feat(s3): Add connections to iamRole, lambda, sns and sqs services

m-pizarro · m-pizarro · commit 22a8cfdbd136 · 2022-04-12T10:58:53.000-03:00
diff --git a/README.md b/README.md
@@ -122,14 +122,14 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | iamServerCertificate        |                                                                                                                                                                                            |
 | iamUser                     | iamGroup                                                                                                                                                                                   |
 | iamPolicy                   | iamRole, iamGroup                                                                                                                                                                          |
-| iamRole                     | codebuild, configurationRecorder, iamInstanceProfile, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, sageMakerNotebookInstance, systemsManagerInstance guardDutyDetector                                                                                                                                                 |
+| iamRole                     | codebuild, configurationRecorder, iamInstanceProfile, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, s3, sageMakerNotebookInstance, systemsManagerInstance guardDutyDetector                                                                                                                                                 |
 | iamGroup                    | iamUser, iamPolicy                                                                                                                                                                         |
 | igw                         | vpc                                                                                                                                                                                        |
 | iot                         |                                                                                                                                                                                            |
 | kinesisFirehose             | kinesisStream, s3                                                                                                                                                                          |
 | kinesisStream               | kinesisFirehose                                                                                                                                                                            |
 | kms                         | cloudtrail, cloudwatchLog, codebuild, efs, eksCluster, elastiCacheReplicationGroup, elasticSearchDomain, emrCluster, lambda, rdsClusterSnapshot, sns, sageMakerNotebookInstance, dmsReplicationInstance, redshiftCluster                                                             |
-| lambda                      | appSync, cognitoUserPool, kms, securityGroup, subnet, vpc                                                                                                                                           |
+| lambda                      | appSync, cognitoUserPool, kms, s3, securityGroup, subnet, vpc                                                                                                                                           |
 | managedAirflow                      | iamRole, securityGroups, subnet, s3                                                                                                                                          |
 | nacl                        | vpc                                                                                                                                                                                        |
 | natGateway                  | networkInterface, subnet, vpc                                                                                                                                                              |
@@ -145,12 +145,12 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | sageMakerExperiment                          |                                                                                                                                                   |
 | sageMakerNotebookInstance   | iamRole, kms, networkInterface, subnet, securityGroup                                                                                                                                                 |
 | sageMakerProject                          |                                                                                                                                                  |
-| s3                          | cloudfront, cloudtrail, kinesisFirehose, managedAirflow                                                                                                                                                   |
+| s3                          | cloudfront, cloudtrail, iamRole, kinesisFirehose, lambda, managedAirflow, sns, sqs                                                                                                                                                   |
 | secretsManager              |                                                                                                                                                                                            |
 | securityGroup               | alb, asg, clientVpnEndpoint, codebuild, dmsReplicationInstance, ecsService, lambda, ec2, elasticSearchDomain, elb, rdsCluster, rdsDbInstance, eksCluster, elastiCacheCluster, managedAirflow, sageMakerNotebookInstance                                             |
 | ses                         |                                                                                                                                                                                            |
-| sns                         | kms, cloudtrail, cloudwatch                                                                                                                                                                            |
-| sqs                         |                                                                                                                                                                                            |
+| sns                         | kms, cloudtrail, cloudwatch, s3                                                                                                                                                                            |
+| sqs                         |  s3                                                                                                                                                                                          |
 | subnet                      | alb, asg, codebuild, dmsReplicationInstance, ec2, ecsService, efsMountTarget, elastiCacheCluster, elasticSearchDomain, elb, lambda, managedAirflow, natGateway, networkInterface, sageMakerNotebookInstance, routeTable, vpc, eksCluster, emrCluster, flowLog                                                     |
 | systemsManagerInstance      | ec2, iamRole                                                                                                                                                                                           |
 | systemsManagerDocument                         |                                                                                                                                                                                            |
diff --git a/src/services/cloudfront/schema.graphql b/src/services/cloudfront/schema.graphql
@@ -21,7 +21,7 @@ type awsCloudfront @key(fields: "id") {
   origins: [awsCloudfrontOriginData]
   logging: awsCloudfrontLoggingConfig
   elb: [awsElb] @hasInverse(field: cloudfrontDistribution)
-  s3: [awsS3] @hasInverse(field: cloudfrontDistribution)
+  s3: [awsS3] @hasInverse(field: cloudfrontDistributions)
   tags: [awsRawTag]
   webAcl: [awsWafV2WebAcl] @hasInverse(field: cloudfront)
 }
diff --git a/src/services/cloudtrail/schema.graphql b/src/services/cloudtrail/schema.graphql
@@ -20,7 +20,7 @@ type awsCloudtrail @key(fields: "cgId") {
   status: awsCloudtrailStatus
   eventSelectors: [awsCloudtrailEventSelector]
   tags: [awsRawTag]
-  s3: [awsS3] @hasInverse(field: cloudtrail)
+  s3: [awsS3] @hasInverse(field: cloudtrails)
   sns: [awsSns] @hasInverse(field: cloudtrail)
   kms: [awsKms] @hasInverse(field: cloudtrail)
   cloudwatchLog: [awsCloudwatchLog] @hasInverse(field: cloudtrail)
diff --git a/src/services/iamRole/schema.graphql b/src/services/iamRole/schema.graphql
@@ -23,4 +23,5 @@ type awsIamRole @key(fields: "id") {
   sageMakerNotebookInstances: [awsSageMakerNotebookInstance] @hasInverse(field: iamRole)
   systemsManagerInstances: [awsSystemsManagerInstance] @hasInverse(field: iamRole)
   iamInstanceProfiles: [awsIamInstanceProfile] @hasInverse(field: iamRole)
+  s3: [awsS3] @hasInverse(field: iamRole)
 }
diff --git a/src/services/lambda/schema.graphql b/src/services/lambda/schema.graphql
@@ -26,6 +26,7 @@ type awsLambda @key(fields: "arn") {
   vpc: [awsVpc] @hasInverse(field: lambda)
   cognitoUserPool: [awsCognitoUserPool] @hasInverse(field: lambda) #change to plural
   appSync: [awsAppSync] @hasInverse(field: lambda)
+  s3: [awsS3] @hasInverse(field: lambdas)
 }
 
 type awsLambdaEnvironmentVariable
diff --git a/src/services/s3/connections.ts b/src/services/s3/connections.ts
@@ -0,0 +1,151 @@
+import { ServiceConnection } from '@cloudgraph/sdk'
+import isEmpty from 'lodash/isEmpty'
+import services from '../../enums/services'
+import { RawAwsS3 } from './data'
+import { RawAwsIamRole } from '../iamRole/data'
+import { RawAwsLambdaFunction } from '../lambda/data'
+import { RawAwsSns } from '../sns/data'
+import { AwsSqs } from '../sqs/data'
+import { globalRegionName } from '../../enums/regions'
+
+/**
+ * S3
+ */
+
+export default ({
+  service,
+  data,
+  region,
+}: {
+  data: { name: string; data: { [property: string]: any[] } }[]
+  service: RawAwsS3
+  region: string
+}): { [key: string]: ServiceConnection[] } => {
+  const connections: ServiceConnection[] = []
+
+  const {
+    Id: id,
+    AdditionalInfo: {
+      ReplicationConfig: replicationConfig,
+      NotificationConfiguration: {
+        LambdaFunctionConfigurations: lambdaFunctionConfigurations,
+        TopicConfigurations: topicConfigurations,
+        QueueConfigurations: queueConfigurations,
+      },
+    },
+  } = service
+
+  /**
+   * Find IAM Roles
+   * related to this S3
+   */
+  const roles: { name: string; data: { [property: string]: any[] } } =
+    data.find(({ name }) => name === services.iamRole)
+  if (replicationConfig?.Role && roles?.data?.[globalRegionName]) {
+    const dataAtRegion: RawAwsIamRole[] = roles.data[globalRegionName].filter(
+      role => role.Arn === replicationConfig.Role
+    )
+    if (!isEmpty(dataAtRegion)) {
+      for (const instance of dataAtRegion) {
+        const { Arn: arn }: RawAwsIamRole = instance
+
+        connections.push({
+          id: arn,
+          resourceType: services.iamRole,
+          relation: 'child',
+          field: 'iamRole',
+        })
+      }
+    }
+  }
+
+  /**
+   * Find lambda functions
+   * related to this S3
+   */
+  const lambdaFunctions: {
+    name: string
+    data: { [property: string]: any[] }
+  } = data.find(({ name }) => name === services.lambda)
+
+  const functionArns = lambdaFunctionConfigurations?.map(
+    lambdaConfig => lambdaConfig?.LambdaFunctionArn
+  )
+
+  if (!isEmpty(functionArns) && lambdaFunctions?.data?.[region]) {
+    const dataAtRegion: RawAwsLambdaFunction[] = lambdaFunctions.data[
+      region
+    ].filter(({ FunctionArn }: RawAwsLambdaFunction) =>
+      functionArns.includes(FunctionArn)
+    )
+
+    if (!isEmpty(dataAtRegion)) {
+      for (const lambdaFunction of dataAtRegion) {
+        const { FunctionArn: functionArn }: RawAwsLambdaFunction =
+          lambdaFunction
+        connections.push({
+          id: functionArn,
+          resourceType: services.lambda,
+          relation: 'child',
+          field: 'lambdas',
+        })
+      }
+    }
+  }
+
+  /**
+   * Find SNS topic
+   * related to this S3
+   */
+  const snsTopics = data.find(({ name }) => name === services.sns)
+  const topicArns = topicConfigurations?.map(topic => topic?.TopicArn)
+  if (!isEmpty(topicArns) && snsTopics?.data?.[region]) {
+    const snsTopicsInRegion: RawAwsSns[] = snsTopics.data[region].filter(
+      ({ TopicArn: topicArn }: RawAwsSns) => topicArns.includes(topicArn)
+    )
+
+    if (!isEmpty(snsTopicsInRegion)) {
+      for (const topic of snsTopicsInRegion) {
+        const { TopicArn: topicArn }: RawAwsSns = topic
+        connections.push({
+          id: topicArn,
+          resourceType: services.sns,
+          relation: 'child',
+          field: 'sns',
+        })
+      }
+    }
+  }
+
+  /**
+   * Find SQS
+   * related to this S3
+   */
+  const sqsQueues = data.find(({ name }) => name === services.sqs)
+  const sqsArns = queueConfigurations?.map(queue => queue?.QueueArn)
+  if (!isEmpty(sqsArns) && sqsQueues?.data?.[region]) {
+    const dataAtRegion: AwsSqs[] = sqsQueues.data[region].filter(
+      ({ sqsAttributes: { QueueArn: queueArn } }: AwsSqs) =>
+        sqsArns.includes(queueArn)
+    )
+    if (!isEmpty(dataAtRegion)) {
+      for (const instance of dataAtRegion) {
+        const {
+          sqsAttributes: { QueueArn: queueArn },
+        }: AwsSqs = instance
+
+        connections.push({
+          id: queueArn,
+          resourceType: services.sqs,
+          relation: 'child',
+          field: 'sqs',
+        })
+      }
+    }
+  }
+
+  const cfStackResult = {
+    [id]: connections,
+  }
+  return cfStackResult
+}
diff --git a/src/services/s3/data.ts b/src/services/s3/data.ts
@@ -30,6 +30,7 @@ import S3, {
   ListBucketsOutput,
   ListObjectsV2Output,
   LoggingEnabled,
+  NotificationConfiguration,
   Object as S3Object,
   Owner,
   Payer,
@@ -301,6 +302,29 @@ const getBucketWebsite = async (s3: S3, name: BucketName) =>
     )
   })
 
+const getBucketNotificationConfiguration = async (s3: S3, name: BucketName) =>
+  new Promise<NotificationConfiguration | any>(resolve => {
+    s3.getBucketNotificationConfiguration(
+      {
+        Bucket: name,
+      },
+      (err: AWSError, data: NotificationConfiguration) => {
+        if (err) {
+          errorLog.generateAwsErrorLog({
+            functionName: 's3:getBucketNotificationConfiguration',
+            err,
+          })
+        }
+
+        if (!isEmpty(data)) {
+          resolve(data)
+        }
+
+        resolve({})
+      }
+    )
+  })
+
 const getBucketAdditionalInfo = async (s3: S3, name: BucketName) =>
   new Promise<any>(async resolve => {
     const promises = [
@@ -318,6 +342,7 @@ const getBucketAdditionalInfo = async (s3: S3, name: BucketName) =>
       getBucketTagging(s3, name),
       getBucketVersioning(s3, name),
       getBucketWebsite(s3, name),
+      getBucketNotificationConfiguration(s3, name),
     ]
 
     const [
@@ -335,6 +360,7 @@ const getBucketAdditionalInfo = async (s3: S3, name: BucketName) =>
       Tags,
       VersioningInfo,
       WebsiteInfo,
+      NotificationConfig,
     ] = (await Promise.allSettled(promises)).map(
       /** We force the PromiseFulfilledResult interface
        *  because all promises that we input to Promise.allSettled
@@ -364,6 +390,7 @@ const getBucketAdditionalInfo = async (s3: S3, name: BucketName) =>
       Tags: convertAwsTagsToTagMap(Tags),
       VersioningInfo,
       StaticWebsiteInfo: WebsiteInfo,
+      NotificationConfiguration: NotificationConfig,
     })
   })
 
@@ -455,6 +482,7 @@ export interface RawAwsS3 {
     ReqPaymentConfig: Payer
     StaticWebsiteInfo?: GetBucketWebsiteOutput
     VersioningInfo?: GetBucketVersioningOutput
+    NotificationConfiguration?: NotificationConfiguration
   }
   Tags: TagMap
   Contents?: S3Object[]
diff --git a/src/services/s3/format.ts b/src/services/s3/format.ts
@@ -3,6 +3,7 @@ import isEmpty from 'lodash/isEmpty'
 
 import {
   GetBucketVersioningOutput,
+  NotificationConfiguration,
   Policy,
   PolicyStatus,
   PublicAccessBlockConfiguration,
@@ -47,6 +48,7 @@ export default ({
       ReqPaymentConfig: reqPaymentConfig,
       StaticWebsiteInfo: staticWebsiteInfo,
       VersioningInfo: versioningInfo,
+      NotificationConfiguration: notificationConfiguration,
     } = {
       AccelerationConfig: '',
       BucketOwnerData: { DisplayName: '' },
@@ -62,6 +64,7 @@ export default ({
       ReqPaymentConfig: '',
       StaticWebsiteInfo: {},
       VersioningInfo: {},
+      NotificationConfiguration: {},
     },
   } = rawData
 
@@ -172,6 +175,52 @@ export default ({
     })
   }
 
+  let notificationConfigurationData = {
+    topicConfigurations: [],
+    queueConfigurations: [],
+    lambdaFunctionConfigurations: [],
+  }
+
+  if (!isEmpty(notificationConfiguration)) {
+    const {
+      TopicConfigurations: topicConfigurations = [],
+      QueueConfigurations: queueConfigurations = [],
+      LambdaFunctionConfigurations: lambdaFunctionConfigurations = [],
+    }: NotificationConfiguration = notificationConfiguration
+    notificationConfigurationData = {
+      topicConfigurations: topicConfigurations?.map(tc => ({
+        id: tc.Id || cuid(),
+        topicArn: tc.TopicArn,
+        events: tc.Events || [],
+        filterRules: tc.Filter?.Key?.FilterRules?.map(r => ({
+          id: cuid(),
+          name: r.Name,
+          value: r.Value,  
+        })) || [],
+      })) || [],
+      queueConfigurations: queueConfigurations?.map(qc => ({
+        id: qc.Id || cuid(),
+        queueArn: qc.QueueArn,
+        events: qc.Events || [],
+        filterRules: qc.Filter?.Key?.FilterRules?.map(r => ({
+          id: cuid(),
+          name: r.Name,
+          value: r.Value,  
+        })) || [],
+      })) || [],
+      lambdaFunctionConfigurations: lambdaFunctionConfigurations?.map(lc => ({
+        id: lc.Id || cuid(),
+        lambdaFunctionArn: lc.LambdaFunctionArn,
+        events: lc.Events || [],
+        filterRules: lc.Filter?.Key?.FilterRules?.map(r => ({
+          id: cuid(),
+          name: r.Name,
+          value: r.Value,  
+        })) || [],
+      })) || [],
+    }
+  }
+
   // // Format S3 Tags
   const s3Tags = formatTagsFromMap(tags)
 
@@ -201,6 +250,7 @@ export default ({
       ? `${awsBucketItemsLimit}+`
       : `${total}`,
     transferAcceleration: accelerationStatus,
+    notificationConfiguration: notificationConfigurationData,
   }
   return s3
 }
diff --git a/src/services/s3/index.ts b/src/services/s3/index.ts
@@ -2,12 +2,15 @@ import { Service } from '@cloudgraph/sdk'
 import BaseService from '../base'
 import format from './format'
 import getData from './data'
+import getConnections from './connections'
 import mutation from './mutation'
 
 export default class S3 extends BaseService implements Service {
   format = format.bind(this)
 
   getData = getData.bind(this)
 
+  getConnections = getConnections.bind(this)
+  
   mutation = mutation
 }
diff --git a/src/services/s3/schema.graphql b/src/services/s3/schema.graphql
diff --git a/src/services/sns/schema.graphql b/src/services/sns/schema.graphql
diff --git a/src/services/sqs/schema.graphql b/src/services/sqs/schema.graphql
diff --git a/src/types/generated.ts b/src/types/generated.ts

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@ type awsCloudfront @key(fields: "id") {`
`21`	`21`	`origins: [awsCloudfrontOriginData]`
`22`	`22`	`logging: awsCloudfrontLoggingConfig`
`23`	`23`	`elb: [awsElb] @hasInverse(field: cloudfrontDistribution)`
`24`		`- s3: [awsS3] @hasInverse(field: cloudfrontDistribution)`
	`24`	`+ s3: [awsS3] @hasInverse(field: cloudfrontDistributions)`
`25`	`25`	`tags: [awsRawTag]`
`26`	`26`	`webAcl: [awsWafV2WebAcl] @hasInverse(field: cloudfront)`
`27`	`27`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,4 +23,5 @@ type awsIamRole @key(fields: "id") {`
`23`	`23`	`sageMakerNotebookInstances: [awsSageMakerNotebookInstance] @hasInverse(field: iamRole)`
`24`	`24`	`systemsManagerInstances: [awsSystemsManagerInstance] @hasInverse(field: iamRole)`
`25`	`25`	`iamInstanceProfiles: [awsIamInstanceProfile] @hasInverse(field: iamRole)`
	`26`	`+ s3: [awsS3] @hasInverse(field: iamRole)`
`26`	`27`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@ type awsLambda @key(fields: "arn") {`
`26`	`26`	`vpc: [awsVpc] @hasInverse(field: lambda)`
`27`	`27`	`cognitoUserPool: [awsCognitoUserPool] @hasInverse(field: lambda) #change to plural`
`28`	`28`	`appSync: [awsAppSync] @hasInverse(field: lambda)`
	`29`	`+ s3: [awsS3] @hasInverse(field: lambdas)`
`29`	`30`	`}`
`30`	`31`
`31`	`32`	`type awsLambdaEnvironmentVariable`