diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 99d7e916..1fd4e617 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -43,6 +43,6 @@ jobs: run: go test ./... -coverprofile=./cover.out - name: Upload coverage reports to Codecov - uses: codecov/codecov-action@cb6530fbecd68d5f1ee7a3dcd113450ea8d5d6d4 # v5.1.2 + uses: codecov/codecov-action@bc114756858cde29e12b6c88f6224db397f7447a # v5.2.0 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 99ce03cf..2886a8c9 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -43,7 +43,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@3407610120cd5656b6fc71991415cb50748b9489 # codeql-bundle-v2.20.1 + uses: github/codeql-action/init@d90e07f32eb48924444e8069d5f1fbaaad678989 # codeql-bundle-v2.20.2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -57,7 +57,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@3407610120cd5656b6fc71991415cb50748b9489 # codeql-bundle-v2.20.1 + uses: github/codeql-action/autobuild@d90e07f32eb48924444e8069d5f1fbaaad678989 # codeql-bundle-v2.20.2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -70,4 +70,4 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@3407610120cd5656b6fc71991415cb50748b9489 # codeql-bundle-v2.20.1 + uses: github/codeql-action/analyze@d90e07f32eb48924444e8069d5f1fbaaad678989 # codeql-bundle-v2.20.2 diff --git a/src/aws.go b/src/aws.go index 1837993a..65e4c159 100644 --- a/src/aws.go +++ b/src/aws.go @@ -1093,6 +1093,15 @@ var ( "aws_xray_group": awsXrayGroup, "aws_xray_sampling_rule": awsXraySamplingRule, "backend": s3backend, + "aws_api_gateway_domain_name_access_association": awsApiGatewayDomainNameAccessAssociation, + "aws_appconfig_deployment_strategy": awsAppconfigDeploymentStrategy, + "aws_appmesh_gateway_route": awsAppmeshGatewayRoute, + "aws_appmesh_mesh": awsAppmeshMesh, + "aws_appmesh_route": awsAppmeshRoute, + "aws_appmesh_virtual_gateway": awsAppmeshVirtualGateway, + "aws_appmesh_virtual_node": awsAppmeshVirtualNode, + "aws_appmesh_virtual_router": awsAppmeshVirtualRouter, + "aws_appmesh_virtual_service": awsAppmeshVirtualService, } ) diff --git a/src/coverage/aws.md b/src/coverage/aws.md index dd2f2d0b..a628f99b 100644 --- a/src/coverage/aws.md +++ b/src/coverage/aws.md @@ -5,20 +5,11 @@ Datasource percentage coverage 100.00 ./resource.ps1 aws_amplify_backend_environment ./resource.ps1 aws_amplify_webhook -./resource.ps1 aws_api_gateway_domain_name_access_association -./resource.ps1 aws_appconfig_deployment_strategy ./resource.ps1 aws_appfabric_app_authorization ./resource.ps1 aws_appfabric_app_authorization_connection ./resource.ps1 aws_appfabric_app_bundle ./resource.ps1 aws_appfabric_ingestion ./resource.ps1 aws_appfabric_ingestion_destination -./resource.ps1 aws_appmesh_gateway_route -./resource.ps1 aws_appmesh_mesh -./resource.ps1 aws_appmesh_route -./resource.ps1 aws_appmesh_virtual_gateway -./resource.ps1 aws_appmesh_virtual_node -./resource.ps1 aws_appmesh_virtual_router -./resource.ps1 aws_appmesh_virtual_service ./resource.ps1 aws_apprunner_connection ./resource.ps1 aws_apprunner_custom_domain_association ./resource.ps1 aws_apprunner_deployment diff --git a/src/files.go b/src/files.go index b654b502..85fa8bdf 100644 --- a/src/files.go +++ b/src/files.go @@ -3069,3 +3069,30 @@ var awsS3tablesTablePolicy []byte //go:embed mapping/aws/resource/s3tables/aws_s3tables_table_bucket.json var awsS3tablesTableBucket []byte + +//go:embed mapping/aws/resource/apigateway/aws_api_gateway_domain_name_access_association.json +var awsApiGatewayDomainNameAccessAssociation []byte + +//go:embed mapping/aws/resource/appconfig/aws_appconfig_deployment_strategy.json +var awsAppconfigDeploymentStrategy []byte + +//go:embed mapping/aws/resource/appmesh/aws_appmesh_gateway_route.json +var awsAppmeshGatewayRoute []byte + +//go:embed mapping/aws/resource/appmesh/aws_appmesh_mesh.json +var awsAppmeshMesh []byte + +//go:embed mapping/aws/resource/appmesh/aws_appmesh_route.json +var awsAppmeshRoute []byte + +//go:embed mapping/aws/resource/appmesh/aws_appmesh_virtual_gateway.json +var awsAppmeshVirtualGateway []byte + +//go:embed mapping/aws/resource/appmesh/aws_appmesh_virtual_node.json +var awsAppmeshVirtualNode []byte + +//go:embed mapping/aws/resource/appmesh/aws_appmesh_virtual_router.json +var awsAppmeshVirtualRouter []byte + +//go:embed mapping/aws/resource/appmesh/aws_appmesh_virtual_service.json +var awsAppmeshVirtualService []byte diff --git a/src/mapping/aws/resource/apigateway/aws_api_gateway_domain_name_access_association.json b/src/mapping/aws/resource/apigateway/aws_api_gateway_domain_name_access_association.json new file mode 100644 index 00000000..c9fab3a2 --- /dev/null +++ b/src/mapping/aws/resource/apigateway/aws_api_gateway_domain_name_access_association.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "apigateway:POST", + "apigateway:GET", + "apigateway:DELETE" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "apigateway:DELETE", + "apigateway:GET" + ], + "modify": [], + "plan": [ + "apigateway:GET" + ] + } +] diff --git a/src/mapping/aws/resource/appconfig/aws_appconfig_deployment_strategy.json b/src/mapping/aws/resource/appconfig/aws_appconfig_deployment_strategy.json new file mode 100644 index 00000000..4de6880f --- /dev/null +++ b/src/mapping/aws/resource/appconfig/aws_appconfig_deployment_strategy.json @@ -0,0 +1,27 @@ +[ + { + "apply": [ + "appconfig:CreateDeploymentStrategy", + "appconfig:DeleteDeploymentStrategy", + "appconfig:GetDeploymentStrategy", + "appconfig:ListTagsForResource", + "appconfig:UpdateDeploymentStrategy" + ], + "attributes": { + "tags": [ + "appconfig:TagResource", + "appconfig:UntagResource" + ] + }, + "destroy": [ + "appconfig:DeleteDeploymentStrategy" + ], + "modify": [ + "appconfig:UpdateDeploymentStrategy" + ], + "plan": [ + "appconfig:GetDeploymentStrategy", + "appconfig:ListTagsForResource" + ] + } +] diff --git a/src/mapping/aws/resource/appmesh/aws_appmesh_gateway_route.json b/src/mapping/aws/resource/appmesh/aws_appmesh_gateway_route.json new file mode 100644 index 00000000..4a43db13 --- /dev/null +++ b/src/mapping/aws/resource/appmesh/aws_appmesh_gateway_route.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appmesh:DescribeGatewayRoute", + "appmesh:CreateGatewayRoute", + "appmesh:DeleteGatewayRoute", + "appmesh:UpdateGatewayRoute", + "appmesh:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appmesh:TagResource", + "appmesh:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appmesh/aws_appmesh_mesh.json b/src/mapping/aws/resource/appmesh/aws_appmesh_mesh.json new file mode 100644 index 00000000..84813f0e --- /dev/null +++ b/src/mapping/aws/resource/appmesh/aws_appmesh_mesh.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appmesh:DescribeMesh", + "appmesh:CreateMesh", + "appmesh:DeleteMesh", + "appmesh:UpdateMesh", + "appmesh:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appmesh:TagResource", + "appmesh:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appmesh/aws_appmesh_route.json b/src/mapping/aws/resource/appmesh/aws_appmesh_route.json new file mode 100644 index 00000000..898ec988 --- /dev/null +++ b/src/mapping/aws/resource/appmesh/aws_appmesh_route.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appmesh:DescribeRoute", + "appmesh:CreateRoute", + "appmesh:DeleteRoute", + "appmesh:UpdateRoute", + "appmesh:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appmesh:TagResource", + "appmesh:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_gateway.json b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_gateway.json new file mode 100644 index 00000000..2a3f2b33 --- /dev/null +++ b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_gateway.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appmesh:DescribeVirtualGateway", + "appmesh:CreateVirtualGateway", + "appmesh:DeleteVirtualGateway", + "appmesh:UpdateVirtualGateway", + "appmesh:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appmesh:TagResource", + "appmesh:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_node.json b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_node.json new file mode 100644 index 00000000..1ddf35a5 --- /dev/null +++ b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_node.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appmesh:DescribeVirtualNode", + "appmesh:CreateVirtualNode", + "appmesh:DeleteVirtualNode", + "appmesh:UpdateVirtualNode", + "appmesh:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appmesh:TagResource", + "appmesh:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_router.json b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_router.json new file mode 100644 index 00000000..044700d5 --- /dev/null +++ b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_router.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appmesh:DescribeVirtualRouter", + "appmesh:CreateVirtualRouter", + "appmesh:UpdateVirtualRouter", + "appmesh:DeleteVirtualRouter", + "appmesh:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appmesh:TagResource", + "appmesh:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_service.json b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_service.json new file mode 100644 index 00000000..237137cc --- /dev/null +++ b/src/mapping/aws/resource/appmesh/aws_appmesh_virtual_service.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appmesh:DescribeVirtualService", + "appmesh:CreateVirtualService", + "appmesh:DeleteVirtualService", + "appmesh:UpdateVirtualService", + "appmesh:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appmesh:TagResource", + "appmesh:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/terraform/aws/backup/aws_api_gateway_domain_name_access_association.tf b/terraform/aws/backup/aws_api_gateway_domain_name_access_association.tf new file mode 100644 index 00000000..268edc54 --- /dev/null +++ b/terraform/aws/backup/aws_api_gateway_domain_name_access_association.tf @@ -0,0 +1,5 @@ +resource "aws_api_gateway_domain_name_access_association" "pike" { + access_association_source = aws_vpc_endpoint.example.id + access_association_source_type = "VPCE" + domain_name_arn = aws_api_gateway_domain_name.example.domain_name_arn +} diff --git a/terraform/aws/backup/aws_appconfig_deployment_strategy.tf b/terraform/aws/backup/aws_appconfig_deployment_strategy.tf new file mode 100644 index 00000000..7051b71b --- /dev/null +++ b/terraform/aws/backup/aws_appconfig_deployment_strategy.tf @@ -0,0 +1,13 @@ +resource "aws_appconfig_deployment_strategy" "pike" { + name = "example-deployment-strategy-tf" + description = "Example Deployment Strategy" + deployment_duration_in_minutes = 3 + final_bake_time_in_minutes = 4 + growth_factor = 10 + growth_type = "LINEAR" + replicate_to = "NONE" + + tags = { + Type = "AppConfig Deployment Strategy" + } +} diff --git a/terraform/aws/backup/aws_appmesh_gateway_route.tf b/terraform/aws/backup/aws_appmesh_gateway_route.tf new file mode 100644 index 00000000..8aab5419 --- /dev/null +++ b/terraform/aws/backup/aws_appmesh_gateway_route.tf @@ -0,0 +1,25 @@ +resource "aws_appmesh_gateway_route" "pike" { + name = "example-gateway-route" + mesh_name = aws_appmesh_mesh.pike.name + virtual_gateway_name = aws_appmesh_virtual_gateway.pike.name + + spec { + http_route { + action { + target { + virtual_service { + virtual_service_name = aws_appmesh_virtual_service.pike.name + } + } + } + + match { + prefix = "/" + } + } + } + + tags = { + Environment = "test" + } +} diff --git a/terraform/aws/backup/aws_appmesh_mesh.tf b/terraform/aws/backup/aws_appmesh_mesh.tf new file mode 100644 index 00000000..c31ab062 --- /dev/null +++ b/terraform/aws/backup/aws_appmesh_mesh.tf @@ -0,0 +1,13 @@ +resource "aws_appmesh_mesh" "pike" { + name = "simpleapp" + + spec { + egress_filter { + type = "ALLOW_ALL" + } + } + + tags = { + pike = "permimssion" + } +} diff --git a/terraform/aws/backup/aws_appmesh_route.tf b/terraform/aws/backup/aws_appmesh_route.tf new file mode 100644 index 00000000..ce1511ff --- /dev/null +++ b/terraform/aws/backup/aws_appmesh_route.tf @@ -0,0 +1,25 @@ +resource "aws_appmesh_route" "pike" { + name = "serviceB-route" + mesh_name = aws_appmesh_mesh.pike.id + virtual_router_name = aws_appmesh_virtual_router.pike.name + + spec { + http_route { + match { + prefix = "/" + } + + action { + weighted_target { + virtual_node = aws_appmesh_virtual_node.serviceb1.name + weight = 90 + } + + weighted_target { + virtual_node = aws_appmesh_virtual_node.serviceb2.name + weight = 10 + } + } + } + } +} diff --git a/terraform/aws/backup/aws_appmesh_virtual_gateway.tf b/terraform/aws/backup/aws_appmesh_virtual_gateway.tf new file mode 100644 index 00000000..71f0c434 --- /dev/null +++ b/terraform/aws/backup/aws_appmesh_virtual_gateway.tf @@ -0,0 +1,17 @@ +resource "aws_appmesh_virtual_gateway" "pike" { + name = "example-virtual-gateway" + mesh_name = aws_appmesh_mesh.pike.name + + spec { + listener { + port_mapping { + port = 8080 + protocol = "http" + } + } + } + + tags = { + Environment = "test" + } +} diff --git a/terraform/aws/backup/aws_appmesh_virtual_node.tf b/terraform/aws/backup/aws_appmesh_virtual_node.tf new file mode 100644 index 00000000..f438146b --- /dev/null +++ b/terraform/aws/backup/aws_appmesh_virtual_node.tf @@ -0,0 +1,51 @@ +resource "aws_appmesh_virtual_node" "serviceb1" { + name = "serviceBv1" + mesh_name = aws_appmesh_mesh.pike.id + + spec { + backend { + virtual_service { + virtual_service_name = "servicea.simpleapp.local" + } + } + + listener { + port_mapping { + port = 8080 + protocol = "http" + } + } + + service_discovery { + dns { + hostname = "serviceb.simpleapp.local" + } + } + } +} + +resource "aws_appmesh_virtual_node" "serviceb2" { + name = "serviceBv2" + mesh_name = aws_appmesh_mesh.pike.id + + spec { + backend { + virtual_service { + virtual_service_name = "servicea.simpleapp.local" + } + } + + listener { + port_mapping { + port = 8080 + protocol = "http" + } + } + + service_discovery { + dns { + hostname = "serviceb2.simpleapp.local" + } + } + } +} diff --git a/terraform/aws/backup/aws_appmesh_virtual_router.tf b/terraform/aws/backup/aws_appmesh_virtual_router.tf new file mode 100644 index 00000000..a16379c0 --- /dev/null +++ b/terraform/aws/backup/aws_appmesh_virtual_router.tf @@ -0,0 +1,16 @@ +resource "aws_appmesh_virtual_router" "pike" { + name = "serviceB" + mesh_name = aws_appmesh_mesh.pike.id + + spec { + listener { + port_mapping { + port = 8080 + protocol = "http" + } + } + } + tags = { + pike = "permimssion" + } +} diff --git a/terraform/aws/backup/aws_appmesh_virtual_service.tf b/terraform/aws/backup/aws_appmesh_virtual_service.tf new file mode 100644 index 00000000..8f03e1c2 --- /dev/null +++ b/terraform/aws/backup/aws_appmesh_virtual_service.tf @@ -0,0 +1,12 @@ +resource "aws_appmesh_virtual_service" "pike" { + name = "servicea.simpleapp.local" + mesh_name = aws_appmesh_mesh.pike.id + + spec { + provider { + virtual_node { + virtual_node_name = aws_appmesh_virtual_node.serviceb1.name + } + } + } +} diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf index 08003297..d4d5dea2 100644 --- a/terraform/aws/role/aws_iam_policy.basic.tf +++ b/terraform/aws/role/aws_iam_policy.basic.tf @@ -7,27 +7,50 @@ resource "aws_iam_policy" "basic" { "Sid" : "VisualEditor0", "Effect" : "Allow", "Action" : [ - # aws_s3tables_namespace - "s3tables:CreateNamespace", - "s3tables:GetNamespace", - "s3tables:DeleteNamespace", - - # aws_s3tables_table - "s3tables:GetTable", - "s3tables:CreateTable", - "s3tables:DeleteTable", - - # aws_s3tables_policy - "s3tables:GetTablePolicy", - "s3tables:DeleteTablePolicy", - "s3tables:PutTablePolicy", - - # others - "s3tables:CreateTableBucket", - "s3tables:PutTableBucketMaintenanceConfiguration", - "s3tables:GetTableBucket", - "s3tables:GetTableBucketMaintenanceConfiguration", - "s3tables:DeleteTableBucket" + # aws_appmesh_virtual_gateway + "appmesh:DescribeVirtualGateway", + "appmesh:CreateVirtualGateway", + "appmesh:DeleteVirtualGateway", + "appmesh:UpdateVirtualGateway", + "appmesh:TagResource", + "appmesh:UntagResource", + + # aws_appmesh_mesh + "appmesh:DescribeMesh", + "appmesh:CreateMesh", + "appmesh:DeleteMesh", + "appmesh:UpdateMesh", + "appmesh:ListTagsForResource", + + # aws_appmesh_route + "appmesh:DescribeRoute", + "appmesh:CreateRoute", + "appmesh:DeleteRoute", + "appmesh:UpdateRoute", + + # aws_appmesh_gateway_route + "appmesh:DescribeGatewayRoute", + "appmesh:CreateGatewayRoute", + "appmesh:DeleteGatewayRoute", + "appmesh:UpdateGatewayRoute", + + # aws_appmesh_virtual_node + "appmesh:DescribeVirtualNode", + "appmesh:CreateVirtualNode", + "appmesh:DeleteVirtualNode", + "appmesh:UpdateVirtualNode", + + # aws_appmesh_virtual_router + "appmesh:DescribeVirtualRouter", + "appmesh:CreateVirtualRouter", + "appmesh:UpdateVirtualRouter", + "appmesh:DeleteVirtualRouter", + + # aws_appmesh_virtual_service + "appmesh:DescribeVirtualService", + "appmesh:CreateVirtualService", + "appmesh:DeleteVirtualService", + "appmesh:UpdateVirtualService" ], "Resource" : [ "*"