feat(services): add new connection wafV2WebAcl <-> cloudfront

Author: tyler-dunkel

src/services/cloudfront/connections.ts

@@ -7,6 +7,7 @@ import { RawAwsS3 } from '../s3/data'
 import { RawAwsElb } from '../elb/data'
 import { RawAwsCloudfront } from './data'
 import { elbArn } from '../../utils/generateArns'
+import { RawAwsWafV2WebAcl } from '../wafV2WebAcl/data'
 
 /**
  * Cloudfront
@@ -22,7 +23,7 @@ export default ({
 }): { [key: string]: ServiceConnection[] } => {
   const connections: ServiceConnection[] = []
   const {
-    summary: { Id: id },
+    summary: { Id: id, WebACLId },
     config: {
       Origins: { Items: originData = [] },
     },
@@ -100,6 +101,33 @@ export default ({
     })
   }
 
+  /**
+   * Find wafV2WebAcls
+   * related to this Cloudfront distribution
+   */
+  const acls: {
+    name: string
+    data: { [property: string]: RawAwsWafV2WebAcl[] }
+  } = data.find(({ name }) => name === services.wafV2WebAcl)
+
+  if (acls?.data) {
+    const allAcls = Object.values(acls.data).flat()
+    const dataInRegion: RawAwsWafV2WebAcl[] = allAcls.filter(
+      ({ ARN }: RawAwsWafV2WebAcl) => ARN === WebACLId
+    )
+
+    if (!isEmpty(dataInRegion)) {
+      for (const acl of dataInRegion) {
+        connections.push({
+          id: acl.Id,
+          resourceType: services.wafV2WebAcl,
+          relation: 'child',
+          field: 'webAcl',
+        })
+      }
+    }
+  }
+
   const cloudfrontResult = {
     [id]: connections,
   }

src/services/cloudfront/schema.graphql

@@ -22,6 +22,7 @@ type awsCloudfront @key(fields: "id") {
   elb: [awsElb] @hasInverse(field: cloudfrontDistribution)
   s3: [awsS3] @hasInverse(field: cloudfrontDistribution)
   tags: [awsRawTag]
+  webAcl: [awsWafV2WebAcl] @hasInverse(field: cloudfront)
 }
 
 type awsCloudfrontOriginData {

src/services/wafV2WebAcl/schema.graphql

@@ -15,6 +15,7 @@ type awsWafV2WebAcl @key(fields: "arn") {
   postProcessFirewallManagerRuleGroups: [awsWafV2FirewallManagerRuleGroup]
   customResponseBodies: [awsWafV2CustomResponseBody]
   loggingConfiguration: awsWafV2LoggingConfig
+  cloudfront: [awsCloudfront] @hasInverse(field: webAcl)
 }
 
 type awsWafV2Rule {

src/types/generated.ts

@@ -688,6 +688,7 @@ export type AwsCloudfront = {
   status?: Maybe<Scalars['String']>;
   tags?: Maybe<Array<Maybe<AwsRawTag>>>;
   viewerCertificate?: Maybe<AwsCloudfrontViewerCertificate>;
+  webAcl?: Maybe<Array<Maybe<AwsWafV2WebAcl>>>;
   webAclId?: Maybe<Scalars['String']>;
 };
 
@@ -3072,7 +3073,7 @@ export type AwsIamRole = {
   name?: Maybe<Scalars['String']>;
   path?: Maybe<Scalars['String']>;
   sageMakerNotebookInstances?: Maybe<Array<Maybe<AwsSageMakerNotebookInstance>>>;
-  systemManagerInstances?: Maybe<Array<Maybe<AwsSystemsManagerInstance>>>;
+  systemsManagerInstances?: Maybe<Array<Maybe<AwsSystemsManagerInstance>>>;
   tags?: Maybe<Array<Maybe<AwsRawTag>>>;
 };
 
@@ -4529,6 +4530,7 @@ export type AwsWafV2WebAcl = {
   accountId: Scalars['String'];
   arn: Scalars['String'];
   capacity?: Maybe<Scalars['Int']>;
+  cloudfront?: Maybe<Array<Maybe<AwsCloudfront>>>;
   customResponseBodies?: Maybe<Array<Maybe<AwsWafV2CustomResponseBody>>>;
   defaultAction?: Maybe<AwsWafV2DefaultAction>;
   description?: Maybe<Scalars['String']>;