Skip to content

Commit a999cf7

Browse files
m-pizarrom-pizarro
committed
feat(service): Added default encryption kms connection
1 parent dde6694 commit a999cf7

5 files changed

Lines changed: 32 additions & 2 deletions

File tree

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -133,7 +133,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
133133
| iot | |
134134
| kinesisFirehose | kinesisStream, s3, iamRole |
135135
| kinesisStream | kinesisFirehose |
136-
| kms | cloudtrail, cloudwatchLog, codebuild, ecsCluster, efs, eksCluster, elastiCacheReplicationGroup, elasticSearchDomain, emrCluster, managedAirflow, lambda, rdsCluster, rdsClusterSnapshot, rdsDbInstance, sns, sageMakerNotebookInstance, secretsManager, dmsReplicationInstance, redshiftCluster |
136+
| kms | cloudtrail, cloudwatchLog, codebuild, ecsCluster, efs, eksCluster, elastiCacheReplicationGroup, elasticSearchDomain, emrCluster, managedAirflow, lambda, rdsCluster, rdsClusterSnapshot, rdsDbInstance, sns, sageMakerNotebookInstance, secretsManager, dmsReplicationInstance, redshiftCluster, s3 |
137137
| lambda | appSync, cognitoUserPool, kms, s3, secretsManager, securityGroup, subnet, vpc, iamRole |
138138
| managedAirflow | cloudwatchLog, iamRole, kms, securityGroups, subnet, s3 |
139139
| nacl | vpc |
@@ -150,7 +150,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
150150
| sageMakerExperiment | |
151151
| sageMakerNotebookInstance | iamRole, kms, networkInterface, subnet, securityGroup |
152152
| sageMakerProject | |
153-
| s3 | cloudfront, cloudtrail, ecsCluster, iamRole, kinesisFirehose, lambda, managedAirflow, sns, sqs |
153+
| s3 | cloudfront, cloudtrail, ecsCluster, iamRole, kinesisFirehose, kms, lambda, managedAirflow, sns, sqs |
154154
| secretsManager | kms, lambda |
155155
| securityGroup | alb, asg, clientVpnEndpoint, codebuild, dmsReplicationInstance, ecsService, lambda, ec2, elasticSearchDomain, elb, rdsCluster, rdsDbInstance, eksCluster, elastiCacheCluster, managedAirflow, sageMakerNotebookInstance, networkInterface |
156156
| ses | |

src/services/kms/schema.graphql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,4 +51,5 @@ type awsKms implements awsBaseService @key(fields: "id") {
5151
rdsCluster: [awsRdsCluster] @hasInverse(field: kms)
5252
rdsDbInstance: [awsRdsDbInstance] @hasInverse(field: kms)
5353
managedAirflows: [awsManagedAirflow] @hasInverse(field: kms)
54+
s3: [awsS3] @hasInverse(field: kms)
5455
}

src/services/s3/connections.ts

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ export default ({
3232
TopicConfigurations: topicConfigurations,
3333
QueueConfigurations: queueConfigurations,
3434
},
35+
EncryptionInfo: encryptionInfo,
3536
},
3637
} = service
3738

@@ -144,6 +145,31 @@ export default ({
144145
}
145146
}
146147

148+
/**
149+
* Find KMS
150+
* related to the S3
151+
*/
152+
const kmsKeyIds = encryptionInfo?.Rules?.map(
153+
r => r.ApplyServerSideEncryptionByDefault?.KMSMasterKeyID
154+
)
155+
const kmsKeys = data.find(({ name }) => name === services.kms)
156+
if (kmsKeys?.data?.[region] && kmsKeyIds?.length > 0) {
157+
const kmsKeyInRegion = kmsKeys.data[region].filter(kmsKey =>
158+
kmsKeyIds.includes(kmsKey.Arn)
159+
)
160+
161+
if (!isEmpty(kmsKeyInRegion)) {
162+
for (const kms of kmsKeyInRegion) {
163+
connections.push({
164+
id: kms.KeyId,
165+
resourceType: services.kms,
166+
relation: 'child',
167+
field: 'kms',
168+
})
169+
}
170+
}
171+
}
172+
147173
const s3Result = {
148174
[id]: connections,
149175
}

src/services/s3/schema.graphql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -110,4 +110,5 @@ type awsS3 implements awsBaseService @key(fields: "arn") {
110110
sns: [awsSns] @hasInverse(field: s3)
111111
sqs: [awsSqs] @hasInverse(field: s3)
112112
ecsCluster: [awsEcsCluster] @hasInverse(field: s3)
113+
kms: [awsKms] @hasInverse(field: s3)
113114
}

src/types/generated.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3323,6 +3323,7 @@ export type AwsKms = AwsBaseService & {
33233323
rdsClusterSnapshots?: Maybe<Array<Maybe<AwsRdsClusterSnapshot>>>;
33243324
rdsDbInstance?: Maybe<Array<Maybe<AwsRdsDbInstance>>>;
33253325
redshiftCluster?: Maybe<Array<Maybe<AwsRedshiftCluster>>>;
3326+
s3?: Maybe<Array<Maybe<AwsS3>>>;
33263327
sageMakerNotebookInstances?: Maybe<Array<Maybe<AwsSageMakerNotebookInstance>>>;
33273328
secretsManager?: Maybe<Array<Maybe<AwsSecretsManager>>>;
33283329
sns?: Maybe<Array<Maybe<AwsSns>>>;
@@ -3840,6 +3841,7 @@ export type AwsS3 = AwsBaseService & {
38403841
iamRole?: Maybe<Array<Maybe<AwsIamRole>>>;
38413842
ignorePublicAcls?: Maybe<Scalars['String']>;
38423843
kinesisFirehose?: Maybe<Array<Maybe<AwsKinesisFirehose>>>;
3844+
kms?: Maybe<Array<Maybe<AwsKms>>>;
38433845
lambdas?: Maybe<Array<Maybe<AwsLambda>>>;
38443846
lifecycle?: Maybe<Scalars['String']>;
38453847
logging?: Maybe<Scalars['String']>;

0 commit comments

Comments
 (0)