Skip to content

Commit edb8883

Browse files
m-pizarrom-pizarro
committed
Merge branch 'alpha' into feature/CG-1063
2 parents 9a0eab2 + a4d4ed0 commit edb8883

12 files changed

Lines changed: 199 additions & 39 deletions

File tree

CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,10 @@
1+
# [0.79.0-alpha.8](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.7...0.79.0-alpha.8) (2022-04-11)
2+
3+
4+
### Bug Fixes
5+
6+
* Added iamRole connection to kinesisFirehose service ([dc17214](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/dc1721403a6d86aa1d7a00542dff237011514654))
7+
18
# [0.79.0-alpha.7](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.6...0.79.0-alpha.7) (2022-04-11)
29

310

README.md

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -124,20 +124,20 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
124124
| iamServerCertificate | |
125125
| iamUser | iamGroup |
126126
| iamPolicy | iamRole, iamGroup |
127-
| iamRole | appSync, codebuild, configurationRecorder, ec2, ecsTask, ecsTaskDefinition, iamInstanceProfile, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, sageMakerNotebookInstance, systemsManagerInstance guardDutyDetector, lambda |
127+
| iamRole | appSync, codebuild, configurationRecorder, ec2, ecsTask, ecsTaskDefinition, iamInstanceProfile, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, sageMakerNotebookInstance, systemsManagerInstance guardDutyDetector, lambda, kinesisFirehose, rdsCluster |
128128
| iamGroup | iamUser, iamPolicy |
129129
| igw | vpc |
130130
| iot | |
131-
| kinesisFirehose | kinesisStream, s3 |
131+
| kinesisFirehose | kinesisStream, s3, iamRole |
132132
| kinesisStream | kinesisFirehose |
133-
| kms | cloudtrail, cloudwatchLog, codebuild, ecsCluster, efs, eksCluster, elastiCacheReplicationGroup, elasticSearchDomain, emrCluster, lambda, rdsClusterSnapshot, sns, sageMakerNotebookInstance, dmsReplicationInstance, redshiftCluster |
133+
| kms | cloudtrail, cloudwatchLog, codebuild, ecsCluster, efs, eksCluster, elastiCacheReplicationGroup, elasticSearchDomain, emrCluster, lambda, rdsClusterSnapshot, sns, sageMakerNotebookInstance, dmsReplicationInstance, redshiftCluster, rdsCluster |
134134
| lambda | appSync, cognitoUserPool, kms, securityGroup, subnet, vpc, iamRole |
135135
| managedAirflow | iamRole, securityGroups, subnet, s3 |
136136
| nacl | vpc |
137137
| natGateway | networkInterface, subnet, vpc |
138138
| networkInterface | ec2, eip, efsMountTarget, natGateway, sageMakerNotebookInstance, subnet, vpc, flowLog |
139139
| organization |
140-
| rdsCluster | appSync, rdsClusterSnapshot, rdsDbInstance, securityGroup |
140+
| rdsCluster | appSync, rdsClusterSnapshot, rdsDbInstance, securityGroup, iamRole, kms |
141141
| rdsClusterSnapshot | kms, rdsCluster, vpc |
142142
| rdsDbInstance | rdsCluster, securityGroup, vpc, subnet |
143143
| redshiftCluster | kms, vpc |

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@cloudgraph/cg-provider-aws",
3-
"version": "0.79.0-alpha.7",
3+
"version": "0.79.0-alpha.8",
44
"description": "cloud-graph provider plugin for AWS used to fetch AWS cloud data.",
55
"publishConfig": {
66
"registry": "https://registry.npmjs.org/",

src/services/iamRole/connections.ts

Lines changed: 10 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -170,15 +170,12 @@ export default ({
170170
/**
171171
* Find any guardDutyDetector related data
172172
*/
173-
const detectors = data.find(
174-
({ name }) => name === services.guardDutyDetector
175-
)
173+
const detectors = data.find(({ name }) => name === services.guardDutyDetector)
176174
if (detectors?.data?.[region]) {
177175
const dataAtRegion: RawAwsGuardDutyDetector[] = detectors.data[
178176
region
179177
].filter(
180-
({ ServiceRole }: RawAwsGuardDutyDetector) =>
181-
ServiceRole === role.Arn
178+
({ ServiceRole }: RawAwsGuardDutyDetector) => ServiceRole === role.Arn
182179
)
183180
for (const detector of dataAtRegion) {
184181
connections.push({
@@ -189,19 +186,17 @@ export default ({
189186
})
190187
}
191188
}
192-
/**
189+
/**
193190
* Find any systemsManagerInstance related data
194191
*/
195-
const systemsManagerInstances = data.find(
192+
const systemsManagerInstances = data.find(
196193
({ name }) => name === services.systemsManagerInstance
197194
)
198195
if (systemsManagerInstances?.data?.[region]) {
199-
const dataAtRegion: RawAwsSystemsManagerInstance[] = systemsManagerInstances.data[
200-
region
201-
].filter(
202-
({ IamRole }: RawAwsSystemsManagerInstance) =>
203-
IamRole === role.Arn
204-
)
196+
const dataAtRegion: RawAwsSystemsManagerInstance[] =
197+
systemsManagerInstances.data[region].filter(
198+
({ IamRole }: RawAwsSystemsManagerInstance) => IamRole === role.Arn
199+
)
205200
for (const instance of dataAtRegion) {
206201
connections.push({
207202
id: instance.InstanceId,
@@ -215,15 +210,14 @@ export default ({
215210
/**
216211
* Find any sageMakerNotebookInstance related data
217212
*/
218-
const notebooks = data.find(
213+
const notebooks = data.find(
219214
({ name }) => name === services.sageMakerNotebookInstance
220215
)
221216
if (notebooks?.data?.[region]) {
222217
const dataAtRegion: RawAwsSageMakerNotebookInstance[] = notebooks.data[
223218
region
224219
].filter(
225-
({ RoleArn }: RawAwsSageMakerNotebookInstance) =>
226-
RoleArn === role.Arn
220+
({ RoleArn }: RawAwsSageMakerNotebookInstance) => RoleArn === role.Arn
227221
)
228222
for (const notebook of dataAtRegion) {
229223
connections.push({

src/services/iamRole/schema.graphql

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,4 +29,8 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
2929
cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: iamRole)
3030
appSync: [awsAppSync] @hasInverse(field: iamRoles)
3131
lambda: [awsLambda] @hasInverse(field: iamRole)
32+
kinesisFirehose: [awsKinesisFirehose] @hasInverse(field: iamRole)
33+
rdsClusterMonitoringRole: [awsRdsCluster]
34+
@hasInverse(field: monitoringIamRole)
35+
rdsClusterIamRoles: [awsRdsCluster] @hasInverse(field: iamRoles)
3236
}

src/services/kinesisFirehose/connections.ts

Lines changed: 35 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,8 @@ import { TagMap } from '../../types'
88
import services from '../../enums/services'
99
import { RawAwsS3 } from '../s3/data'
1010
import { s3BucketArn } from '../../utils/generateArns'
11+
import { globalRegionName } from '../../enums/regions'
12+
import { RawAwsIamRole } from '../iamRole/data'
1113

1214
/**
1315
* Kinesis Firehose
@@ -26,7 +28,11 @@ export default ({
2628
region: string
2729
}): { [key: string]: ServiceConnection[] } => {
2830
const connections: ServiceConnection[] = []
29-
const { DeliveryStreamARN: id, Destinations: destinations = [] } = firehose
31+
const {
32+
DeliveryStreamARN: id,
33+
Destinations: destinations = [],
34+
Source = {},
35+
} = firehose
3036

3137
const kinesisStreamSourceARN =
3238
firehose.Source?.KinesisStreamSourceDescription?.KinesisStreamARN
@@ -63,10 +69,8 @@ export default ({
6369

6470
if (!isEmpty(destinations)) {
6571
destinations.map((destination: DestinationDescription) => {
66-
const {
67-
ExtendedS3DestinationDescription,
68-
S3DestinationDescription,
69-
} = destination
72+
const { ExtendedS3DestinationDescription, S3DestinationDescription } =
73+
destination
7074
const s3DestinationDescription =
7175
ExtendedS3DestinationDescription || S3DestinationDescription
7276
if (s3DestinationDescription) {
@@ -94,6 +98,32 @@ export default ({
9498
})
9599
}
96100

101+
/**
102+
* Find related IAM Roles
103+
*/
104+
const roles: { name: string; data: { [property: string]: any[] } } =
105+
data.find(({ name }) => name === services.iamRole)
106+
if (
107+
roles?.data?.[globalRegionName] &&
108+
Source?.KinesisStreamSourceDescription?.RoleARN
109+
) {
110+
const dataAtRegion: RawAwsIamRole[] = roles.data[globalRegionName].filter(
111+
role => role.Arn === Source.KinesisStreamSourceDescription.RoleARN
112+
)
113+
if (!isEmpty(dataAtRegion)) {
114+
for (const instance of dataAtRegion) {
115+
const { Arn: roleId } = instance
116+
117+
connections.push({
118+
id: roleId,
119+
resourceType: services.iamRole,
120+
relation: 'child',
121+
field: 'iamRole',
122+
})
123+
}
124+
}
125+
}
126+
97127
const kinesisFirehoseResult = {
98128
[id]: connections,
99129
}

src/services/kinesisFirehose/schema.graphql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,3 @@
1-
#TODO: add iam role connection
21
type awsKinesisFirehose implements awsBaseService @key(fields: "arn") {
32
name: String @search(by: [hash, regexp])
43
deliveryStreamStatus: String @search(by: [hash, regexp])
@@ -12,6 +11,7 @@ type awsKinesisFirehose implements awsBaseService @key(fields: "arn") {
1211
source: awsKinesisFirehoseSource
1312
kinesisStream: [awsKinesisStream] @hasInverse(field: kinesisFirehose)
1413
s3: [awsS3] @hasInverse(field: kinesisFirehose)
14+
iamRole: [awsIamRole] @hasInverse(field: kinesisFirehose)
1515
tags: [awsRawTag]
1616
}
1717

src/services/kms/schema.graphql

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,4 +31,10 @@ type awsKms implements awsBaseService @key(fields: "id") {
3131
ecsCluster: [awsEcsCluster] @hasInverse(field: kms)
3232
dynamodb: [awsDynamoDbTable] @hasInverse(field: kms)
3333
cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: kms)
34+
rdsClusterStorageEncryption: [awsRdsCluster]
35+
@hasInverse(field: storageEncryptedKms)
36+
rdsClusterActivityStream: [awsRdsCluster]
37+
@hasInverse(field: activityStreamKms)
38+
rdsClusterPerformanceInsights: [awsRdsCluster]
39+
@hasInverse(field: performanceInsightsKms)
3440
}

src/services/rdsCluster/connections.ts

Lines changed: 110 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@ import { DBInstance, DBCluster } from 'aws-sdk/clients/rds'
55

66
import services from '../../enums/services'
77
import { RawAwsRdsClusterSnapshot } from '../rdsClusterSnapshot/data'
8+
import { RawAwsIamRole } from '../iamRole/data'
9+
import { AwsKms } from '../kms/data'
10+
import { globalRegionName } from '../../enums/regions'
811

912
export default ({
1013
service,
@@ -21,6 +24,11 @@ export default ({
2124
const {
2225
DBClusterArn: id,
2326
DBClusterIdentifier: clusterId,
27+
MonitoringRoleArn: monitoringRoleArn,
28+
AssociatedRoles: associatedRoles = [],
29+
KmsKeyId,
30+
ActivityStreamKmsKeyId,
31+
PerformanceInsightsKMSKeyId,
2432
VpcSecurityGroups,
2533
} = service
2634
const sgIds = VpcSecurityGroups.map(
@@ -55,14 +63,17 @@ export default ({
5563
/**
5664
* Find cluster snapshots
5765
*/
58-
const snapshots: {
66+
const snapshots: {
5967
name: string
6068
data: { [property: string]: RawAwsRdsClusterSnapshot[] }
6169
} = data.find(({ name }) => name === services.rdsClusterSnapshot)
6270

6371
if (snapshots?.data?.[region]) {
64-
const dataInRegion: RawAwsRdsClusterSnapshot[] = snapshots.data[region].filter(
65-
({ DBClusterIdentifier }: RawAwsRdsClusterSnapshot) => DBClusterIdentifier === clusterId
72+
const dataInRegion: RawAwsRdsClusterSnapshot[] = snapshots.data[
73+
region
74+
].filter(
75+
({ DBClusterIdentifier }: RawAwsRdsClusterSnapshot) =>
76+
DBClusterIdentifier === clusterId
6677
)
6778
if (!isEmpty(dataInRegion)) {
6879
for (const snapshot of dataInRegion) {
@@ -101,6 +112,102 @@ export default ({
101112
}
102113
}
103114

115+
/**
116+
* Find KMS
117+
* related to this RDS Cluster
118+
*/
119+
const kms: {
120+
name: string
121+
data: { [property: string]: AwsKms[] }
122+
} = data.find(({ name }) => name === services.kms)
123+
124+
if (kms?.data?.[region]) {
125+
// set storage encryption kms key
126+
let kmsInRegion: AwsKms[] = kms.data[region].filter(
127+
({ Arn }: AwsKms) => Arn === KmsKeyId
128+
)
129+
if (!isEmpty(kmsInRegion)) {
130+
for (const instance of kmsInRegion) {
131+
connections.push({
132+
id: instance.KeyId,
133+
resourceType: services.kms,
134+
relation: 'child',
135+
field: 'storageEncryptedKms',
136+
})
137+
}
138+
}
139+
140+
// set activity stream kms key
141+
kmsInRegion = kms.data[region].filter(
142+
({ Arn }: AwsKms) => Arn === ActivityStreamKmsKeyId
143+
)
144+
if (!isEmpty(kmsInRegion)) {
145+
for (const instance of kmsInRegion) {
146+
connections.push({
147+
id: instance.KeyId,
148+
resourceType: services.kms,
149+
relation: 'child',
150+
field: 'activityStreamKms',
151+
})
152+
}
153+
}
154+
155+
// set performance insights kms key
156+
kmsInRegion = kms.data[region].filter(
157+
({ Arn }: AwsKms) => Arn === PerformanceInsightsKMSKeyId
158+
)
159+
if (!isEmpty(kmsInRegion)) {
160+
for (const instance of kmsInRegion) {
161+
connections.push({
162+
id: instance.KeyId,
163+
resourceType: services.kms,
164+
relation: 'child',
165+
field: 'performanceInsightsKms',
166+
})
167+
}
168+
}
169+
}
170+
171+
/**
172+
* Find IAM Role
173+
* related to this RDS Cluster
174+
*/
175+
const iamRoles: {
176+
name: string
177+
data: { [property: string]: RawAwsIamRole[] }
178+
} = data.find(({ name }) => name === services.iamRole)
179+
180+
if (iamRoles?.data?.[globalRegionName]) {
181+
let iamRolesInRegion: RawAwsIamRole[] = iamRoles.data[
182+
globalRegionName
183+
].filter(({ Arn }: RawAwsIamRole) =>
184+
associatedRoles.find(r => r.RoleArn === Arn)
185+
)
186+
if (!isEmpty(iamRolesInRegion)) {
187+
for (const instance of iamRolesInRegion) {
188+
connections.push({
189+
id: instance.Arn,
190+
resourceType: services.iamRole,
191+
relation: 'child',
192+
field: 'iamRoles',
193+
})
194+
}
195+
}
196+
iamRolesInRegion = iamRoles.data[globalRegionName].filter(
197+
({ Arn }: RawAwsIamRole) => Arn === monitoringRoleArn
198+
)
199+
if (!isEmpty(iamRolesInRegion)) {
200+
for (const instance of iamRolesInRegion) {
201+
connections.push({
202+
id: instance.Arn,
203+
resourceType: services.iamRole,
204+
relation: 'child',
205+
field: 'monitoringIamRole',
206+
})
207+
}
208+
}
209+
}
210+
104211
const rdsClusterResult = {
105212
[id]: connections,
106213
}

src/services/rdsCluster/format.ts

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,12 @@
11
import { RawAwsRdsCluster } from './data'
2-
import {
3-
AwsRdsCluster,
4-
} from '../../types/generated'
2+
import { AwsRdsCluster } from '../../types/generated'
53
import { formatTagsFromMap } from '../../utils/format'
64

75
export default ({
86
service,
97
account,
10-
region
11-
}:
12-
{
8+
region,
9+
}: {
1310
service: RawAwsRdsCluster
1411
account: string
1512
region: string

0 commit comments

Comments
 (0)