feat(rdsCluster): add route53HostedZone connection

Author: Christopher Brandt

README.md

@@ -29,9 +29,8 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
   appSync: [awsAppSync] @hasInverse(field: iamRoles)
   lambda: [awsLambda] @hasInverse(field: iamRole)
   kinesisFirehose: [awsKinesisFirehose] @hasInverse(field: iamRole)
-  rdsClusterMonitoringRole: [awsRdsCluster]
-    @hasInverse(field: monitoringIamRole)
-  rdsClusterIamRoles: [awsRdsCluster] @hasInverse(field: iamRoles)
-  cloudFormationStackSet: [awsCloudFormationStackSet] @hasInverse(field: iamRoles)
+  rdsCluster: [awsRdsCluster] @hasInverse(field: iamRoles)
+  cloudFormationStackSet: [awsCloudFormationStackSet]
+    @hasInverse(field: iamRoles)
   asg: [awsAsg] @hasInverse(field: iamRole)
 }

src/services/iamRole/schema.graphql

@@ -47,12 +47,6 @@ type awsKms implements awsBaseService @key(fields: "id") {
   ecsCluster: [awsEcsCluster] @hasInverse(field: kms)
   dynamodb: [awsDynamoDbTable] @hasInverse(field: kms)
   cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: kms)
-  rdsClusterStorageEncryption: [awsRdsCluster]
-    @hasInverse(field: storageEncryptedKms)
-  rdsClusterActivityStream: [awsRdsCluster]
-    @hasInverse(field: activityStreamKms)
-  rdsClusterPerformanceInsights: [awsRdsCluster]
-    @hasInverse(field: performanceInsightsKms)
   rdsCluster: [awsRdsCluster] @hasInverse(field: kms)
   rdsDbInstance: [awsRdsDbInstance] @hasInverse(field: kms)
 }

src/services/kms/schema.graphql

@@ -1,10 +1,11 @@
 import { ServiceConnection } from '@cloudgraph/sdk'
 import { isEmpty } from 'lodash'
 import { SecurityGroup } from 'aws-sdk/clients/ec2'
-import { DBInstance, DBCluster } from 'aws-sdk/clients/rds'
+import { DBInstance } from 'aws-sdk/clients/rds'
 
 import services from '../../enums/services'
 import { RawAwsRdsCluster } from './data'
+import { RawAwsRoute53HostedZone } from '../route53HostedZone/data'
 import { RawAwsRdsClusterSnapshot } from '../rdsClusterSnapshot/data'
 import { RawAwsIamRole } from '../iamRole/data'
 import { RawAwsSubnet } from '../subnet/data'
@@ -33,6 +34,7 @@ export default ({
     ActivityStreamKmsKeyId,
     PerformanceInsightsKMSKeyId,
     VpcSecurityGroups,
+    HostedZoneId: hostedZoneId,
   } = service
   const sgIds = VpcSecurityGroups.map(
     ({ VpcSecurityGroupId }) => VpcSecurityGroupId
@@ -125,47 +127,19 @@ export default ({
   } = data.find(({ name }) => name === services.kms)
 
   if (kms?.data?.[region]) {
-    // set storage encryption kms key
-    let kmsInRegion: AwsKms[] = kms.data[region].filter(
-      ({ Arn }: AwsKms) => Arn === KmsKeyId
+    const kmsInRegion: AwsKms[] = kms.data[region].filter(
+      ({ Arn }: AwsKms) =>
+        Arn === KmsKeyId ||
+        Arn === ActivityStreamKmsKeyId ||
+        Arn === PerformanceInsightsKMSKeyId
     )
     if (!isEmpty(kmsInRegion)) {
       for (const instance of kmsInRegion) {
         connections.push({
           id: instance.KeyId,
           resourceType: services.kms,
           relation: 'child',
-          field: 'storageEncryptedKms',
-        })
-      }
-    }
-
-    // set activity stream kms key
-    kmsInRegion = kms.data[region].filter(
-      ({ Arn }: AwsKms) => Arn === ActivityStreamKmsKeyId
-    )
-    if (!isEmpty(kmsInRegion)) {
-      for (const instance of kmsInRegion) {
-        connections.push({
-          id: instance.KeyId,
-          resourceType: services.kms,
-          relation: 'child',
-          field: 'activityStreamKms',
-        })
-      }
-    }
-
-    // set performance insights kms key
-    kmsInRegion = kms.data[region].filter(
-      ({ Arn }: AwsKms) => Arn === PerformanceInsightsKMSKeyId
-    )
-    if (!isEmpty(kmsInRegion)) {
-      for (const instance of kmsInRegion) {
-        connections.push({
-          id: instance.KeyId,
-          resourceType: services.kms,
-          relation: 'child',
-          field: 'performanceInsightsKms',
+          field: 'kms',
         })
       }
     }
@@ -181,10 +155,12 @@ export default ({
   } = data.find(({ name }) => name === services.iamRole)
 
   if (iamRoles?.data?.[globalRegionName]) {
-    let iamRolesInRegion: RawAwsIamRole[] = iamRoles.data[
+    const iamRolesInRegion: RawAwsIamRole[] = iamRoles.data[
       globalRegionName
-    ].filter(({ Arn }: RawAwsIamRole) =>
-      associatedRoles.find(r => r.RoleArn === Arn)
+    ].filter(
+      ({ Arn }: RawAwsIamRole) =>
+        Arn === monitoringRoleArn ||
+        associatedRoles.find(r => r.RoleArn === Arn)
     )
     if (!isEmpty(iamRolesInRegion)) {
       for (const instance of iamRolesInRegion) {
@@ -196,36 +172,29 @@ export default ({
         })
       }
     }
-    iamRolesInRegion = iamRoles.data[globalRegionName].filter(
-      ({ Arn }: RawAwsIamRole) => Arn === monitoringRoleArn
-    )
-    if (!isEmpty(iamRolesInRegion)) {
-      for (const instance of iamRolesInRegion) {
-        connections.push({
-          id: instance.Arn,
-          resourceType: services.iamRole,
-          relation: 'child',
-          field: 'monitoringIamRole',
-        })
-      }
-    }
   }
 
   /**
-   * Find KMS
+   * Find Route53 hosted zones
    */
-  const kmsKeys = data.find(({ name }) => name === services.kms)
-  if (kmsKeys?.data?.[region]) {
-    const kmsKeyInRegion = kmsKeys.data[region].filter(
-      kmsKey => kmsKey.Arn === KmsKeyId
-    )
-    if (!isEmpty(kmsKeyInRegion)) {
-      for (const kms of kmsKeyInRegion) {
+  const route53HostedZones: {
+    name: string
+    data: { [property: string]: RawAwsRoute53HostedZone[] }
+  } = data.find(({ name }) => name === services.route53HostedZone)
+
+  if (route53HostedZones?.data?.[region]) {
+    const instancesInRegion: RawAwsRoute53HostedZone[] =
+      route53HostedZones.data[region].filter(
+        ({ Id }: RawAwsRoute53HostedZone) => Id === hostedZoneId
+      )
+    if (!isEmpty(instancesInRegion)) {
+      for (const instance of instancesInRegion) {
+        const { Id: id } = instance
         connections.push({
-          id: kms.KeyId,
-          resourceType: services.kms,
+          id,
+          resourceType: services.route53HostedZone,
           relation: 'child',
-          field: 'kms',
+          field: 'route53HostedZone',
         })
       }
     }

src/services/rdsCluster/connections.ts

@@ -36,10 +36,6 @@ type awsRdsCluster implements awsBaseService @key(fields: "arn") {
   subnets: [awsSubnet] @hasInverse(field: rdsCluster)
   appSync: [awsAppSync] @hasInverse(field: rdsCluster)
   kms: [awsKms] @hasInverse(field: rdsCluster)
-  monitoringIamRole: [awsIamRole] @hasInverse(field: rdsClusterMonitoringRole)
-  iamRoles: [awsIamRole] @hasInverse(field: rdsClusterIamRoles)
-  storageEncryptedKms: [awsKms] @hasInverse(field: rdsClusterStorageEncryption)
-  activityStreamKms: [awsKms] @hasInverse(field: rdsClusterActivityStream)
-  performanceInsightsKms: [awsKms]
-    @hasInverse(field: rdsClusterPerformanceInsights)
+  route53HostedZone: [awsRoute53HostedZone] @hasInverse(field: rdsCluster)
+  iamRoles: [awsIamRole] @hasInverse(field: rdsCluster)
 }

src/services/rdsCluster/schema.graphql

@@ -3,6 +3,7 @@ type awsRoute53HostedZone implements awsBaseService @key(fields: "arn") {
   comment: String @search(by: [hash, regexp, fulltext])
   delegationSetId: String @search(by: [hash])
   nameServers: [String] @search(by: [hash, regexp])
+  rdsCluster: [awsRdsCluster] @hasInverse(field: route53HostedZone)
   route53Record: [awsRoute53Record] @hasInverse(field: route53HostedZone) #change to plural
   vpc: [awsVpc] @hasInverse(field: route53HostedZone)
 }

src/services/route53HostedZone/schema.graphql

@@ -3540,6 +3540,7 @@ export type AwsRdsCluster = AwsBaseService & {
   readerEndpoint?: Maybe<Scalars['String']>;
   replicationSourceIdentifier?: Maybe<Scalars['String']>;
   resourceId?: Maybe<Scalars['String']>;
+  route53HostedZone?: Maybe<Array<Maybe<AwsRoute53HostedZone>>>;
   securityGroups?: Maybe<Array<Maybe<AwsSecurityGroup>>>;
   snapshots?: Maybe<Array<Maybe<AwsRdsClusterSnapshot>>>;
   status?: Maybe<Scalars['String']>;
@@ -3686,6 +3687,7 @@ export type AwsRoute53HostedZone = AwsBaseService & {
   delegationSetId?: Maybe<Scalars['String']>;
   name?: Maybe<Scalars['String']>;
   nameServers?: Maybe<Array<Maybe<Scalars['String']>>>;
+  rdsCluster?: Maybe<Array<Maybe<AwsRdsCluster>>>;
   route53Record?: Maybe<Array<Maybe<AwsRoute53Record>>>;
   vpc?: Maybe<Array<Maybe<AwsVpc>>>;
 };