Skip to content

Commit 06c0c19

Browse files
tyler-dunkeltyler-dunkel
committed
Merge branch 'feature/CG-823' into 'master'
feat(services): add new services systemsManager instance and document Closes CG-823 See merge request auto-cloud/cloudgraph/provider/cloudgraph-provider-aws!214
2 parents b77f9bc + 15ca93f commit 06c0c19

29 files changed

Lines changed: 791 additions & 45 deletions

README.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
9090
| dynamodb | appSync |
9191
| dmsReplicationInstance | securityGroup, subnet, vpc, kms |
9292
| ebs | asg, ec2, emrInstance |
93-
| ec2 | alb, asg, ebs, eip, emrInstance, networkInterface, securityGroup, subnet, vpc, ecsContainer |
93+
| ec2 | alb, asg, ebs, eip, emrInstance, networkInterface, securityGroup, subnet, systemsManagerInstance, vpc, ecsContainer |
9494
| ecr | |
9595
| ecsCluster | ecsService, ecsTask, ecsTaskSet |
9696
| ecsContainer | ecsTask, ec2 |
@@ -121,7 +121,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
121121
| iamServerCertificate | |
122122
| iamUser | iamGroup |
123123
| iamPolicy | iamRole, iamGroup |
124-
| iamRole | codebuild, configurationRecorder, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, sageMakerNotebookInstance guardDutyDetector |
124+
| iamRole | codebuild, configurationRecorder, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, sageMakerNotebookInstance, systemsManagerInstance guardDutyDetector |
125125
| iamGroup | iamUser, iamPolicy |
126126
| igw | vpc |
127127
| iot | |
@@ -150,6 +150,8 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
150150
| sns | kms, cloudtrail, cloudwatch |
151151
| sqs | |
152152
| subnet | alb, asg, codebuild, dmsReplicationInstance, ec2, ecsService, efsMountTarget, elastiCacheCluster, elasticSearchDomain, elb, lambda, managedAirflow, natGateway, networkInterface, sageMakerNotebookInstance, routeTable, vpc, eksCluster, emrCluster, flowLog |
153+
| systemsManagerInstance | ec2, iamRole |
154+
| systemsManagerDocument | |
153155
| transitGateway | routeTable, transitGatewayAttachment, vpnConnection |
154156
| transitGatewayAttachment | routeTable, transitGateway, vpc, vpnConnection |
155157
| vpc | alb, codebuild, dmsReplicationInstance, ec2, eip, elb, ecsService, efsMountTarget, eksCluster igw, elastiCacheCluster, elasticSearchDomain, lambda, nacl, natGateway, networkInterface, rdsDbInstance, redshiftCluster, route53HostedZone, routeTable, subnet, flowLog, vpnGateway, transitGatewayAttachment |

src/enums/schemasMap.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,8 @@ export default {
8989
[services.secretsManager]: 'awsSecretsManager',
9090
[services.ses]: 'awsSes',
9191
[services.sns]: 'awsSns',
92+
[services.systemsManagerInstance]: 'awsSystemsManagerInstance',
93+
[services.systemsManagerDocument]: 'awsSystemsManagerDocument',
9294
[services.transitGateway]: 'awsTransitGateway',
9395
[services.transitGatewayAttachment]: 'awsTransitGatewayAttachment',
9496
[services.vpnConnection]: 'awsVpnConnection',

src/enums/serviceMap.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,8 @@ import GuardDutyDetector from '../services/guardDutyDetector'
9090
import ElasticSearchDomain from '../services/elasticSearchDomain'
9191
import DmsReplicationInstance from '../services/dmsReplicationInstance'
9292
import SageMakerNotebookInstance from '../services/sageMakerNotebookInstance'
93+
import SystemsManagerInstance from '../services/systemsManagerInstance'
94+
import SystemsManagerDocument from '../services/systemsManagerDocument'
9395

9496
/**
9597
* serviceMap is an object that contains all currently supported services for AWS
@@ -186,5 +188,7 @@ export default {
186188
[services.vpnConnection]: VpnConnection,
187189
[services.organization]: Organization,
188190
[services.wafV2WebAcl]: WafV2WebAcl,
191+
[services.systemsManagerInstance]: SystemsManagerInstance,
192+
[services.systemsManagerDocument]: SystemsManagerDocument,
189193
tag: AwsTag,
190194
}

src/enums/services.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,8 @@ export default {
8383
sns: 'sns',
8484
sqs: 'sqs',
8585
subnet: 'subnet',
86+
systemsManagerInstance: 'systemsManagerInstance',
87+
systemsManagerDocument: 'systemsManagerDocument',
8688
transitGateway: 'transitGateway',
8789
transitGatewayAttachment: 'transitGatewayAttachment',
8890
vpc: 'vpc',

src/services/cloudfront/connections.ts

Lines changed: 29 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ import { RawAwsS3 } from '../s3/data'
77
import { RawAwsElb } from '../elb/data'
88
import { RawAwsCloudfront } from './data'
99
import { elbArn } from '../../utils/generateArns'
10+
import { RawAwsWafV2WebAcl } from '../wafV2WebAcl/data'
1011

1112
/**
1213
* Cloudfront
@@ -22,7 +23,7 @@ export default ({
2223
}): { [key: string]: ServiceConnection[] } => {
2324
const connections: ServiceConnection[] = []
2425
const {
25-
summary: { Id: id },
26+
summary: { Id: id, WebACLId },
2627
config: {
2728
Origins: { Items: originData = [] },
2829
},
@@ -100,6 +101,33 @@ export default ({
100101
})
101102
}
102103

104+
/**
105+
* Find wafV2WebAcls
106+
* related to this Cloudfront distribution
107+
*/
108+
const acls: {
109+
name: string
110+
data: { [property: string]: RawAwsWafV2WebAcl[] }
111+
} = data.find(({ name }) => name === services.wafV2WebAcl)
112+
113+
if (acls?.data) {
114+
const allAcls = Object.values(acls.data).flat()
115+
const dataInRegion: RawAwsWafV2WebAcl[] = allAcls.filter(
116+
({ ARN }: RawAwsWafV2WebAcl) => ARN === WebACLId
117+
)
118+
119+
if (!isEmpty(dataInRegion)) {
120+
for (const acl of dataInRegion) {
121+
connections.push({
122+
id: acl.Id,
123+
resourceType: services.wafV2WebAcl,
124+
relation: 'child',
125+
field: 'webAcl',
126+
})
127+
}
128+
}
129+
}
130+
103131
const cloudfrontResult = {
104132
[id]: connections,
105133
}

src/services/cloudfront/schema.graphql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ type awsCloudfront @key(fields: "id") {
2222
elb: [awsElb] @hasInverse(field: cloudfrontDistribution)
2323
s3: [awsS3] @hasInverse(field: cloudfrontDistribution)
2424
tags: [awsRawTag]
25+
webAcl: [awsWafV2WebAcl] @hasInverse(field: cloudfront)
2526
}
2627

2728
type awsCloudfrontOriginData {

src/services/ec2/connections.ts

Lines changed: 32 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@ import { ServiceConnection } from '@cloudgraph/sdk'
1414
import services from '../../enums/services'
1515
import { RawAwsSubnet } from '../subnet/data'
1616
import { RawAwsEcsContainer } from '../ecsContainer/data'
17+
import { RawAwsSystemsManagerInstance } from '../systemsManagerInstance/data'
18+
import { ssmManagedInstanceArn } from '../../utils/generateArns'
1719

1820
/**
1921
* EC2
@@ -23,6 +25,7 @@ export default ({
2325
service: instance,
2426
data,
2527
region,
28+
account,
2629
}: {
2730
account: string
2831
data: { name: string; data: { [property: string]: any[] } }[]
@@ -169,7 +172,7 @@ export default ({
169172

170173
/**
171174
* Find Subnets
172-
* related to this EC2 load balancer
175+
* related to this EC2
173176
*/
174177
const subnets: {
175178
name: string
@@ -194,13 +197,13 @@ export default ({
194197

195198
/**
196199
* Find EKS
197-
* related to this EC2 loadbalancer
200+
* related to this EC2
198201
*/
199202
// TODO: Implement when eks service is ready
200203

201204
/**
202205
* Find ECS Container
203-
* related to this EC2 loadbalancer
206+
* related to this EC2
204207
*/
205208
const ecsContainers: {
206209
name: string
@@ -223,6 +226,32 @@ export default ({
223226
}
224227
}
225228

229+
/**
230+
* Find SSM managed instances
231+
* related to this EC2 instance
232+
*/
233+
const instances: {
234+
name: string
235+
data: { [property: string]: any[] }
236+
} = data.find(({ name }) => name === services.systemsManagerInstance)
237+
if (instances?.data?.[region]) {
238+
const dataInRegion: RawAwsSystemsManagerInstance[] = instances.data[region].filter(
239+
({ InstanceId }: RawAwsSystemsManagerInstance) => InstanceId === id
240+
)
241+
242+
if (!isEmpty(dataInRegion)) {
243+
for (const ssmInstance of dataInRegion) {
244+
const arn = ssmManagedInstanceArn({ region, account, name: ssmInstance.InstanceId })
245+
connections.push({
246+
id: arn,
247+
resourceType: services.systemsManagerInstance,
248+
relation: 'child',
249+
field: 'systemsManagerInstance',
250+
})
251+
}
252+
}
253+
}
254+
226255
/**
227256
* Find Elastic Beanstalk
228257
* related to this EC2 loadbalancer

src/services/ec2/schema.graphql

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ type awsEc2 @key(fields: "arn") {
9696
sourceDestCheck: String @search(by: [hash, regexp])
9797
availabilityZone: String @search(by: [hash, regexp])
9898
cpuThreadsPerCore: Int @search
99-
iamInstanceProfile: String @search(by: [hash, regexp])
99+
iamInstanceProfile: String @search(by: [hash, regexp]) # TODO: use to make a connection to a role
100100
deletionProtection: String @search(by: [hash, regexp])
101101
dailyCost: awsTotalBillingInfo
102102
primaryNetworkInterface: String @search(by: [hash, regexp])
@@ -119,4 +119,5 @@ type awsEc2 @key(fields: "arn") {
119119
subnet: [awsSubnet] @hasInverse(field: ec2Instance) #change to plural
120120
ecsContainer: [awsEcsContainer] @hasInverse(field: ec2Instance) #change to plural
121121
emrInstance: [awsEmrInstance] @hasInverse(field: ec2Instance)
122+
systemsManagerInstance: [awsSystemsManagerInstance] @hasInverse(field: ec2Instance)
122123
}

src/services/eksCluster/format.ts

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,12 @@ export default ({
3030
Tags = {},
3131
} = service
3232

33+
const formattedKubernetesNetworkConfig = {
34+
serviceIpv4Cidr: kubernetesNetworkConfig?.serviceIpv4Cidr,
35+
serviceIpv6Cidr: kubernetesNetworkConfig?.serviceIpv6Cidr,
36+
ipFamily: kubernetesNetworkConfig?.ipFamily
37+
}
38+
3339
return {
3440
id: arn,
3541
arn,
@@ -40,7 +46,7 @@ export default ({
4046
version,
4147
endpoint,
4248
resourcesVpcConfig,
43-
kubernetesNetworkConfig,
49+
kubernetesNetworkConfig: formattedKubernetesNetworkConfig,
4450
logging: {
4551
clusterLogging: logging?.clusterLogging?.map(logSetup => ({
4652
id: cuid(),

src/services/eksCluster/schema.graphql

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,8 @@ type awsEksVpcConfigResponse {
3636

3737
type awsEksKubernetesNetworkConfigResponse {
3838
serviceIpv4Cidr: String @search(by: [hash, regexp])
39+
serviceIpv6Cidr: String @search(by: [hash, regexp])
40+
ipFamily: String @search(by: [hash, regexp])
3941
}
4042

4143
type awsEksLogging {
@@ -58,24 +60,24 @@ type awsEksProvider {
5860
keyArn: String @search(by: [hash, regexp])
5961
}
6062

61-
type awsEksLogSetup
63+
type awsEksLogSetup
6264
@generate(
6365
query: { get: false, query: true, aggregate: false }
6466
mutation: { add: false, delete: false }
6567
subscription: false
6668
) {
67-
id: String! @id @search(by: [hash])
68-
types: [String] @search(by: [hash])
69-
enabled: Boolean @search
70-
}
69+
id: String! @id @search(by: [hash])
70+
types: [String] @search(by: [hash])
71+
enabled: Boolean @search
72+
}
7173

72-
type awsEksEncryptionConfig
74+
type awsEksEncryptionConfig
7375
@generate(
7476
query: { get: false, query: true, aggregate: false }
7577
mutation: { add: false, delete: false }
7678
subscription: false
7779
) {
78-
id: String! @id @search(by: [hash])
79-
resources: [String] @search(by: [hash])
80-
provider: awsEksProvider
81-
}
80+
id: String! @id @search(by: [hash])
81+
resources: [String] @search(by: [hash])
82+
provider: awsEksProvider
83+
}

0 commit comments

Comments
 (0)