Merge pull request #143 from cloudgraphdev/feature/EP-3188-support-ssm-parameter-service

feat(aws): Add ssm parameter service and update redshift

Author: m-pizarro

README.md

@@ -165,6 +165,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | subnet                      | alb, asg, codebuild, dmsReplicationInstance, ec2, ecsService, efsMountTarget, elastiCacheCluster, elasticSearchDomain, elb, lambda, managedAirflow, natGateway, networkInterface, rdsCluster, sageMakerNotebookInstance, routeTable, vpc, vpcEndpoint, eksCluster, emrCluster, flowLog, mskCluster                                                                            |
 | systemsManagerInstance      | ec2, iamRole                                                                                                                                                                                                                                                                                                                                                                  |
 | systemsManagerDocument      |                                                                                                                                                                                                                                                                                                                                                                               |
+| systemsManagerParameter      |                                                                                                                                                                                                                                                                                                                                                                               |
 | transitGateway              | transitGatewayAttachment, transitGatewayRouteTable, vpnConnection                                                                                                                                                                                                                                                                                                                           |
 | transitGatewayAttachment    | transitGateway, transitGatewayRouteTable, vpc, vpnConnection                                                                                                                                                                                                                                                                                                                                |
 | transitGatewayRouteTable    | transitGateway, transitGatewayAttachment                                                                                                                                                                                                                                                                                                                |

package.json

@@ -32,6 +32,7 @@
   },
   "dependencies": {
     "@aws-sdk/client-elastic-beanstalk": "^3.338.0",
+    "@aws-sdk/client-ssm": "^3.341.0",
     "@aws-sdk/credential-providers": "^3.256.0",
     "@aws-sdk/shared-ini-file-loader": "^3.254.0",
     "@cloudgraph/sdk": "^0.22.1",

src/enums/schemasMap.ts

@@ -104,6 +104,7 @@ export default {
   [services.sns]: 'awsSns',
   [services.systemsManagerInstance]: 'awsSystemsManagerInstance',
   [services.systemsManagerDocument]: 'awsSystemsManagerDocument',
+  [services.systemsManagerParameter]: 'awsSystemsManagerParameter',
   [services.transitGateway]: 'awsTransitGateway',
   [services.transitGatewayAttachment]: 'awsTransitGatewayAttachment',
   [services.transitGatewayRouteTable]: 'awsTransitGatewayRouteTable',

src/enums/serviceAliases.ts

@@ -76,6 +76,7 @@ export default {
   [services.subnet]: 'subnets',
   [services.systemsManagerDocument]: 'systemsManagerDocuments',
   [services.systemsManagerInstance]: 'systemsManagerInstances',
+  [services.systemsManagerParameter]: 'systemsManagerParameters',
   [services.transitGateway]: 'transitGateways',
   [services.transitGatewayAttachment]: 'transitGatewayAttachments',
   [services.transitGatewayRouteTable]: 'transitGatewayRouteTables',

src/enums/serviceMap.ts

@@ -100,6 +100,7 @@ import DmsReplicationInstance from '../services/dmsReplicationInstance'
 import SageMakerNotebookInstance from '../services/sageMakerNotebookInstance'
 import SystemsManagerInstance from '../services/systemsManagerInstance'
 import SystemsManagerDocument from '../services/systemsManagerDocument'
+import SystemsManagerParameter from '../services/systemsManagerParameter'
 import RdsClusterSnapshot from '../services/rdsClusterSnapshot'
 import VpcEndpoint from '../services/vpcEndpoint'
 import APIGatewayDomainName from '../services/apiGatewayDomainName'
@@ -222,5 +223,6 @@ export default {
   [services.wafV2WebAcl]: WafV2WebAcl,
   [services.systemsManagerInstance]: SystemsManagerInstance,
   [services.systemsManagerDocument]: SystemsManagerDocument,
+  [services.systemsManagerParameter]: SystemsManagerParameter,
   tag: AwsTag,
 }

src/enums/services.ts

@@ -97,6 +97,7 @@ export default {
   subnet: 'subnet',
   systemsManagerInstance: 'systemsManagerInstance',
   systemsManagerDocument: 'systemsManagerDocument',
+  systemsManagerParameter: 'systemsManagerParameter',
   transitGateway: 'transitGateway',
   transitGatewayAttachment: 'transitGatewayAttachment',
   transitGatewayRouteTable: 'transitGatewayRouteTable',

src/services/redshift/format.ts

@@ -45,6 +45,7 @@ export default ({
     id: arn,
     accountId: account,
     arn,
+    name: id,
     region,
     allowVersionUpgrade,
     automatedSnapshotRetentionPeriod,

src/services/redshift/schema.graphql

@@ -1,4 +1,5 @@
 type awsRedshiftCluster implements awsBaseService @key(fields: "arn") {
+  name: String @search(by: [hash, regexp])
   allowVersionUpgrade: Boolean @search
   automatedSnapshotRetentionPeriod: Int @search
   availabilityZone: String @search(by: [hash, regexp])

src/services/systemsManagerParameter/data.ts

@@ -0,0 +1,89 @@
+import {
+  DescribeParametersCommand,
+  DescribeParametersCommandInput,
+  ParameterMetadata,
+  SSMClient,
+} from '@aws-sdk/client-ssm'
+import CloudGraph from '@cloudgraph/sdk'
+import { Config } from 'aws-sdk'
+import isEmpty from 'lodash/isEmpty'
+import awsLoggerText from '../../properties/logger'
+import AwsErrorLog from '../../utils/errorLog'
+
+const lt = { ...awsLoggerText }
+const { logger } = CloudGraph
+const serviceName = 'SystemsManagerParameter'
+const errorLog = new AwsErrorLog(serviceName)
+const MAX_ITEMS = 50
+
+const listParameters = async (ssm: SSMClient): Promise<ParameterMetadata[]> =>
+  new Promise(async resolve => {
+    const parameters: ParameterMetadata[] = []
+
+    const input: DescribeParametersCommandInput = {
+      MaxResults: MAX_ITEMS,
+    }
+
+    const listAllParameters = (token?: string): void => {
+      if (token) {
+        input.NextToken = token
+      }
+      const command = new DescribeParametersCommand(input)
+      ssm
+        .send(command)
+        .then(data => {
+          if (isEmpty(data)) {
+            return resolve([])
+          }
+
+          const { Parameters = [], NextToken: nextToken } = data || {}
+
+          parameters.push(...Parameters)
+
+          if (nextToken) {
+            logger.debug(lt.foundAnotherThousand)
+            listAllParameters(nextToken)
+          } else {
+            resolve(parameters)
+          }
+        })
+        .catch(err => {
+          errorLog.generateAwsErrorLog({
+            functionName: 'ssm:describeParameters',
+            err,
+          })
+          resolve([])
+        })
+    }
+    listAllParameters()
+  })
+
+export default async ({
+  regions,
+  config,
+}: {
+  regions: string
+  config: Config
+}): Promise<{ [property: string]: ParameterMetadata[] }> =>
+  new Promise(async resolve => {
+    const { credentials } = config
+    const output: { [property: string]: ParameterMetadata[] } = {}
+
+    await Promise.all(
+      regions.split(',').map(region => {
+        const ssm = new SSMClient({
+          credentials,
+          region,
+        })
+        output[region] = []
+        return new Promise<void>(async resolveRegion => {
+          const params = (await listParameters(ssm)) || []
+          output[region] = params
+          resolveRegion()
+        })
+      })
+    )
+    errorLog.reset()
+
+    resolve(output)
+  })

src/services/systemsManagerParameter/format.ts

@@ -0,0 +1,28 @@
+import { ParameterMetadata } from '@aws-sdk/client-ssm'
+import { AwsSystemsManagerParameter } from '../../types/generated'
+import { ssmParameterArn } from '../../utils/generateArns'
+
+/**
+ * Systems Manager Parameter
+ */
+export default ({
+  account,
+  region,
+  service: parameter,
+}: {
+  account: string
+  region: string
+  service: ParameterMetadata
+}): AwsSystemsManagerParameter => {
+  const { Name: name } = parameter
+
+  const arn = ssmParameterArn({ region, account, name })
+
+  return {
+    accountId: account,
+    arn,
+    id: arn,
+    name,
+    region,
+  }
+}