknoglobals "aws_redshiftserverless_resource_policy": awsRedshiftserverlessResourcePolicy, "aws_redshiftserverless_snapshot": awsRedshiftserverlessSnapshot, "aws_redshiftserverless_usage_limit": awsRedshiftserverlessUsageLimit, + "aws_route53domains_delegation_signer_record": awsRoute53DomainsDelegationSignerRecord, + "aws_route53domains_domain": awsRoute53DomainsDomain, + "aws_route53domains_registered_domain": awsRoute53DomainsRegisteredDomain, + "aws_route53profiles_resource_association": awsRoute53profilesResourceAssociation, + "aws_s3_directory_bucket": awsS3DirectoryBucket, + "aws_s3_object_copy": awsS3ObjectCopy, + "aws_s3control_access_grants_instance_resource_policy": awsS3controlAccessGrantInstanceResourcePolicy, + "aws_s3control_bucket": awsS3ControlBucket, + "aws_s3control_bucket_lifecycle_configuration": awsS3ControlBucketLifecycleAssociation, + "aws_s3control_bucket_policy": awsS3ControlBucketPolicy, + "aws_s3control_object_lambda_access_point": awsS3ControlObjectLambdaAccessPoint, + "aws_s3control_object_lambda_access_point_policy": awsS3ControlObjectLambdaAccessPointPolicy, + "aws_s3control_storage_lens_configuration": awsS3ControlStorageLensConfiguration, } // GetAWSPermissions for AWS resources. diff --git a/src/coverage/aws.md b/src/coverage/aws.md index 33e79ca3..b077df5b 100644 --- a/src/coverage/aws.md +++ b/src/coverage/aws.md @@ -1,6 +1,6 @@ # todo aws -Resource percentage coverage 93.16 +Resource percentage coverage 94.04 Datasource percentage coverage 100.00 ./resource.ps1 aws_cognito_managed_user_pool_client @@ -63,20 +63,7 @@ Datasource percentage coverage 100.00 ./resource.ps1 aws_rds_instance_state ./resource.ps1 aws_resiliencehub_resiliency_policy ./resource.ps1 aws_resourcegroups_resource -./resource.ps1 aws_route53domains_delegation_signer_record -./resource.ps1 aws_route53domains_domain -./resource.ps1 aws_route53domains_registered_domain -./resource.ps1 aws_route53profiles_resource_association ./resource.ps1 aws_rum_metrics_destination -./resource.ps1 aws_s3_directory_bucket -./resource.ps1 aws_s3_object_copy -./resource.ps1 aws_s3control_access_grants_instance_resource_policy -./resource.ps1 aws_s3control_bucket -./resource.ps1 aws_s3control_bucket_lifecycle_configuration -./resource.ps1 aws_s3control_bucket_policy -./resource.ps1 aws_s3control_object_lambda_access_point -./resource.ps1 aws_s3control_object_lambda_access_point_policy -./resource.ps1 aws_s3control_storage_lens_configuration ./resource.ps1 aws_securityhub_invite_accepter ./resource.ps1 aws_securityhub_member ./resource.ps1 aws_serverlessapplicationrepository_cloudformation_stack diff --git a/src/files_aws.go b/src/files_aws.go index 156b05bb..c7574f8d 100644 --- a/src/files_aws.go +++ b/src/files_aws.go @@ -486,3 +486,42 @@ var awsRedshiftserverlessSnapshot []byte //go:embed mapping/aws/resource/redshift-serverless/aws_redshiftserverless_usage_limit.json var awsRedshiftserverlessUsageLimit []byte + +//go:embed mapping/aws/resource/route53domains/aws_route53domains_delegation_signer_record.json +var awsRoute53DomainsDelegationSignerRecord []byte + +//go:embed mapping/aws/resource/route53domains/aws_route53domains_domain.json +var awsRoute53DomainsDomain []byte + +//go:embed mapping/aws/resource/route53domains/aws_route53domains_registered_domain.json +var awsRoute53DomainsRegisteredDomain []byte + +//go:embed mapping/aws/resource/route53profiles/aws_route53profiles_resource_association.json +var awsRoute53profilesResourceAssociation []byte + +//go:embed mapping/aws/resource/s3-express/aws_s3_directory_bucket.json +var awsS3DirectoryBucket []byte + +//go:embed mapping/aws/resource/s3/aws_s3_object_copy.json +var awsS3ObjectCopy []byte + +//go:embed mapping/aws/resource/s3-outposts/aws_s3control_access_grants_instance_resource_policy.json +var awsS3controlAccessGrantInstanceResourcePolicy []byte + +//go:embed mapping/aws/resource/s3-outposts/aws_s3control_bucket.json +var awsS3ControlBucket []byte + +//go:embed mapping/aws/resource/s3-outposts/aws_s3control_bucket_lifecycle_configuration.json +var awsS3ControlBucketLifecycleAssociation []byte + +//go:embed mapping/aws/resource/s3-outposts/aws_s3control_bucket_policy.json +var awsS3ControlBucketPolicy []byte + +//go:embed mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point.json +var awsS3ControlObjectLambdaAccessPoint []byte + +//go:embed mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point_policy.json +var awsS3ControlObjectLambdaAccessPointPolicy []byte + +//go:embed mapping/aws/resource/s3/aws_s3control_storage_lens_configuration.json +var awsS3ControlStorageLensConfiguration []byte diff --git a/src/mapping/aws/resource/route53domains/aws_route53domains_delegation_signer_record.json b/src/mapping/aws/resource/route53domains/aws_route53domains_delegation_signer_record.json new file mode 100644 index 00000000..90ed32a2 --- /dev/null +++ b/src/mapping/aws/resource/route53domains/aws_route53domains_delegation_signer_record.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "route53domains:AssociateDelegationSignerToDomain", + "route53domains:DisassociateDelegationSignerFromDomain" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/route53domains/aws_route53domains_domain.json b/src/mapping/aws/resource/route53domains/aws_route53domains_domain.json new file mode 100644 index 00000000..20ac9c21 --- /dev/null +++ b/src/mapping/aws/resource/route53domains/aws_route53domains_domain.json @@ -0,0 +1,22 @@ +[ + { + "apply": [ + "route53domains:DeleteDomain", + "route53domains:UpdateDomainContact", + "route53domains:RegisterDomain", + "route53domains:EnableDomainAutoRenew", + "route53domains:UpdateDomainContactPrivacy", + "route53domains:ListTagsForDomain", + "route53domains:GetDomainDetail" + ], + "attributes": { + "tags": [ + "route53domains:DeleteTagsForDomain", + "route53domains:UpdateTagsForDomain" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/route53domains/aws_route53domains_registered_domain.json b/src/mapping/aws/resource/route53domains/aws_route53domains_registered_domain.json new file mode 100644 index 00000000..bea105aa --- /dev/null +++ b/src/mapping/aws/resource/route53domains/aws_route53domains_registered_domain.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "route53domains:UpdateDomainContact", + "route53domains:EnableDomainAutoRenew", + "route53domains:UpdateDomainContactPrivacy", + "route53domains:ListTagsForDomain", + "route53domains:GetDomainDetail", + "route53domains:ListTagsForDomain" + ], + "attributes": { + "tags": [ + "route53domains:DeleteTagsForDomain", + "route53domains:UpdateTagsForDomain" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/route53profiles/aws_route53profiles_resource_association.json b/src/mapping/aws/resource/route53profiles/aws_route53profiles_resource_association.json new file mode 100644 index 00000000..be9e744b --- /dev/null +++ b/src/mapping/aws/resource/route53profiles/aws_route53profiles_resource_association.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "route53profiles:AssociateResourceToProfile", + "route53profiles:GetProfileResourceAssociation", + "route53profiles:UpdateProfileResourceAssociation", + "route53profiles:DisassociateResourceFromProfile" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "route53profiles:DisassociateResourceFromProfile", + "route53profiles:GetProfileResourceAssociation" + ], + "modify": [ + "route53profiles:UpdateProfileResourceAssociation", + "route53profiles:GetProfileResourceAssociation" + ], + "plan": [ + "route53profiles:GetProfileResourceAssociation" + ] + } +] diff --git a/src/mapping/aws/resource/s3-express/aws_s3_directory_bucket.json b/src/mapping/aws/resource/s3-express/aws_s3_directory_bucket.json new file mode 100644 index 00000000..b2e17215 --- /dev/null +++ b/src/mapping/aws/resource/s3-express/aws_s3_directory_bucket.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "s3express:DeleteBucket", + "s3express:CreateBucket" + ], + "attributes": {}, + "destroy": [ + "s3express:DeleteBucket" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3-outposts/aws_s3control_access_grants_instance_resource_policy.json b/src/mapping/aws/resource/s3-outposts/aws_s3control_access_grants_instance_resource_policy.json new file mode 100644 index 00000000..1ee42eca --- /dev/null +++ b/src/mapping/aws/resource/s3-outposts/aws_s3control_access_grants_instance_resource_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "s3:DeleteAccessGrantsInstanceResourcePolicy", + "s3:PutAccessGrantsInstanceResourcePolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket.json b/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket.json new file mode 100644 index 00000000..d9afe132 --- /dev/null +++ b/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket.json @@ -0,0 +1,23 @@ +[ + { + "apply": [ + "s3-outposts:DeleteBucket", + "s3-outposts:CreateBucket", + "s3-outposts:GetLifecycleConfiguration", + "s3-outposts:PutLifecycleConfiguration", + "s3-outposts:PutObjectAcl", + "s3-outposts:GetBucketPolicy", + "s3-outposts:GetBucketVersioning" + ], + "attributes": { + "tags": [ + "s3-outposts:GetBucketTagging", + "s3-outposts:PutBucketTagging" + ] + }, + "destroy": [ + "s3-outposts:DeleteBucket" + ], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket_lifecycle_configuration.json b/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket_lifecycle_configuration.json new file mode 100644 index 00000000..6ba6f4ce --- /dev/null +++ b/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket_lifecycle_configuration.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "s3-outposts:PutReplicationConfiguration", + "s3-outposts:PutLifecycleConfiguration", + "s3-outposts:GetLifecycleConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket_policy.json b/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket_policy.json new file mode 100644 index 00000000..c267f0d6 --- /dev/null +++ b/src/mapping/aws/resource/s3-outposts/aws_s3control_bucket_policy.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "s3-outposts:GetBucketPolicy", + "s3-outposts:DeleteBucketPolicy", + "s3-outposts:PutBucketPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point.json b/src/mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point.json new file mode 100644 index 00000000..3f5ff17e --- /dev/null +++ b/src/mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "s3-outposts:CreateAccessPoint", + "s3-outposts:DeleteAccessPoint", + "s3-outposts:GetAccessPoint" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point_policy.json b/src/mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point_policy.json new file mode 100644 index 00000000..f4435fa5 --- /dev/null +++ b/src/mapping/aws/resource/s3-outposts/aws_s3control_object_lambda_access_point_policy.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "s3-outposts:GetAccessPointPolicy", + "s3-outposts:DeleteAccessPointPolicy", + "s3-outposts:PutAccessPointPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3_object_copy.json b/src/mapping/aws/resource/s3/aws_s3_object_copy.json new file mode 100644 index 00000000..6a13bfa2 --- /dev/null +++ b/src/mapping/aws/resource/s3/aws_s3_object_copy.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "s3:PutObject", + "s3:GetObject", + "s3:GetObjectTagging", + "s3:ListBucketVersions", + "s3:DeleteObjectVersion" + ], + "attributes": { + "kms": [ + "kms:DescribeKey", + "kms:Encrypt" + ], + "tags": [] + }, + "destroy": [ + "s3:ListBucketVersions", + "s3:DeleteObjectVersion" + ], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/s3/aws_s3control_storage_lens_configuration.json b/src/mapping/aws/resource/s3/aws_s3control_storage_lens_configuration.json new file mode 100644 index 00000000..0fa0ee9c --- /dev/null +++ b/src/mapping/aws/resource/s3/aws_s3control_storage_lens_configuration.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "s3:GetStorageLensConfiguration", + "s3:PutStorageLensConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/terraform/aws/backup/aws_route53domains_delegation_signer_record.tf b/terraform/aws/backup/aws_route53domains_delegation_signer_record.tf new file mode 100644 index 00000000..71da960c --- /dev/null +++ b/terraform/aws/backup/aws_route53domains_delegation_signer_record.tf @@ -0,0 +1 @@ +resource "aws_route53domains_delegation_signer_record" "pike" {} diff --git a/terraform/aws/backup/aws_route53domains_domain.tf b/terraform/aws/backup/aws_route53domains_domain.tf new file mode 100644 index 00000000..2d997beb --- /dev/null +++ b/terraform/aws/backup/aws_route53domains_domain.tf @@ -0,0 +1 @@ +resource "aws_route53domains_domain" "pike" {} diff --git a/terraform/aws/backup/aws_route53domains_registered_domain.tf b/terraform/aws/backup/aws_route53domains_registered_domain.tf new file mode 100644 index 00000000..f9a83bc9 --- /dev/null +++ b/terraform/aws/backup/aws_route53domains_registered_domain.tf @@ -0,0 +1 @@ +resource "aws_route53domains_registered_domain" "pike" {} diff --git a/terraform/aws/backup/aws_route53profiles_resource_association.tf b/terraform/aws/backup/aws_route53profiles_resource_association.tf new file mode 100644 index 00000000..f2334d04 --- /dev/null +++ b/terraform/aws/backup/aws_route53profiles_resource_association.tf @@ -0,0 +1 @@ +resource "aws_route53profiles_resource_association" "pike" {} diff --git a/terraform/aws/backup/aws_s3_directory_bucket.tf b/terraform/aws/backup/aws_s3_directory_bucket.tf new file mode 100644 index 00000000..365e010f --- /dev/null +++ b/terraform/aws/backup/aws_s3_directory_bucket.tf @@ -0,0 +1,3 @@ +resource "aws_s3_directory_bucket" "pike" { + bucket = "expressbucket" +} diff --git a/terraform/aws/backup/aws_s3_object_copy.tf b/terraform/aws/backup/aws_s3_object_copy.tf new file mode 100644 index 00000000..cdd8278c --- /dev/null +++ b/terraform/aws/backup/aws_s3_object_copy.tf @@ -0,0 +1,10 @@ +resource "aws_s3_object_copy" "pike" { + bucket = "pike-680235478471" + key = "terraform.tfstate" + source = "680235478471-terraform-state/pike-aws/terraform.tfstate" + override_provider { + default_tags { + tags = {} + } + } +} diff --git a/terraform/aws/backup/aws_s3control_access_grants_instance_resource_policy.tf b/terraform/aws/backup/aws_s3control_access_grants_instance_resource_policy.tf new file mode 100644 index 00000000..0394f5f2 --- /dev/null +++ b/terraform/aws/backup/aws_s3control_access_grants_instance_resource_policy.tf @@ -0,0 +1 @@ +resource "aws_s3control_access_grants_instance_resource_policy" "pike" {} diff --git a/terraform/aws/backup/aws_s3control_bucket.tf b/terraform/aws/backup/aws_s3control_bucket.tf new file mode 100644 index 00000000..9bd7f816 --- /dev/null +++ b/terraform/aws/backup/aws_s3control_bucket.tf @@ -0,0 +1,3 @@ +resource "aws_s3control_bucket" "pike" { + +} diff --git a/terraform/aws/backup/aws_s3control_bucket_lifecycle_configuration.tf b/terraform/aws/backup/aws_s3control_bucket_lifecycle_configuration.tf new file mode 100644 index 00000000..5a83ac10 --- /dev/null +++ b/terraform/aws/backup/aws_s3control_bucket_lifecycle_configuration.tf @@ -0,0 +1 @@ +resource "aws_s3control_bucket_lifecycle_configuration" "pike" {} diff --git a/terraform/aws/backup/aws_s3control_bucket_policy.tf b/terraform/aws/backup/aws_s3control_bucket_policy.tf new file mode 100644 index 00000000..4cfe2dc0 --- /dev/null +++ b/terraform/aws/backup/aws_s3control_bucket_policy.tf @@ -0,0 +1 @@ +resource "aws_s3control_bucket_policy" "pike" {} diff --git a/terraform/aws/backup/aws_s3control_object_lambda_access_point.tf b/terraform/aws/backup/aws_s3control_object_lambda_access_point.tf new file mode 100644 index 00000000..c8959960 --- /dev/null +++ b/terraform/aws/backup/aws_s3control_object_lambda_access_point.tf @@ -0,0 +1 @@ +resource "aws_s3control_object_lambda_access_point" "pike" {} diff --git a/terraform/aws/backup/aws_s3control_object_lambda_access_point_policy.tf b/terraform/aws/backup/aws_s3control_object_lambda_access_point_policy.tf new file mode 100644 index 00000000..ea038985 --- /dev/null +++ b/terraform/aws/backup/aws_s3control_object_lambda_access_point_policy.tf @@ -0,0 +1 @@ +resource "aws_s3control_object_lambda_access_point_policy" "pike" {} diff --git a/terraform/aws/backup/aws_s3control_storage_lens_configuration.tf b/terraform/aws/backup/aws_s3control_storage_lens_configuration.tf new file mode 100644 index 00000000..4a7c5528 --- /dev/null +++ b/terraform/aws/backup/aws_s3control_storage_lens_configuration.tf @@ -0,0 +1,19 @@ +resource "aws_s3control_storage_lens_configuration" "pike" { + config_id = "example-1" + + storage_lens_configuration { + enabled = true + + account_level { + activity_metrics { + enabled = true + } + + bucket_level { + activity_metrics { + enabled = true + } + } + } + } +} diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf index bdd6d5dc..8b4c0a31 100644 --- a/terraform/aws/role/aws_iam_policy.basic.tf +++ b/terraform/aws/role/aws_iam_policy.basic.tf @@ -7,7 +7,15 @@ resource "aws_iam_policy" "basic" { "Sid" : "VisualEditor0", "Effect" : "Allow", "Action" : [ - "ec2:DescribeIpams" + "s3:ListBucket", + "s3:PutObject", + "s3:GetObject", + "s3:GetObjectTagging", + "kms:DescribeKey", + "kms:Encrypt", + + "s3:ListBucketVersions", + "s3:DeleteObjectVersion" ], "Resource" : [ "*"