diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a41b87fa..45c2b13e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,7 @@ jobs: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} passphrase: ${{ secrets.PASSPHRASE }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0 + uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1 with: version: latest args: release --clean diff --git a/src/aws.go b/src/aws.go index 2e45c802..8e7e6bef 100644 --- a/src/aws.go +++ b/src/aws.go @@ -1408,6 +1408,34 @@ var tFLookup = map[string]interface{}{ //nolint:gochecknoglobals "aws_s3control_object_lambda_access_point": awsS3ControlObjectLambdaAccessPoint, "aws_s3control_object_lambda_access_point_policy": awsS3ControlObjectLambdaAccessPointPolicy, "aws_s3control_storage_lens_configuration": awsS3ControlStorageLensConfiguration, + "aws_opensearch_authorize_vpc_endpoint_access": awsOpensearchAuthorizeVpcEndpointAccess, + "aws_opensearch_domain_saml_options": awsOpensearchDomainSamlOptions, + "aws_opensearch_inbound_connection_accepter": awsOpensearchInboundConnectionAccepter, + "aws_opensearch_outbound_connection": awsOpensearchOutboundConnection, + "aws_opensearch_package": awsOpensearchPackage, + "aws_opensearch_package_association": awsOpensearchPackageAssociation, + "aws_opensearch_vpc_endpoint": awsOpensearchVPCEndpoint, + "aws_service_discovery_http_namespace": awsServiceDiscoveryHttpNamespace, + "aws_service_discovery_instance": awsServiceDiscoveryInstance, + "aws_service_discovery_private_dns_namespace": awsServiceDiscoveryPrivateDNSNamespace, + "aws_service_discovery_public_dns_namespace": awsServiceDiscoveryPublicDNSNamespace, + "aws_service_discovery_service": awsServiceDiscoveryService, + "aws_macie2_account": awsMacieAccount, + "aws_macie2_classification_export_configuration": awsMacieClassificationExportConfiguration, + "aws_macie2_classification_job": awsMacieClassificationJob, + "aws_macie2_invitation_accepter": awsMacieInvitationAccepter, + "aws_macie2_member": awsMacieMember, + "aws_macie2_organization_admin_account": awsMacieOrganizationAdminAccount, + "aws_vpc_endpoint_policy": awsVpcEndpointPolicy, + "aws_vpc_endpoint_private_dns": awsVpcEndpointPrivateDns, + "aws_vpc_endpoint_security_group_association": awsVpcEndpointSecurityGroupAssociation, + "aws_vpc_endpoint_service_allowed_principal": awsVpcEndpointServiceAllowedPrincipal, + "aws_vpc_endpoint_service_private_dns_verification": awsVpcEndpointServicePrivateDnsVerification, + "aws_vpc_ipam_organization_admin_account": awsVpcIpamOrganizationAdminAccount, + "aws_vpc_ipv6_cidr_block_association": awsVpcIpv6CidrBlockAssociation, + "aws_vpc_network_performance_metric_subscription": awsVpcNetworkPerformanceMetricSubscription, + "aws_vpc_security_group_vpc_association": awsVpcSecurityGroupAssociation, + "aws_vpclattice_service_network_resource_association": awsVpclatticeServiceNetworkResourceAssociation, } // GetAWSPermissions for AWS resources. diff --git a/src/coverage/aws.md b/src/coverage/aws.md index b077df5b..4471bb47 100644 --- a/src/coverage/aws.md +++ b/src/coverage/aws.md @@ -1,6 +1,6 @@ # todo aws -Resource percentage coverage 94.04 +Resource percentage coverage 95.94 Datasource percentage coverage 100.00 ./resource.ps1 aws_cognito_managed_user_pool_client @@ -28,12 +28,6 @@ Datasource percentage coverage 100.00 ./resource.ps1 aws_iot_thing_principal_attachment ./resource.ps1 aws_lb_listener_certificate ./resource.ps1 aws_lb_ssl_negotiation_policy -./resource.ps1 aws_macie2_account -./resource.ps1 aws_macie2_classification_export_configuration -./resource.ps1 aws_macie2_classification_job -./resource.ps1 aws_macie2_invitation_accepter -./resource.ps1 aws_macie2_member -./resource.ps1 aws_macie2_organization_admin_account ./resource.ps1 aws_main_route_table_association ./resource.ps1 aws_memorydb_multi_region_cluster ./resource.ps1 aws_msk_single_scram_secret_association @@ -47,13 +41,6 @@ Datasource percentage coverage 100.00 ./resource.ps1 aws_networkmanager_transit_gateway_connect_peer_association ./resource.ps1 aws_networkmonitor_monitor ./resource.ps1 aws_networkmonitor_probe -./resource.ps1 aws_opensearch_authorize_vpc_endpoint_access -./resource.ps1 aws_opensearch_domain_saml_options -./resource.ps1 aws_opensearch_inbound_connection_accepter -./resource.ps1 aws_opensearch_outbound_connection -./resource.ps1 aws_opensearch_package -./resource.ps1 aws_opensearch_package_association -./resource.ps1 aws_opensearch_vpc_endpoint ./resource.ps1 aws_organizations_delegated_administrator ./resource.ps1 aws_prometheus_rule_group_namespace ./resource.ps1 aws_qldb_ledger @@ -67,11 +54,6 @@ Datasource percentage coverage 100.00 ./resource.ps1 aws_securityhub_invite_accepter ./resource.ps1 aws_securityhub_member ./resource.ps1 aws_serverlessapplicationrepository_cloudformation_stack -./resource.ps1 aws_service_discovery_http_namespace -./resource.ps1 aws_service_discovery_instance -./resource.ps1 aws_service_discovery_private_dns_namespace -./resource.ps1 aws_service_discovery_public_dns_namespace -./resource.ps1 aws_service_discovery_service ./resource.ps1 aws_servicecatalog_provisioning_artifact ./resource.ps1 aws_shield_application_layer_automatic_response ./resource.ps1 aws_shield_drt_access_log_bucket_association @@ -81,13 +63,3 @@ Datasource percentage coverage 100.00 ./resource.ps1 aws_verifiedaccess_instance_trust_provider_attachment ./resource.ps1 aws_verifiedpermissions_schema ./resource.ps1 aws_vpc_endpoint_connection_accepter -./resource.ps1 aws_vpc_endpoint_policy -./resource.ps1 aws_vpc_endpoint_private_dns -./resource.ps1 aws_vpc_endpoint_security_group_association -./resource.ps1 aws_vpc_endpoint_service_allowed_principal -./resource.ps1 aws_vpc_endpoint_service_private_dns_verification -./resource.ps1 aws_vpc_ipam_organization_admin_account -./resource.ps1 aws_vpc_ipv6_cidr_block_association -./resource.ps1 aws_vpc_network_performance_metric_subscription -./resource.ps1 aws_vpc_security_group_vpc_association -./resource.ps1 aws_vpclattice_service_network_resource_association diff --git a/src/files_aws.go b/src/files_aws.go index c7574f8d..25bccca0 100644 --- a/src/files_aws.go +++ b/src/files_aws.go @@ -525,3 +525,87 @@ var awsS3ControlObjectLambdaAccessPointPolicy []byte //go:embed mapping/aws/resource/s3/aws_s3control_storage_lens_configuration.json var awsS3ControlStorageLensConfiguration []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_authorize_vpc_endpoint_access.json +var awsOpensearchAuthorizeVpcEndpointAccess []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_domain_saml_options.json +var awsOpensearchDomainSamlOptions []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_inbound_connection_accepter.json +var awsOpensearchInboundConnectionAccepter []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_outbound_connection.json +var awsOpensearchOutboundConnection []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_package.json +var awsOpensearchPackage []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_package_association.json +var awsOpensearchPackageAssociation []byte + +//go:embed mapping/aws/resource/es/aws_opensearch_vpc_endpoint.json +var awsOpensearchVPCEndpoint []byte + +//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_http_namespace.json +var awsServiceDiscoveryHttpNamespace []byte + +//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_instance.json +var awsServiceDiscoveryInstance []byte + +//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_private_dns_namespace.json +var awsServiceDiscoveryPrivateDNSNamespace []byte + +//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_public_dns_namespace.json +var awsServiceDiscoveryPublicDNSNamespace []byte + +//go:embed mapping/aws/resource/servicediscovery/aws_service_discovery_service.json +var awsServiceDiscoveryService []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_account.json +var awsMacieAccount []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_classification_export_configuration.json +var awsMacieClassificationExportConfiguration []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_classification_job.json +var awsMacieClassificationJob []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_invitation_accepter.json +var awsMacieInvitationAccepter []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_member.json +var awsMacieMember []byte + +//go:embed mapping/aws/resource/macie2/aws_macie2_organization_admin_account.json +var awsMacieOrganizationAdminAccount []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_policy.json +var awsVpcEndpointPolicy []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_private_dns.json +var awsVpcEndpointPrivateDns []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_security_group_association.json +var awsVpcEndpointSecurityGroupAssociation []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_service_allowed_principal.json +var awsVpcEndpointServiceAllowedPrincipal []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_endpoint_service_private_dns_verification.json +var awsVpcEndpointServicePrivateDnsVerification []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_ipam_organization_admin_account.json +var awsVpcIpamOrganizationAdminAccount []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_ipv6_cidr_block_association.json +var awsVpcIpv6CidrBlockAssociation []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_network_performance_metric_subscription.json +var awsVpcNetworkPerformanceMetricSubscription []byte + +//go:embed mapping/aws/resource/ec2/aws_vpc_security_group_vpc_association.json +var awsVpcSecurityGroupAssociation []byte + +//go:embed mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_resource_association.json +var awsVpclatticeServiceNetworkResourceAssociation []byte diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_connection_accepter.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_connection_accepter.json new file mode 100644 index 00000000..a4907acf --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_connection_accepter.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:AcceptVpcEndpointConnections", + "ec2:RejectVpcEndpointConnections", + "ec2:DescribeVpcEndpointConnections" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_policy.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_policy.json new file mode 100644 index 00000000..7387a509 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_policy.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ec2:ModifyVerifiedAccessEndpointPolicy", + "ec2:GetVerifiedAccessEndpointPolicy" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_private_dns.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_private_dns.json new file mode 100644 index 00000000..cbc79d7a --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_private_dns.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ec2:StartVpcEndpointServicePrivateDnsVerification" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_security_group_association.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_security_group_association.json new file mode 100644 index 00000000..3e7d887a --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_security_group_association.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:AssociateSecurityGroupVpc", + "ec2:DescribeSecurityGroupVpcAssociations", + "ec2:DisassociateSecurityGroupVpc" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_allowed_principal.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_allowed_principal.json new file mode 100644 index 00000000..9cae2756 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_allowed_principal.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ec2:ModifyVpcEndpointServicePermissions" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_private_dns_verification.json b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_private_dns_verification.json new file mode 100644 index 00000000..cbc79d7a --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_endpoint_service_private_dns_verification.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "ec2:StartVpcEndpointServicePrivateDnsVerification" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_organization_admin_account.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_organization_admin_account.json new file mode 100644 index 00000000..d7c85193 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_ipam_organization_admin_account.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "ec2:DisableIpamOrganizationAdminAccount", + "ec2:EnableIpamOrganizationAdminAccount" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool.json index d92a1452..33ece605 100644 --- a/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool.json +++ b/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool.json @@ -4,7 +4,8 @@ "ec2:CreateIpamPool", "ec2:DescribeIpamPools", "ec2:DeleteIpamPool", - "ec2:ModifyIpamPool" + "ec2:ModifyIpamPool", + "ec2:DescribeIpamScopes" ], "attributes": { "tags": [ diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipv6_cidr_block_association.json b/src/mapping/aws/resource/ec2/aws_vpc_ipv6_cidr_block_association.json new file mode 100644 index 00000000..95a9b221 --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_ipv6_cidr_block_association.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:AssociateVpcCidrBlock", + "ec2:AllocateIpamPoolCidr", + "ec2:DisassociateVpcCidrBlock" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_network_performance_metric_subscription.json b/src/mapping/aws/resource/ec2/aws_vpc_network_performance_metric_subscription.json new file mode 100644 index 00000000..d797af1e --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_network_performance_metric_subscription.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:DescribeAwsNetworkPerformanceMetricSubscriptions", + "ec2:DisableAwsNetworkPerformanceMetricSubscription", + "ec2:EnableAwsNetworkPerformanceMetricSubscription" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/ec2/aws_vpc_security_group_vpc_association.json b/src/mapping/aws/resource/ec2/aws_vpc_security_group_vpc_association.json new file mode 100644 index 00000000..3e7d887a --- /dev/null +++ b/src/mapping/aws/resource/ec2/aws_vpc_security_group_vpc_association.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "ec2:AssociateSecurityGroupVpc", + "ec2:DescribeSecurityGroupVpcAssociations", + "ec2:DisassociateSecurityGroupVpc" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_opensearch_authorize_vpc_endpoint_access.json b/src/mapping/aws/resource/es/aws_opensearch_authorize_vpc_endpoint_access.json new file mode 100644 index 00000000..10ea9948 --- /dev/null +++ b/src/mapping/aws/resource/es/aws_opensearch_authorize_vpc_endpoint_access.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "es:AuthorizeVpcEndpointAccess", + "es:RevokeVpcEndpointAccess" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_opensearch_domain_saml_options.json b/src/mapping/aws/resource/es/aws_opensearch_domain_saml_options.json new file mode 100644 index 00000000..45e4fdaf --- /dev/null +++ b/src/mapping/aws/resource/es/aws_opensearch_domain_saml_options.json @@ -0,0 +1,11 @@ +[ + { + "apply": [], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_opensearch_inbound_connection_accepter.json b/src/mapping/aws/resource/es/aws_opensearch_inbound_connection_accepter.json new file mode 100644 index 00000000..08a11448 --- /dev/null +++ b/src/mapping/aws/resource/es/aws_opensearch_inbound_connection_accepter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "es:AcceptInboundConnection" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_opensearch_outbound_connection.json b/src/mapping/aws/resource/es/aws_opensearch_outbound_connection.json new file mode 100644 index 00000000..2d377d48 --- /dev/null +++ b/src/mapping/aws/resource/es/aws_opensearch_outbound_connection.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "es:DescribeOutboundConnections", + "es:CreateOutboundConnection", + "es:DeleteOutboundConnection" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_opensearch_package.json b/src/mapping/aws/resource/es/aws_opensearch_package.json new file mode 100644 index 00000000..ed1b2138 --- /dev/null +++ b/src/mapping/aws/resource/es/aws_opensearch_package.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "es:CreatePackage", + "es:DeletePackage", + "es:UpdatePackage" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_opensearch_package_association.json b/src/mapping/aws/resource/es/aws_opensearch_package_association.json new file mode 100644 index 00000000..75105b56 --- /dev/null +++ b/src/mapping/aws/resource/es/aws_opensearch_package_association.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "es:AssociatePackage" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/es/aws_opensearch_vpc_endpoint.json b/src/mapping/aws/resource/es/aws_opensearch_vpc_endpoint.json new file mode 100644 index 00000000..138fefc4 --- /dev/null +++ b/src/mapping/aws/resource/es/aws_opensearch_vpc_endpoint.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "es:DescribeVpcEndpoints", + "es:CreateVpcEndpoint", + "es:DeleteVpcEndpoint", + "es:UpdateVpcEndpoint" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_account.json b/src/mapping/aws/resource/macie2/aws_macie2_account.json new file mode 100644 index 00000000..86396b07 --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_account.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "macie2:EnableMacie", + "iam:CreateServiceLinkedRole", + "macie2:GetMacieSession", + "macie2:DisableMacie" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_classification_export_configuration.json b/src/mapping/aws/resource/macie2/aws_macie2_classification_export_configuration.json new file mode 100644 index 00000000..5f810e9b --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_classification_export_configuration.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "macie2:GetClassificationExportConfiguration", + "macie2:PutClassificationExportConfiguration" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_classification_job.json b/src/mapping/aws/resource/macie2/aws_macie2_classification_job.json new file mode 100644 index 00000000..90fb5776 --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_classification_job.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "macie2:DescribeClassificationJob", + "macie2:CreateClassificationJob", + "macie2:UpdateClassificationJob" + ], + "attributes": { + "tags": [ + "macie2:TagResource", + "macie2:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_invitation_accepter.json b/src/mapping/aws/resource/macie2/aws_macie2_invitation_accepter.json new file mode 100644 index 00000000..484723ef --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_invitation_accepter.json @@ -0,0 +1,13 @@ +[ + { + "apply": [ + "macie2:AcceptInvitation" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_member.json b/src/mapping/aws/resource/macie2/aws_macie2_member.json new file mode 100644 index 00000000..b6dacd9b --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_member.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "macie2:GetMember", + "macie2:DeleteMember", + "macie2:CreateMember" + ], + "attributes": { + "tags": [ + "macie2:TagResource", + "macie2:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/macie2/aws_macie2_organization_admin_account.json b/src/mapping/aws/resource/macie2/aws_macie2_organization_admin_account.json new file mode 100644 index 00000000..a4373af9 --- /dev/null +++ b/src/mapping/aws/resource/macie2/aws_macie2_organization_admin_account.json @@ -0,0 +1,14 @@ +[ + { + "apply": [ + "macie2:EnableOrganizationAdminAccount", + "macie2:DisableOrganizationAdminAccount" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/servicediscovery/aws_service_discovery_http_namespace.json b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_http_namespace.json new file mode 100644 index 00000000..ff729645 --- /dev/null +++ b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_http_namespace.json @@ -0,0 +1,21 @@ +[ + { + "apply": [ + "servicediscovery:GetNamespace", + "servicediscovery:CreateHttpNamespace", + "servicediscovery:DeleteNamespace", + "servicediscovery:UpdateHttpNamespace", + "servicediscovery:ListTagsForResource", + "servicediscovery:GetOperation" + ], + "attributes": { + "tags": [ + "servicediscovery:TagResource", + "servicediscovery:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/servicediscovery/aws_service_discovery_instance.json b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_instance.json new file mode 100644 index 00000000..44ce5c7c --- /dev/null +++ b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_instance.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "servicediscovery:GetInstance", + "servicediscovery:DeregisterInstance", + "servicediscovery:RegisterInstance" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/servicediscovery/aws_service_discovery_private_dns_namespace.json b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_private_dns_namespace.json new file mode 100644 index 00000000..74e05c72 --- /dev/null +++ b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_private_dns_namespace.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "servicediscovery:CreatePrivateDnsNamespace", + "servicediscovery:UpdatePrivateDnsNamespace", + "servicediscovery:ListTagsForResource" + ], + "attributes": { + "tags": [ + "servicediscovery:TagResource", + "servicediscovery:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/servicediscovery/aws_service_discovery_public_dns_namespace.json b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_public_dns_namespace.json new file mode 100644 index 00000000..7e52e0a5 --- /dev/null +++ b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_public_dns_namespace.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "servicediscovery:CreatePublicDnsNamespace", + "servicediscovery:UpdatePublicDnsNamespace", + "servicediscovery:ListTagsForResource" + ], + "attributes": { + "tags": [ + "servicediscovery:TagResource", + "servicediscovery:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/servicediscovery/aws_service_discovery_service.json b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_service.json new file mode 100644 index 00000000..bb8fa027 --- /dev/null +++ b/src/mapping/aws/resource/servicediscovery/aws_service_discovery_service.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "servicediscovery:ListTagsForResource", + "servicediscovery:GetService", + "servicediscovery:CreateService", + "servicediscovery:DeleteService", + "servicediscovery:UpdateService" + ], + "attributes": { + "tags": [ + "servicediscovery:TagResource", + "servicediscovery:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_resource_association.json b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_resource_association.json new file mode 100644 index 00000000..3d65bf8c --- /dev/null +++ b/src/mapping/aws/resource/vpc-lattice/aws_vpclattice_service_network_resource_association.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "vpc-lattice:CreateServiceNetworkServiceAssociation", + "vpc-lattice:DeleteServiceNetworkServiceAssociation", + "vpc-lattice:GetServiceNetworkServiceAssociation" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/terraform/aws/backup/aws_macie2_account.tf b/terraform/aws/backup/aws_macie2_account.tf new file mode 100644 index 00000000..473883a6 --- /dev/null +++ b/terraform/aws/backup/aws_macie2_account.tf @@ -0,0 +1,4 @@ +resource "aws_macie2_account" "pike" { + finding_publishing_frequency = "FIFTEEN_MINUTES" + status = "ENABLED" +} diff --git a/terraform/aws/backup/aws_macie2_classification_export_configuration.tf b/terraform/aws/backup/aws_macie2_classification_export_configuration.tf new file mode 100644 index 00000000..8c012987 --- /dev/null +++ b/terraform/aws/backup/aws_macie2_classification_export_configuration.tf @@ -0,0 +1 @@ +resource "aws_macie2_classification_export_configuration" "pike" {} diff --git a/terraform/aws/backup/aws_macie2_classification_job.tf b/terraform/aws/backup/aws_macie2_classification_job.tf new file mode 100644 index 00000000..55c47ebb --- /dev/null +++ b/terraform/aws/backup/aws_macie2_classification_job.tf @@ -0,0 +1 @@ +resource "aws_macie2_classification_job" "pike" {} diff --git a/terraform/aws/backup/aws_macie2_invitation_accepter.tf b/terraform/aws/backup/aws_macie2_invitation_accepter.tf new file mode 100644 index 00000000..7eb30da6 --- /dev/null +++ b/terraform/aws/backup/aws_macie2_invitation_accepter.tf @@ -0,0 +1 @@ +resource "aws_macie2_invitation_accepter" "pike" {} diff --git a/terraform/aws/backup/aws_macie2_member.tf b/terraform/aws/backup/aws_macie2_member.tf new file mode 100644 index 00000000..3cd987b9 --- /dev/null +++ b/terraform/aws/backup/aws_macie2_member.tf @@ -0,0 +1 @@ +resource "aws_macie2_member" "pike" {} diff --git a/terraform/aws/backup/aws_macie2_organization_admin_account.tf b/terraform/aws/backup/aws_macie2_organization_admin_account.tf new file mode 100644 index 00000000..5c70d6e4 --- /dev/null +++ b/terraform/aws/backup/aws_macie2_organization_admin_account.tf @@ -0,0 +1 @@ +resource "aws_macie2_organization_admin_account" "pike" {} diff --git a/terraform/aws/backup/aws_opensearch_authorize_vpc_endpoint_access.tf b/terraform/aws/backup/aws_opensearch_authorize_vpc_endpoint_access.tf new file mode 100644 index 00000000..c9554bb2 --- /dev/null +++ b/terraform/aws/backup/aws_opensearch_authorize_vpc_endpoint_access.tf @@ -0,0 +1 @@ +resource "aws_opensearch_authorize_vpc_endpoint_access" "pike" {} diff --git a/terraform/aws/backup/aws_opensearch_domain_saml_options.tf b/terraform/aws/backup/aws_opensearch_domain_saml_options.tf new file mode 100644 index 00000000..fb1dac52 --- /dev/null +++ b/terraform/aws/backup/aws_opensearch_domain_saml_options.tf @@ -0,0 +1 @@ +resource "aws_opensearch_domain_saml_options" "pike" {} diff --git a/terraform/aws/backup/aws_opensearch_inbound_connection_accepter.tf b/terraform/aws/backup/aws_opensearch_inbound_connection_accepter.tf new file mode 100644 index 00000000..7015ef87 --- /dev/null +++ b/terraform/aws/backup/aws_opensearch_inbound_connection_accepter.tf @@ -0,0 +1 @@ +resource "aws_opensearch_inbound_connection_accepter" "pike" {} diff --git a/terraform/aws/backup/aws_opensearch_outbound_connection.tf b/terraform/aws/backup/aws_opensearch_outbound_connection.tf new file mode 100644 index 00000000..139b95b1 --- /dev/null +++ b/terraform/aws/backup/aws_opensearch_outbound_connection.tf @@ -0,0 +1 @@ +resource "aws_opensearch_outbound_connection" "pike" {} diff --git a/terraform/aws/backup/aws_opensearch_package.tf b/terraform/aws/backup/aws_opensearch_package.tf new file mode 100644 index 00000000..4724a291 --- /dev/null +++ b/terraform/aws/backup/aws_opensearch_package.tf @@ -0,0 +1 @@ +resource "aws_opensearch_package" "pike" {} diff --git a/terraform/aws/backup/aws_opensearch_package_association.tf b/terraform/aws/backup/aws_opensearch_package_association.tf new file mode 100644 index 00000000..a66f236d --- /dev/null +++ b/terraform/aws/backup/aws_opensearch_package_association.tf @@ -0,0 +1 @@ +resource "aws_opensearch_package_association" "pike" {} diff --git a/terraform/aws/backup/aws_opensearch_vpc_endpoint.tf b/terraform/aws/backup/aws_opensearch_vpc_endpoint.tf new file mode 100644 index 00000000..742d5b28 --- /dev/null +++ b/terraform/aws/backup/aws_opensearch_vpc_endpoint.tf @@ -0,0 +1 @@ +resource "aws_opensearch_vpc_endpoint" "pike" {} diff --git a/terraform/aws/backup/aws_service_discovery_http_namespace.tf b/terraform/aws/backup/aws_service_discovery_http_namespace.tf new file mode 100644 index 00000000..79614f83 --- /dev/null +++ b/terraform/aws/backup/aws_service_discovery_http_namespace.tf @@ -0,0 +1,7 @@ +resource "aws_service_discovery_http_namespace" "pike" { + name = "pike" + description = "A service discovery http namespace." + tags = { + pike = "permissions" + } +} diff --git a/terraform/aws/backup/aws_service_discovery_instance.tf b/terraform/aws/backup/aws_service_discovery_instance.tf new file mode 100644 index 00000000..a81a956c --- /dev/null +++ b/terraform/aws/backup/aws_service_discovery_instance.tf @@ -0,0 +1 @@ +resource "aws_service_discovery_instance" "pike" {} diff --git a/terraform/aws/backup/aws_service_discovery_private_dns_namespace.tf b/terraform/aws/backup/aws_service_discovery_private_dns_namespace.tf new file mode 100644 index 00000000..55848ac3 --- /dev/null +++ b/terraform/aws/backup/aws_service_discovery_private_dns_namespace.tf @@ -0,0 +1 @@ +resource "aws_service_discovery_private_dns_namespace" "pike" {} diff --git a/terraform/aws/backup/aws_service_discovery_public_dns_namespace.tf b/terraform/aws/backup/aws_service_discovery_public_dns_namespace.tf new file mode 100644 index 00000000..3672b1b7 --- /dev/null +++ b/terraform/aws/backup/aws_service_discovery_public_dns_namespace.tf @@ -0,0 +1,4 @@ +resource "aws_service_discovery_public_dns_namespace" "pike" { + name = "services.pike.com" + description = "example" +} diff --git a/terraform/aws/backup/aws_service_discovery_service.tf b/terraform/aws/backup/aws_service_discovery_service.tf new file mode 100644 index 00000000..2a9a7a2f --- /dev/null +++ b/terraform/aws/backup/aws_service_discovery_service.tf @@ -0,0 +1,3 @@ +resource "aws_service_discovery_service" "pike" { + +} diff --git a/terraform/aws/backup/aws_vpc_endpoint_connection_accepter.tf b/terraform/aws/backup/aws_vpc_endpoint_connection_accepter.tf new file mode 100644 index 00000000..1335fcc0 --- /dev/null +++ b/terraform/aws/backup/aws_vpc_endpoint_connection_accepter.tf @@ -0,0 +1 @@ +# resource "aws_vpc_endpoint_connection_accepter" "pike" {} diff --git a/terraform/aws/backup/aws_vpc_endpoint_policy.tf b/terraform/aws/backup/aws_vpc_endpoint_policy.tf new file mode 100644 index 00000000..adfd2142 --- /dev/null +++ b/terraform/aws/backup/aws_vpc_endpoint_policy.tf @@ -0,0 +1,20 @@ + +resource "aws_vpc_endpoint_policy" "example" { + vpc_endpoint_id = aws_vpc_endpoint.example.id + policy = jsonencode({ + "Version" : "2012-10-17", + "Statement" : [ + { + "Sid" : "AllowAll", + "Effect" : "Allow", + "Principal" : { + "AWS" : "*" + }, + "Action" : [ + "dynamodb:*" + ], + "Resource" : "*" + } + ] + }) +} diff --git a/terraform/aws/backup/aws_vpc_endpoint_private_dns.tf b/terraform/aws/backup/aws_vpc_endpoint_private_dns.tf new file mode 100644 index 00000000..0d8fa86b --- /dev/null +++ b/terraform/aws/backup/aws_vpc_endpoint_private_dns.tf @@ -0,0 +1,26 @@ + +resource "aws_vpc_endpoint_private_dns" "pike" { + vpc_endpoint_id = aws_vpc_endpoint.example.id + private_dns_enabled = true +} + +resource "aws_vpc" "example" { + cidr_block = "10.0.0.0/16" + enable_dns_support = true + enable_dns_hostnames = true +} + +resource "aws_vpc_endpoint" "example" { + + vpc_id = aws_vpc.example.id + service_name = "com.amazonaws.eu-west-2.ec2" + vpc_endpoint_type = "Interface" + + security_group_ids = [ + aws_security_group.sg1.id, + ] + + private_dns_enabled = true +} + +resource "aws_security_group" "sg1" {} diff --git a/terraform/aws/backup/aws_vpc_endpoint_security_group_association.tf b/terraform/aws/backup/aws_vpc_endpoint_security_group_association.tf new file mode 100644 index 00000000..a727e5c4 --- /dev/null +++ b/terraform/aws/backup/aws_vpc_endpoint_security_group_association.tf @@ -0,0 +1,8 @@ + +resource "aws_vpc_endpoint_security_group_association" "sg_ec2" { + vpc_endpoint_id = aws_vpc_endpoint.example.id + security_group_id = aws_security_group.sg.id +} + + +resource "aws_security_group" "sg" {} diff --git a/terraform/aws/backup/aws_vpc_endpoint_service_allowed_principal.tf b/terraform/aws/backup/aws_vpc_endpoint_service_allowed_principal.tf new file mode 100644 index 00000000..48bb3a5b --- /dev/null +++ b/terraform/aws/backup/aws_vpc_endpoint_service_allowed_principal.tf @@ -0,0 +1,16 @@ +data "aws_caller_identity" "current" {} + +resource "aws_vpc_endpoint_service_allowed_principal" "pike" { + vpc_endpoint_service_id = data.aws_vpc_endpoint_service.example.service_id + principal_arn = data.aws_caller_identity.current.arn +} + + +data "aws_vpc_endpoint_service" "example" { + service = "s3" + service_type = "Gateway" +} + +output "service" { + value = data.aws_vpc_endpoint_service.example.service_name +} diff --git a/terraform/aws/backup/aws_vpc_endpoint_service_private_dns_verification.tf b/terraform/aws/backup/aws_vpc_endpoint_service_private_dns_verification.tf new file mode 100644 index 00000000..3cc61330 --- /dev/null +++ b/terraform/aws/backup/aws_vpc_endpoint_service_private_dns_verification.tf @@ -0,0 +1,17 @@ +resource "aws_vpc_endpoint_service_private_dns_verification" "pike" { + service_id = data.aws_vpc_endpoint_service.example.service_id +} + +data "aws_vpc_endpoint_service" "example" { + service = "s3" + service_type = "Gateway" +} + +resource "aws_vpc" "example" { + cidr_block = "10.0.0.0/16" +} + +resource "aws_vpc_endpoint" "example" { + service_name = data.aws_vpc_endpoint_service.example.service_name + vpc_id = aws_vpc.example.id +} diff --git a/terraform/aws/backup/aws_vpc_ipam_organization_admin_account.tf b/terraform/aws/backup/aws_vpc_ipam_organization_admin_account.tf new file mode 100644 index 00000000..702d2dab --- /dev/null +++ b/terraform/aws/backup/aws_vpc_ipam_organization_admin_account.tf @@ -0,0 +1 @@ +resource "aws_vpc_ipam_organization_admin_account" "pike" {} diff --git a/terraform/aws/backup/aws_vpc_ipv6_cidr_block_association.tf b/terraform/aws/backup/aws_vpc_ipv6_cidr_block_association.tf new file mode 100644 index 00000000..488be350 --- /dev/null +++ b/terraform/aws/backup/aws_vpc_ipv6_cidr_block_association.tf @@ -0,0 +1,19 @@ +resource "aws_vpc_ipv6_cidr_block_association" "pike" { + ipv6_ipam_pool_id = aws_vpc_ipam_pool.example.id + vpc_id = aws_vpc.example.id + ipv6_netmask_length = 60 +} + +data "aws_region" "current" {} + +resource "aws_vpc_ipam" "example" { + operating_regions { + region_name = data.aws_region.current.name + } +} + +resource "aws_vpc_ipam_pool" "example" { + address_family = "ipv4" + ipam_scope_id = aws_vpc_ipam.example.private_default_scope_id + locale = data.aws_region.current.name +} diff --git a/terraform/aws/backup/aws_vpc_network_performance_metric_subscription.tf b/terraform/aws/backup/aws_vpc_network_performance_metric_subscription.tf new file mode 100644 index 00000000..dd5b3191 --- /dev/null +++ b/terraform/aws/backup/aws_vpc_network_performance_metric_subscription.tf @@ -0,0 +1 @@ +resource "aws_vpc_network_performance_metric_subscription" "pike" {} diff --git a/terraform/aws/backup/aws_vpc_security_group_vpc_association.tf b/terraform/aws/backup/aws_vpc_security_group_vpc_association.tf new file mode 100644 index 00000000..fdfad4e5 --- /dev/null +++ b/terraform/aws/backup/aws_vpc_security_group_vpc_association.tf @@ -0,0 +1,6 @@ +resource "aws_vpc_security_group_vpc_association" "pike" { + vpc_id = aws_vpc.example.id + security_group_id = aws_security_group.example2.id +} + +resource "aws_security_group" "example2" {} diff --git a/terraform/aws/backup/aws_vpclattice_service_network_resource_association.tf b/terraform/aws/backup/aws_vpclattice_service_network_resource_association.tf new file mode 100644 index 00000000..d078fd93 --- /dev/null +++ b/terraform/aws/backup/aws_vpclattice_service_network_resource_association.tf @@ -0,0 +1 @@ +resource "aws_vpclattice_service_network_resource_association" "pike" {} diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf index 8b4c0a31..e4f45b61 100644 --- a/terraform/aws/role/aws_iam_policy.basic.tf +++ b/terraform/aws/role/aws_iam_policy.basic.tf @@ -7,15 +7,55 @@ resource "aws_iam_policy" "basic" { "Sid" : "VisualEditor0", "Effect" : "Allow", "Action" : [ + "dynamodb:DeleteItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", + "dynamodb:PutItem", + "ec2:CreateIpam", + "ec2:CreateIpamPool", + "ec2:CreateSecurityGroup", + "ec2:CreateVPC", + "ec2:CreateVpcEndpoint", + "ec2:DeleteIpam", + "ec2:DeleteIpamPool", + "ec2:DeleteSecurityGroup", + "ec2:DeleteVPC", + "ec2:DeleteVpcEndpoints", + "ec2:DescribeAccountAttributes", + "ec2:DescribeIpamPools", + "ec2:DescribeIpams", + "ec2:DescribeNetworkAcls", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribePrefixLists", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeTags", + "ec2:DescribeVpcAttribute", + "ec2:DescribeVpcEndpointServices", + "ec2:DescribeVpcEndpoints", + "ec2:DescribeVpcs", + "ec2:ModifyIpam", + "ec2:ModifyIpamPool", + "ec2:ModifyVpcAttribute", + "ec2:ModifyVpcEndpoint", + "ec2:ModifyVpcTenancy", + "ec2:RevokeSecurityGroupEgress", + # "iam:CreateServiceLinkedRole", + "s3:DeleteObject", + "s3:GetObject", "s3:ListBucket", "s3:PutObject", - "s3:GetObject", - "s3:GetObjectTagging", - "kms:DescribeKey", - "kms:Encrypt", + "vpc-lattice:CreateServiceNetworkVpcEndpointAssociation", + "vpc-lattice:DescribeServiceNetworkVpcEndpointAssociation", + "ec2:DescribeIpamScopes", + "ec2:AssociateSecurityGroupVpc", + "ec2:AssociateVpcCidrBlock", + "ec2:AllocateIpamPoolCidr", + "ec2:DescribeSecurityGroupVpcAssociations", + "ec2:DisassociateSecurityGroupVpc", + + "ec2:ModifyVpcEndpointServicePermissions" - "s3:ListBucketVersions", - "s3:DeleteObjectVersion" ], "Resource" : [ "*"