nat gateway and launch template

JamesWoolfenden · Aug 30, 2022 · 5c0fc5d · 5c0fc5d
1 parent a63c33e
commit 5c0fc5d
Show file tree

Hide file tree

Showing 9 changed files with 138 additions and 17 deletions.
diff --git a/src/aws.go b/src/aws.go
@@ -158,6 +158,7 @@ func GetAWSResourcePermissions(result ResourceV2) []string {
 		"aws_ssm_maintenance_window":                         awsSsmMaintenanceWindow,
 		"aws_ssm_maintenance_window_target":                  awsSsmMaintenanceWindowTarget,
 		"aws_ssm_maintenance_window_task":                    awsSsmMaintenanceWindowTask,
+		"aws_launch_template":                                awsLaunchTemplate,
 	}
 
 	var Permissions []string

diff --git a/src/files.go b/src/files.go
@@ -286,7 +286,7 @@ var awsRouteTable []byte
 //go:embed mapping/aws/resource/ec2/aws_route_table_association.json
 var awsRouteTableAssociation []byte
 
-//go:embed mapping/aws/resource/aws_nat_gateway.json
+//go:embed mapping/aws/resource/ec2/aws_nat_gateway.json
 var awsNatGateway []byte
 
 //go:embed mapping/aws/resource/rds/aws_db_option_group.json
@@ -364,5 +364,8 @@ var awsSsmMaintenanceWindowTarget []byte
 //go:embed mapping/aws/resource/ssm/aws_ssm_maintenance_window_task.json
 var awsSsmMaintenanceWindowTask []byte
 
+//go:embed mapping/aws/resource/ec2/aws_launch_template.json
+var awsLaunchTemplate []byte
+
 //go:embed mapping/gcp/google_compute_instance.json
 var googleComputeInstance []byte
diff --git a/src/mapping/aws/resource/aws_nat_gateway.json b/src/mapping/aws/resource/aws_nat_gateway.json
diff --git a/src/mapping/aws/resource/ec2/aws_launch_template.json b/src/mapping/aws/resource/ec2/aws_launch_template.json
@@ -0,0 +1,20 @@
+[
+  {
+    "apply": [
+      "ec2:DescribeInstanceTypes",
+      "ec2:CreateLaunchTemplate",
+      "ec2:DescribeLaunchTemplates",
+      "ec2:DescribeLaunchTemplateVersions",
+      "ec2:DeleteLaunchTemplate",
+      "ec2:CreateLaunchTemplateVersion"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "ec2:DeleteLaunchTemplate"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_nat_gateway.json b/src/mapping/aws/resource/ec2/aws_nat_gateway.json
@@ -0,0 +1,20 @@
+[
+  {
+    "apply": [
+      "ec2:CreateNatGateway",
+      "ec2:DeleteNatGateway",
+      "ec2:DescribeNatGateways"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:DeleteTags",
+        "ec2:CreateTags"
+      ]
+    },
+    "destroy": [
+      "ec2:DeleteNatGateway"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/terraform/backup/aws_launch_template.tf b/terraform/backup/aws_launch_template.tf
@@ -0,0 +1,86 @@
+resource "aws_launch_template" "pike" {
+  name = "pike"
+
+  block_device_mappings {
+    device_name = "/dev/sda1"
+
+    ebs {
+      volume_size = 20
+    }
+  }
+
+  capacity_reservation_specification {
+    capacity_reservation_preference = "open"
+  }
+
+  cpu_options {
+    core_count       = 4
+    threads_per_core = 2
+  }
+
+  credit_specification {
+    cpu_credits = "standard"
+  }
+
+  disable_api_stop        = true
+  disable_api_termination = true
+
+  ebs_optimized = true
+
+  elastic_gpu_specifications {
+    type = "test"
+  }
+
+  elastic_inference_accelerator {
+    type = "eia1.medium"
+  }
+
+  iam_instance_profile {
+    name = "test"
+  }
+
+  image_id = "ami-0e0b657c074a17ec0"
+
+  instance_initiated_shutdown_behavior = "terminate"
+
+  instance_market_options {
+    market_type = "spot"
+  }
+
+  instance_type = "t2.micro"
+
+  //kernel_id = "test"
+
+  key_name = "test"
+
+  metadata_options {
+    http_endpoint               = "enabled"
+    http_tokens                 = "required"
+    http_put_response_hop_limit = 1
+    instance_metadata_tags      = "enabled"
+  }
+
+  monitoring {
+    enabled = true
+  }
+
+  network_interfaces {
+    associate_public_ip_address = true
+  }
+
+  placement {
+    availability_zone = "eu-west-2a"
+  }
+
+  //ram_disk_id = "test"
+
+  vpc_security_group_ids = ["sg-002ed1a53dc5fe0ad"]
+
+  tag_specifications {
+    resource_type = "instance"
+
+    tags = {
+      Name = "test1"
+    }
+  }
+}
diff --git a/terraform/backup/aws_nat_gateway.tf b/terraform/backup/aws_nat_gateway.tf
@@ -1,6 +1,6 @@
 resource "aws_nat_gateway" "pike" {
   subnet_id         = "subnet-0562ef1d304b968f4"
-  allocation_id     = "eipalloc-0bfb8a3935d7efe71"
+  allocation_id     = "eipalloc-0047fa56c40637c3b"
   connectivity_type = "public"
   tags = {
     pike = "permissions"

diff --git a/terraform/role/aws_iam_policy.basic.tf b/terraform/role/aws_iam_policy.basic.tf
@@ -7,9 +7,12 @@ resource "aws_iam_policy" "basic" {
         "Sid" : "0",
         "Effect" : "Allow",
         "Action" : [
-          "ssm:RegisterTaskWithMaintenanceWindow",
-          "ssm:DescribeMaintenanceWindowTasks",
-          "ssm:DeregisterTaskFromMaintenanceWindow"
+          "ec2:DescribeInstanceTypes",
+          "ec2:CreateLaunchTemplate",
+          "ec2:DescribeLaunchTemplates",
+          "ec2:DescribeLaunchTemplateVersions",
+          "ec2:DeleteLaunchTemplate",
+          "ec2:CreateLaunchTemplateVersion"
         ],
         "Resource" : "*"
       }

diff --git a/todo.md b/todo.md
@@ -123,7 +123,6 @@ aws_inspector_assessment_target not implemented
 aws_inspector_assessment_template not implemented
 aws_inspector_resource_group not implemented
 aws_lambda_layer_version not implemented
-aws_launch_template not implemented
 aws_lb_listener_rule not implemented
 aws_media_convert_queue not implemented
 aws_memorydb_cluster not implemented