fix(services): fix eksCluster, fix ssmInstance to use arn, add connection ec2 <-> ssmInstance

Author: tyler-dunkel

src/services/ec2/connections.ts

@@ -14,6 +14,8 @@ import { ServiceConnection } from '@cloudgraph/sdk'
 import services from '../../enums/services'
 import { RawAwsSubnet } from '../subnet/data'
 import { RawAwsEcsContainer } from '../ecsContainer/data'
+import { RawAwsSystemsManagerInstance } from '../systemsManagerInstance/data'
+import { ssmManagedInstanceArn } from '../../utils/generateArns'
 
 /**
  * EC2
@@ -23,6 +25,7 @@ export default ({
   service: instance,
   data,
   region,
+  account,
 }: {
   account: string
   data: { name: string; data: { [property: string]: any[] } }[]
@@ -169,7 +172,7 @@ export default ({
 
   /**
    * Find Subnets
-   * related to this EC2 load balancer
+   * related to this EC2
    */
   const subnets: {
     name: string
@@ -194,13 +197,13 @@ export default ({
 
   /**
    * Find EKS
-   * related to this EC2 loadbalancer
+   * related to this EC2
    */
   // TODO: Implement when eks service is ready
 
   /**
    * Find ECS Container
-   * related to this EC2 loadbalancer
+   * related to this EC2
    */
   const ecsContainers: {
     name: string
@@ -223,6 +226,32 @@ export default ({
     }
   }
 
+  /**
+   * Find SSM managed instances
+   * related to this EC2 instance
+   */
+   const instances: {
+    name: string
+    data: { [property: string]: any[] }
+  } = data.find(({ name }) => name === services.systemsManagerInstance)
+  if (instances?.data?.[region]) {
+    const dataInRegion: RawAwsSystemsManagerInstance[] = instances.data[region].filter(
+      ({ InstanceId }: RawAwsSystemsManagerInstance) => InstanceId === id
+    )
+
+    if (!isEmpty(dataInRegion)) {
+      for (const ssmInstance of dataInRegion) {
+        const arn = ssmManagedInstanceArn({ region, account, name: ssmInstance.InstanceId })
+        connections.push({
+          id: arn,
+          resourceType: services.systemsManagerInstance,
+          relation: 'child',
+          field: 'systemsManagerInstance',
+        })
+      }
+    }
+  }
+
   /**
    * Find Elastic Beanstalk
    * related to this EC2 loadbalancer

src/services/ec2/schema.graphql

@@ -96,7 +96,7 @@ type awsEc2 @key(fields: "arn") {
   sourceDestCheck: String @search(by: [hash, regexp])
   availabilityZone: String @search(by: [hash, regexp])
   cpuThreadsPerCore: Int @search
-  iamInstanceProfile: String @search(by: [hash, regexp])
+  iamInstanceProfile: String @search(by: [hash, regexp]) # TODO: use to make a connection to a role
   deletionProtection: String @search(by: [hash, regexp])
   dailyCost: awsTotalBillingInfo
   primaryNetworkInterface: String @search(by: [hash, regexp])
@@ -119,4 +119,5 @@ type awsEc2 @key(fields: "arn") {
   subnet: [awsSubnet] @hasInverse(field: ec2Instance) #change to plural
   ecsContainer: [awsEcsContainer] @hasInverse(field: ec2Instance) #change to plural
   emrInstance: [awsEmrInstance] @hasInverse(field: ec2Instance)
+  systemsManagerInstance: [awsSystemsManagerInstance] @hasInverse(field: ec2Instance)
 }

src/services/eksCluster/format.ts

@@ -30,6 +30,12 @@ export default ({
     Tags = {},
   } = service
 
+  const formattedKubernetesNetworkConfig = {
+    serviceIpv4Cidr: kubernetesNetworkConfig?.serviceIpv4Cidr,
+    serviceIpv6Cidr: kubernetesNetworkConfig?.serviceIpv6Cidr,
+    ipFamily: kubernetesNetworkConfig?.ipFamily
+  }
+
   return {
     id: arn,
     arn,
@@ -40,7 +46,7 @@ export default ({
     version,
     endpoint,
     resourcesVpcConfig,
-    kubernetesNetworkConfig,
+    kubernetesNetworkConfig: formattedKubernetesNetworkConfig,
     logging: {
       clusterLogging: logging?.clusterLogging?.map(logSetup => ({
         id: cuid(),

src/services/eksCluster/schema.graphql

@@ -36,6 +36,8 @@ type awsEksVpcConfigResponse {
 
 type awsEksKubernetesNetworkConfigResponse {
   serviceIpv4Cidr: String @search(by: [hash, regexp])
+  serviceIpv6Cidr: String @search(by: [hash, regexp])
+  ipFamily: String @search(by: [hash, regexp])
 }
 
 type awsEksLogging {
@@ -58,24 +60,24 @@ type awsEksProvider {
   keyArn: String @search(by: [hash, regexp])
 }
 
-type awsEksLogSetup 
+type awsEksLogSetup
   @generate(
     query: { get: false, query: true, aggregate: false }
     mutation: { add: false, delete: false }
     subscription: false
   ) {
-    id: String! @id @search(by: [hash])
-    types: [String] @search(by: [hash])
-    enabled: Boolean @search
-  }
+  id: String! @id @search(by: [hash])
+  types: [String] @search(by: [hash])
+  enabled: Boolean @search
+}
 
-type awsEksEncryptionConfig 
+type awsEksEncryptionConfig
   @generate(
     query: { get: false, query: true, aggregate: false }
     mutation: { add: false, delete: false }
     subscription: false
   ) {
-    id: String! @id @search(by: [hash])
-    resources: [String] @search(by: [hash])
-    provider: awsEksProvider
-  }
+  id: String! @id @search(by: [hash])
+  resources: [String] @search(by: [hash])
+  provider: awsEksProvider
+}

src/services/systemsManagerInstance/format.ts

@@ -2,6 +2,7 @@
 import cuid from 'cuid'
 import { AwsSystemsManagerInstance } from '../../types/generated'
 import { RawAwsSystemsManagerInstance } from './data'
+import { ssmManagedInstanceArn } from '../../utils/generateArns'
 
 /**
  * SystemsManagerInstance
@@ -86,8 +87,12 @@ export default ({
     value: instanceAssociationStatusAggregatedCount[key],
   }))
 
+  const arn = ssmManagedInstanceArn({ region, account, name: instanceId })
+
   return {
-    id: instanceId,
+    id: arn,
+    arn,
+    instanceId,
     region,
     accountId: account,
     pingStatus,

src/services/systemsManagerInstance/schema.graphql

@@ -1,7 +1,9 @@
-type awsSystemsManagerInstance @key(fields: "id") {
+type awsSystemsManagerInstance @key(fields: "arn") {
   id: String! @id @search(by: [hash])
+  arn: String! @id @search(by: [hash])
   accountId: String! @search(by: [hash])
   region: String @search(by: [hash, regexp])
+  instanceId: String @search(by: [hash, regexp])
   pingStatus: String @search(by: [hash, regexp])
   lastPingDateTime: DateTime @search(by: [day])
   agentVersion: String @search(by: [hash, regexp])
@@ -22,7 +24,8 @@ type awsSystemsManagerInstance @key(fields: "id") {
   complianceItems: [systemsManagerInstanceComplianceItem]
   sourceId: String @search(by: [hash, regexp])
   sourceType: String @search(by: [hash, regexp])
-  iamRole: [awsIamRole] @hasInverse(field: systemManagerInstances)
+  iamRole: [awsIamRole] @hasInverse(field: systemsManagerInstances)
+  ec2Instance: [awsEc2] @hasInverse(field: systemsManagerInstance)
 }
 
 type systemsManagerInstanceAssociationOverview {

src/services/wafV2WebAcl/format.ts

@@ -1,4 +1,5 @@
 import cuid from 'cuid'
+import isEmpty from 'lodash/isEmpty'
 import {
   formatFieldToMatch,
   formatRuleLabels,
@@ -62,7 +63,7 @@ export default ({
     content: CustomResponseBodies[key]?.Content,
   }))
 
-  const formattedLoggingConfig = {
+  const formattedLoggingConfig = isEmpty(loggingConfiguration ?? {}) ? {
     resourceArn: loggingConfiguration?.ResourceArn,
     logDestinationConfigs: loggingConfiguration?.LogDestinationConfigs,
     redactedFields: loggingConfiguration?.RedactedFields?.map(formatFieldToMatch),
@@ -84,7 +85,7 @@ export default ({
       })),
       defaultBehavior: loggingConfiguration?.LoggingFilter?.DefaultBehavior
     },
-  }
+  } : null
 
   return {
     id,

src/types/generated.ts

@@ -1421,6 +1421,7 @@ export type AwsEc2 = {
   securityGroups?: Maybe<Array<Maybe<AwsSecurityGroup>>>;
   sourceDestCheck?: Maybe<Scalars['String']>;
   subnet?: Maybe<Array<Maybe<AwsSubnet>>>;
+  systemsManagerInstance?: Maybe<Array<Maybe<AwsSystemsManagerInstance>>>;
   tags?: Maybe<Array<Maybe<AwsRawTag>>>;
   tenancy?: Maybe<Scalars['String']>;
 };
@@ -2231,7 +2232,9 @@ export type AwsEksIdentity = {
 };
 
 export type AwsEksKubernetesNetworkConfigResponse = {
+  ipFamily?: Maybe<Scalars['String']>;
   serviceIpv4Cidr?: Maybe<Scalars['String']>;
+  serviceIpv6Cidr?: Maybe<Scalars['String']>;
 };
 
 export type AwsEksLogSetup = {
@@ -4016,12 +4019,15 @@ export type AwsSystemsManagerInstance = {
   accountId: Scalars['String'];
   activationId?: Maybe<Scalars['String']>;
   agentVersion?: Maybe<Scalars['String']>;
+  arn: Scalars['String'];
   associationOverview?: Maybe<SystemsManagerInstanceAssociationOverview>;
   associationStatus?: Maybe<Scalars['String']>;
   complianceItems?: Maybe<Array<Maybe<SystemsManagerInstanceComplianceItem>>>;
   computerName?: Maybe<Scalars['String']>;
+  ec2Instance?: Maybe<Array<Maybe<AwsEc2>>>;
   iamRole?: Maybe<Array<Maybe<AwsIamRole>>>;
   id: Scalars['String'];
+  instanceId?: Maybe<Scalars['String']>;
   ipAddress?: Maybe<Scalars['String']>;
   isLatestVersion?: Maybe<Scalars['Boolean']>;
   lastAssociationExecutionDate?: Maybe<Scalars['DateTime']>;
@@ -4562,6 +4568,7 @@ export type SystemsManagerInstanceAssociationOverview = {
 };
 
 export type SystemsManagerInstanceComplianceItem = {
+  complianceItemId?: Maybe<Scalars['String']>;
   complianceType?: Maybe<Scalars['String']>;
   details?: Maybe<Array<Maybe<AwsRawTag>>>;
   executionSummary?: Maybe<SsmComplianceItemExecutionSummary>;

src/utils/generateArns.ts

@@ -241,6 +241,16 @@ export const glueJobArn = ({
   name: string
 }): string => `arn:aws:glue:${region}:${account}:job/${name}`
 
+export const ssmManagedInstanceArn = ({
+  region,
+  account,
+  name
+}: {
+  region: string
+  account: string
+  name: string
+}): string => `arn:aws:ssm:${region}:${account}:managed-instance/${name}`
+
 export const ssmDocumentArn = ({
   region,
   account,