feat: Add Additional data to transit gateway attachment

Author: m-pizarro

README.md

@@ -153,11 +153,11 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | ses                         |                                                                                                                                                                                                                                                                                                                                                                               |
 | sns                         | kms, cloudtrail, cloudwatch, s3                                                                                                                                                                                                                                                                                                                                               |
 | sqs                         | elasticBeanstalkEnv, s3                                                                                                                                                                                                                                                                                                                                                       |
-| subnet                      | alb, asg, codebuild, dmsReplicationInstance, ec2, ecsService, efsMountTarget, elastiCacheCluster, elasticSearchDomain, elb, lambda, managedAirflow, natGateway, networkInterface, rdsCluster, sageMakerNotebookInstance, routeTable, vpc, eksCluster, emrCluster, flowLog                                                                                                     |
+| subnet                      | alb, asg, codebuild, dmsReplicationInstance, ec2, ecsService, efsMountTarget, elastiCacheCluster, elasticSearchDomain, elb, lambda, managedAirflow, natGateway, networkInterface, rdsCluster, sageMakerNotebookInstance, routeTable, transitGatewayAttachment, vpc, eksCluster, emrCluster, flowLog                                                                                                     |
 | systemsManagerInstance      | ec2, iamRole                                                                                                                                                                                                                                                                                                                                                                  |
 | systemsManagerDocument      |                                                                                                                                                                                                                                                                                                                                                                               |
 | transitGateway              | routeTable, transitGatewayAttachment, vpnConnection                                                                                                                                                                                                                                                                                                                           |
-| transitGatewayAttachment    | routeTable, transitGateway, vpc, vpnConnection                                                                                                                                                                                                                                                                                                                                |
+| transitGatewayAttachment    | routeTable, subnet, transitGateway, vpc, vpnConnection                                                                                                                                                                                                                                                                                                                                |
 | vpc                         | alb, codebuild, dmsReplicationInstance, ec2, eip, elb, ecsService, efsMountTarget, eksCluster igw, elastiCacheCluster, elasticSearchDomain, lambda, nacl, natGateway, networkInterface, rdsClusterSnapshot, rdsDbInstance, redshiftCluster, route53HostedZone, routeTable, subnet, flowLog, vpnGateway, transitGatewayAttachment                                              |
 | vpnConnection               | customerGateway, transitGateway, transitGatewayAttachment, vpnGateway                                                                                                                                                                                                                                                                                                         |
 | vpnGateway                  | vpc, vpnConnection                                                                                                                                                                                                                                                                                                                                                            |

src/properties/logger.ts

@@ -479,6 +479,7 @@ export default {
    * Transit Gateway Attachment
    */
    fetchedTransitGatewayAttachments: (num: number): string => `Found ${num} Transit Gateway Attachments`,
+   fetchedTransitGatewayVpcAttachments: (num: number): string => `Found ${num} Transit Gateway VPC Attachments`,
   /**
    * VPN Gateway
    */

src/services/subnet/schema.graphql

@@ -33,4 +33,5 @@ type awsSubnet implements awsBaseService @key(fields: "id") {
   sageMakerNotebookInstances: [awsSageMakerNotebookInstance]
     @hasInverse(field: subnet)
   rdsCluster: [awsRdsCluster] @hasInverse(field: subnets)
+  transitGatewayAttachment: [awsTransitGatewayAttachment] @hasInverse(field: subnets)
 }

src/services/transitGatewayAttachment/connections.ts

@@ -2,13 +2,13 @@ import isEmpty from 'lodash/isEmpty'
 
 import { ServiceConnection } from '@cloudgraph/sdk'
 
-import { TransitGatewayAttachment, TagList } from 'aws-sdk/clients/ec2'
-
 import services from '../../enums/services'
 import { RawAwsVpnConnection } from '../vpnConnection/data'
 import { RawAwsVpc } from '../vpc/data'
 import { RawAwsTransitGateway } from '../transitGateway/data'
+import { RawAwsTransitGatewayAttachment } from '../transitGatewayAttachment/data'
 import { RawAwsRouteTable } from '../routeTable/data'
+import { RawAwsSubnet } from '../subnet/data'
 
 /**
  * Transit Gateway Attachment
@@ -21,9 +21,7 @@ export default ({
 }: {
   account: string
   data: { name: string; data: { [property: string]: any[] } }[]
-  service: TransitGatewayAttachment & {
-    Tags?: TagList
-  }
+  service: RawAwsTransitGatewayAttachment
   region: string
 }): { [key: string]: ServiceConnection[] } => {
   const connections: ServiceConnection[] = []
@@ -32,6 +30,7 @@ export default ({
     TransitGatewayId: transitGatewayId,
     Association: association,
     ResourceId: resourceId,
+    SubnetIds: subnetIds,
   } = transitGatewayAttachment
 
   /**
@@ -147,6 +146,29 @@ export default ({
     }
   }
 
+  /**
+   * Find Subnets
+   * related to this Transit Gateway Attachment
+   */
+  const subnets = data.find(({ name }) => name === services.subnet)
+  if (subnets?.data?.[region]) {
+    const subnetsInRegion = subnets.data[region].filter(
+      ({ SubnetId }: RawAwsSubnet) => subnetIds.includes(SubnetId)
+    )
+    if (!isEmpty(subnetsInRegion)) {
+      for (const subnet of subnetsInRegion) {
+        const { SubnetId }: RawAwsSubnet = subnet
+
+        connections.push({
+          id: SubnetId,
+          resourceType: services.subnet,
+          relation: 'child',
+          field: 'subnets',
+        })
+      }
+    }
+  }
+
   const transitGatewayAttachmentResult = {
     [id]: connections,
   }

src/services/transitGatewayAttachment/data.ts

@@ -7,6 +7,10 @@ import EC2, {
   DescribeTransitGatewayAttachmentsResult,
   TransitGatewayAttachmentList,
   TransitGatewayAttachment,
+  DescribeTransitGatewayVpcAttachmentsResult,
+  TransitGatewayVpcAttachmentList,
+  TransitGatewayVpcAttachment,
+  DescribeTransitGatewayVpcAttachmentsRequest,
 } from 'aws-sdk/clients/ec2'
 
 import { Config } from 'aws-sdk/lib/config'
@@ -52,7 +56,6 @@ const listTransitGatewayAttachmentsData = async ({
             err,
           })
         }
-
         if (!isEmpty(data)) {
           const {
             NextToken: nextToken,
@@ -84,6 +87,67 @@ const listTransitGatewayAttachmentsData = async ({
     )
   })
 
+const listTransitGatewayVpcAttachmentsData = async ({
+  ec2,
+  region,
+  nextToken: NextToken = '',
+}: {
+  ec2: EC2
+  region: string
+  nextToken?: string
+}): Promise<(TransitGatewayVpcAttachment & { region: string })[]> =>
+  new Promise<(TransitGatewayVpcAttachment & { region: string })[]>(resolve => {
+    let transitGatewayVpcAttachmentData: (TransitGatewayVpcAttachment & {
+      region: string
+    })[] = []
+    const transitGatewayVpcAttachmentList: TransitGatewayVpcAttachmentList = []
+    let args: DescribeTransitGatewayVpcAttachmentsRequest = {}
+
+    if (NextToken) {
+      args = { ...args, NextToken }
+    }
+
+    ec2.describeTransitGatewayVpcAttachments(
+      args,
+      (err: AWSError, data: DescribeTransitGatewayVpcAttachmentsResult) => {
+        if (err) {
+          errorLog.generateAwsErrorLog({
+            functionName: 'ec2:describeTransitGatewayVpcAttachments',
+            err,
+          })
+        }
+
+        if (!isEmpty(data)) {
+          const {
+            NextToken: nextToken,
+            TransitGatewayVpcAttachments: transitGatewayVpcAttachments = [],
+          } = data
+
+          transitGatewayVpcAttachmentList.push(...transitGatewayVpcAttachments)
+
+          logger.debug(
+            lt.fetchedTransitGatewayVpcAttachments(
+              transitGatewayVpcAttachments.length
+            )
+          )
+
+          if (nextToken) {
+            listTransitGatewayVpcAttachmentsData({ ec2, region, nextToken })
+          }
+
+          transitGatewayVpcAttachmentData = transitGatewayVpcAttachmentList.map(
+            vpcAttachment => ({
+              ...vpcAttachment,
+              region,
+            })
+          )
+        }
+
+        resolve(transitGatewayVpcAttachmentData)
+      }
+    )
+  })
+
 /**
  * Transit Gateway Attachment
  */
@@ -92,6 +156,7 @@ export interface RawAwsTransitGatewayAttachment
   extends Omit<TransitGatewayAttachment, 'Tags'> {
   region: string
   Tags?: TagMap
+  SubnetIds?: string[]
 }
 
 export default async ({
@@ -118,11 +183,24 @@ export default async ({
           })
 
         if (!isEmpty(transitGatewayAttachments)) {
+          // Get Transit Gateway Vpc Attachment Data
+          const transitGatewayVpcAttachments =
+            await listTransitGatewayVpcAttachmentsData({
+              ec2,
+              region,
+            })
+
           for (const attachment of transitGatewayAttachments) {
             transitGatewayAttachmentsResult.push({
               ...attachment,
               region,
               Tags: convertAwsTagsToTagMap(attachment.Tags as AwsTag[]),
+              SubnetIds:
+                transitGatewayVpcAttachments?.find(
+                  a =>
+                    a.TransitGatewayAttachmentId ===
+                    attachment.TransitGatewayAttachmentId
+                )?.SubnetIds || [],
             })
           }
         }

src/services/transitGatewayAttachment/schema.graphql

@@ -17,4 +17,5 @@ type awsTransitGatewayAttachment @key(fields: "arn") {
   routeTable: [awsRouteTable] @hasInverse(field: transitGatewayAttachment)
   vpc: [awsVpc] @hasInverse(field: transitGatewayAttachments)
   vpnConnection: [awsVpnConnection] @hasInverse(field: transitGatewayAttachment)
+  subnets: [awsSubnet] @hasInverse(field: transitGatewayAttachment)
 }

src/types/generated.ts

@@ -4054,6 +4054,7 @@ export type AwsSubnet = AwsBaseService & {
   sageMakerNotebookInstances?: Maybe<Array<Maybe<AwsSageMakerNotebookInstance>>>;
   state?: Maybe<Scalars['String']>;
   tags?: Maybe<Array<Maybe<AwsRawTag>>>;
+  transitGatewayAttachment?: Maybe<Array<Maybe<AwsTransitGatewayAttachment>>>;
   vpc?: Maybe<Array<Maybe<AwsVpc>>>;
 };
 
@@ -4225,6 +4226,7 @@ export type AwsTransitGatewayAttachment = {
   resourceType?: Maybe<Scalars['String']>;
   routeTable?: Maybe<Array<Maybe<AwsRouteTable>>>;
   state?: Maybe<Scalars['String']>;
+  subnets?: Maybe<Array<Maybe<AwsSubnet>>>;
   tags?: Maybe<Array<Maybe<AwsRawTag>>>;
   transitGateway?: Maybe<Array<Maybe<AwsTransitGateway>>>;
   transitGatewayId?: Maybe<Scalars['String']>;