aws vpc

JamesWoolfenden · Feb 11, 2025 · dca86ef · dca86ef
1 parent ed5cbcb
commit dca86ef
Show file tree

Hide file tree

Showing 64 changed files with 749 additions and 37 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -25,7 +25,7 @@ jobs:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
+        uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
         with:
           version: latest
           args: release --clean

diff --git a/src/aws.go b/src/aws.go
@@ -1408,6 +1408,34 @@ var tFLookup = map[string]interface{}{ //nolint:gochecknoglobals
 	"aws_s3control_object_lambda_access_point":                         awsS3ControlObjectLambdaAccessPoint,
 	"aws_s3control_object_lambda_access_point_policy":                  awsS3ControlObjectLambdaAccessPointPolicy,
 	"aws_s3control_storage_lens_configuration":                         awsS3ControlStorageLensConfiguration,
+	"aws_opensearch_authorize_vpc_endpoint_access":                     awsOpensearchAuthorizeVpcEndpointAccess,
+	"aws_opensearch_domain_saml_options":                               awsOpensearchDomainSamlOptions,
+	"aws_opensearch_inbound_connection_accepter":                       awsOpensearchInboundConnectionAccepter,
+	"aws_opensearch_outbound_connection":                               awsOpensearchOutboundConnection,
+	"aws_opensearch_package":                                           awsOpensearchPackage,
+	"aws_opensearch_package_association":                               awsOpensearchPackageAssociation,
+	"aws_opensearch_vpc_endpoint":                                      awsOpensearchVPCEndpoint,
+	"aws_service_discovery_http_namespace":                             awsServiceDiscoveryHttpNamespace,
+	"aws_service_discovery_instance":                                   awsServiceDiscoveryInstance,
+	"aws_service_discovery_private_dns_namespace":                      awsServiceDiscoveryPrivateDNSNamespace,
+	"aws_service_discovery_public_dns_namespace":                       awsServiceDiscoveryPublicDNSNamespace,
+	"aws_service_discovery_service":                                    awsServiceDiscoveryService,
+	"aws_macie2_account":                                               awsMacieAccount,
+	"aws_macie2_classification_export_configuration":                   awsMacieClassificationExportConfiguration,
+	"aws_macie2_classification_job":                                    awsMacieClassificationJob,
+	"aws_macie2_invitation_accepter":                                   awsMacieInvitationAccepter,
+	"aws_macie2_member":                                                awsMacieMember,
+	"aws_macie2_organization_admin_account":                            awsMacieOrganizationAdminAccount,
+	"aws_vpc_endpoint_policy":                                          awsVpcEndpointPolicy,
+	"aws_vpc_endpoint_private_dns":                                     awsVpcEndpointPrivateDns,
+	"aws_vpc_endpoint_security_group_association":                      awsVpcEndpointSecurityGroupAssociation,
+	"aws_vpc_endpoint_service_allowed_principal":                       awsVpcEndpointServiceAllowedPrincipal,
+	"aws_vpc_endpoint_service_private_dns_verification":                awsVpcEndpointServicePrivateDnsVerification,
+	"aws_vpc_ipam_organization_admin_account":                          awsVpcIpamOrganizationAdminAccount,
+	"aws_vpc_ipv6_cidr_block_association":                              awsVpcIpv6CidrBlockAssociation,
+	"aws_vpc_network_performance_metric_subscription":                  awsVpcNetworkPerformanceMetricSubscription,
+	"aws_vpc_security_group_vpc_association":                           awsVpcSecurityGroupAssociation,
+	"aws_vpclattice_service_network_resource_association":              awsVpclatticeServiceNetworkResourceAssociation,
 }
 
 // GetAWSPermissions for AWS resources.

diff --git a/src/coverage/aws.md b/src/coverage/aws.md
@@ -1,6 +1,6 @@
 # todo aws
 
-Resource percentage coverage   94.04
+Resource percentage coverage   95.94
 Datasource percentage coverage 100.00
 
 ./resource.ps1 aws_cognito_managed_user_pool_client
@@ -28,12 +28,6 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_iot_thing_principal_attachment
 ./resource.ps1 aws_lb_listener_certificate
 ./resource.ps1 aws_lb_ssl_negotiation_policy
-./resource.ps1 aws_macie2_account
-./resource.ps1 aws_macie2_classification_export_configuration
-./resource.ps1 aws_macie2_classification_job
-./resource.ps1 aws_macie2_invitation_accepter
-./resource.ps1 aws_macie2_member
-./resource.ps1 aws_macie2_organization_admin_account
 ./resource.ps1 aws_main_route_table_association
 ./resource.ps1 aws_memorydb_multi_region_cluster
 ./resource.ps1 aws_msk_single_scram_secret_association
@@ -47,13 +41,6 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_networkmanager_transit_gateway_connect_peer_association
 ./resource.ps1 aws_networkmonitor_monitor
 ./resource.ps1 aws_networkmonitor_probe
-./resource.ps1 aws_opensearch_authorize_vpc_endpoint_access
-./resource.ps1 aws_opensearch_domain_saml_options
-./resource.ps1 aws_opensearch_inbound_connection_accepter
-./resource.ps1 aws_opensearch_outbound_connection
-./resource.ps1 aws_opensearch_package
-./resource.ps1 aws_opensearch_package_association
-./resource.ps1 aws_opensearch_vpc_endpoint
 ./resource.ps1 aws_organizations_delegated_administrator
 ./resource.ps1 aws_prometheus_rule_group_namespace
 ./resource.ps1 aws_qldb_ledger
@@ -67,11 +54,6 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_securityhub_invite_accepter
 ./resource.ps1 aws_securityhub_member
 ./resource.ps1 aws_serverlessapplicationrepository_cloudformation_stack
-./resource.ps1 aws_service_discovery_http_namespace
-./resource.ps1 aws_service_discovery_instance
-./resource.ps1 aws_service_discovery_private_dns_namespace
-./resource.ps1 aws_service_discovery_public_dns_namespace
-./resource.ps1 aws_service_discovery_service
 ./resource.ps1 aws_servicecatalog_provisioning_artifact
 ./resource.ps1 aws_shield_application_layer_automatic_response
 ./resource.ps1 aws_shield_drt_access_log_bucket_association
@@ -81,13 +63,3 @@ Datasource percentage coverage 100.00
 ./resource.ps1 aws_verifiedaccess_instance_trust_provider_attachment
 ./resource.ps1 aws_verifiedpermissions_schema
 ./resource.ps1 aws_vpc_endpoint_connection_accepter
-./resource.ps1 aws_vpc_endpoint_policy
-./resource.ps1 aws_vpc_endpoint_private_dns
-./resource.ps1 aws_vpc_endpoint_security_group_association
-./resource.ps1 aws_vpc_endpoint_service_allowed_principal
-./resource.ps1 aws_vpc_endpoint_service_private_dns_verification
-./resource.ps1 aws_vpc_ipam_organization_admin_account
-./resource.ps1 aws_vpc_ipv6_cidr_block_association
-./resource.ps1 aws_vpc_network_performance_metric_subscription
-./resource.ps1 aws_vpc_security_group_vpc_association
-./resource.ps1 aws_vpclattice_service_network_resource_association
diff --git a/src/files_aws.go b/src/files_aws.go
@@ -525,3 +525,87 @@ var awsS3ControlObjectLambdaAccessPointPolicy []byte
 
 //go:embed mapping/aws/resource/s3/aws_s3control_storage_lens_configuration.json
 var awsS3ControlStorageLensConfiguration []byte
+
+//go:embed mapping/aws/resource/es/aws_opensearch_authorize_vpc_endpoint_access.json
+var awsOpensearchAuthorizeVpcEndpointAccess []byte
+
+//go:embed mapping/aws/resource/es/aws_opensearch_domain_saml_options.json
+var awsOpensearchDomainSamlOptions []byte
+
+//go:embed mapping/aws/resource/es/aws_opensearch_inbound_connection_accepter.json
+var awsOpensearchInboundConnectionAccepter []byte
+
+//go:embed mapping/aws/resource/es/aws_opensearch_outbound_connection.json
+var awsOpensearchOutboundConnection []byte
+
+//go:embed mapping/aws/resource/es/aws_opensearch_package.json
+var awsOpensearchPackage []byte
+
+//go:embed mapping/aws/resource/es/aws_opensearch_package_association.json
+var awsOpensearchPackageAssociation []byte
+
+//go:embed mapping/aws/resource/es/aws_opensearch_vpc_endpoint.json
+var awsOpensearchVPCEndpoint []byte
+
+//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_http_namespace.json
+var awsServiceDiscoveryHttpNamespace []byte
+
+//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_instance.json
+var awsServiceDiscoveryInstance []byte
+
+//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_private_dns_namespace.json
+var awsServiceDiscoveryPrivateDNSNamespace []byte
+
+//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_public_dns_namespace.json
+var awsServiceDiscoveryPublicDNSNamespace []byte
+
+//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_service.json
+var awsServiceDiscoveryService []byte
+
+//go:embed mapping/aws/resource/macie2/aws_macie2_account.json
+var awsMacieAccount []byte
+
+//go:embed mapping/aws/resource/macie2/aws_macie2_classification_export_configuration.json
+var awsMacieClassificationExportConfiguration []byte
+
+//go:embed mapping/aws/resource/macie2/aws_macie2_classification_job.json
+var awsMacieClassificationJob []byte
+
+//go:embed mapping/aws/resource/macie2/aws_macie2_invitation_accepter.json
+var awsMacieInvitationAccepter []byte
+
+//go:embed mapping/aws/resource/macie2/aws_macie2_member.json
+var awsMacieMember []byte
+
+//go:embed mapping/aws/resource/macie2/aws_macie2_organization_admin_account.json
+var awsMacieOrganizationAdminAccount []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_policy.json
+var awsVpcEndpointPolicy []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_private_dns.json
+var awsVpcEndpointPrivateDns []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_security_group_association.json
+var awsVpcEndpointSecurityGroupAssociation []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_service_allowed_principal.json
+var awsVpcEndpointServiceAllowedPrincipal []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_service_private_dns_verification.json
+var awsVpcEndpointServicePrivateDnsVerification []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_ipam_organization_admin_account.json
+var awsVpcIpamOrganizationAdminAccount []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_ipv6_cidr_block_association.json
+var awsVpcIpv6CidrBlockAssociation []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_network_performance_metric_subscription.json
+var awsVpcNetworkPerformanceMetricSubscription []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_security_group_vpc_association.json
+var awsVpcSecurityGroupAssociation []byte
+
+//go:embed mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_resource_association.json
+var awsVpclatticeServiceNetworkResourceAssociation []byte
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_connection_accepter.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_connection_accepter.json
@@ -0,0 +1,15 @@
+[
+  {
+    "apply": [
+      "ec2:AcceptVpcEndpointConnections",
+      "ec2:RejectVpcEndpointConnections",
+      "ec2:DescribeVpcEndpointConnections"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_policy.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_policy.json
@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "ec2:ModifyVerifiedAccessEndpointPolicy",
+      "ec2:GetVerifiedAccessEndpointPolicy"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_private_dns.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_private_dns.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [
+      "ec2:StartVpcEndpointServicePrivateDnsVerification"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_security_group_association.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_security_group_association.json
@@ -0,0 +1,15 @@
+[
+  {
+    "apply": [
+      "ec2:AssociateSecurityGroupVpc",
+      "ec2:DescribeSecurityGroupVpcAssociations",
+      "ec2:DisassociateSecurityGroupVpc"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_allowed_principal.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_allowed_principal.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [
+      "ec2:ModifyVpcEndpointServicePermissions"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_private_dns_verification.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_private_dns_verification.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [
+      "ec2:StartVpcEndpointServicePrivateDnsVerification"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_organization_admin_account.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_organization_admin_account.json
@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "ec2:DisableIpamOrganizationAdminAccount",
+      "ec2:EnableIpamOrganizationAdminAccount"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool.json
@@ -4,7 +4,8 @@
       "ec2:CreateIpamPool",
       "ec2:DescribeIpamPools",
       "ec2:DeleteIpamPool",
-      "ec2:ModifyIpamPool"
+      "ec2:ModifyIpamPool",
+      "ec2:DescribeIpamScopes"
     ],
     "attributes": {
       "tags": [

diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipv6_cidr_block_association.json b/src/mapping/aws/resource/ec2/aws_vpc_ipv6_cidr_block_association.json
@@ -0,0 +1,15 @@
+[
+  {
+    "apply": [
+      "ec2:AssociateVpcCidrBlock",
+      "ec2:AllocateIpamPoolCidr",
+      "ec2:DisassociateVpcCidrBlock"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_network_performance_metric_subscription.json b/src/mapping/aws/resource/ec2/aws_vpc_network_performance_metric_subscription.json
@@ -0,0 +1,15 @@
+[
+  {
+    "apply": [
+      "ec2:DescribeAwsNetworkPerformanceMetricSubscriptions",
+      "ec2:DisableAwsNetworkPerformanceMetricSubscription",
+      "ec2:EnableAwsNetworkPerformanceMetricSubscription"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_security_group_vpc_association.json b/src/mapping/aws/resource/ec2/aws_vpc_security_group_vpc_association.json
@@ -0,0 +1,15 @@
+[
+  {
+    "apply": [
+      "ec2:AssociateSecurityGroupVpc",
+      "ec2:DescribeSecurityGroupVpcAssociations",
+      "ec2:DisassociateSecurityGroupVpc"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/es/aws_opensearch_authorize_vpc_endpoint_access.json b/src/mapping/aws/resource/es/aws_opensearch_authorize_vpc_endpoint_access.json
@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "es:AuthorizeVpcEndpointAccess",
+      "es:RevokeVpcEndpointAccess"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/es/aws_opensearch_domain_saml_options.json b/src/mapping/aws/resource/es/aws_opensearch_domain_saml_options.json
@@ -0,0 +1,11 @@
+[
+  {
+    "apply": [],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/es/aws_opensearch_inbound_connection_accepter.json b/src/mapping/aws/resource/es/aws_opensearch_inbound_connection_accepter.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [
+      "es:AcceptInboundConnection"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]