Lots more resources

src/aws.go

@@ -24,6 +24,14 @@ func GetAWSResourcePermissions(result ResourceV2) []string {
 	switch result.Name {
 	case "aws_s3_bucket":
 		Permissions = GetPermissionMap(aws_s3_bucket, result.Attributes)
+	case "aws_s3_bucket_acl":
+		Permissions = GetPermissionMap(aws_s3_bucket_acl, result.Attributes)
+	case "aws_s3_bucket_versioning":
+		Permissions = GetPermissionMap(aws_s3_bucket_versioning, result.Attributes)
+	case "aws_s3_bucket_server_side_encryption_configuration":
+		Permissions = GetPermissionMap(aws_s3_bucket_server_side_encryption_configuration, result.Attributes)
+	case "aws_s3_bucket_public_access_block":
+		Permissions = GetPermissionMap(aws_s3_bucket_public_access_block, result.Attributes)
 	case "aws_instance":
 		Permissions = GetPermissionMap(aws_instance, result.Attributes)
 	case "aws_security_group":
@@ -40,12 +48,26 @@ func GetAWSResourcePermissions(result ResourceV2) []string {
 		Permissions = GetPermissionMap(aws_kms_key, result.Attributes)
 	case "aws_iam_role":
 		Permissions = GetPermissionMap(aws_iam_role, result.Attributes)
+	case "aws_iam_role_policy":
+		Permissions = GetPermissionMap(aws_iam_role_policy, result.Attributes)
+	case "aws_iam_role_policy_attachment":
+		Permissions = GetPermissionMap(aws_iam_role_policy_attachment, result.Attributes)
+	case "aws_iam_policy":
+		Permissions = GetPermissionMap(aws_iam_policy, result.Attributes)
+	case "aws_iam_instance_profile":
+		Permissions = GetPermissionMap(aws_iam_instance_profile, result.Attributes)
 	case "aws_mq_broker":
 		Permissions = GetPermissionMap(aws_mq_broker, result.Attributes)
 	case "aws_mq_configuration":
 		Permissions = GetPermissionMap(aws_mq_configuration, result.Attributes)
 	case "aws_cloudwatch_log_group":
 		Permissions = GetPermissionMap(aws_cloudwatch_log_group, result.Attributes)
+	case "aws_route53_record":
+		Permissions = GetPermissionMap(aws_route53_record, result.Attributes)
+	case "aws_sns_topic":
+		Permissions = GetPermissionMap(aws_sns_topic, result.Attributes)
+	case "aws_key_pair":
+		Permissions = GetPermissionMap(aws_key_pair, result.Attributes)
 	default:
 		log.Printf("%s not implemented", result.Name)
 	}

src/aws_data_source.go

@@ -8,15 +8,15 @@ func GetAWSDataPermissions(result ResourceV2) []string {
 	switch result.Name {
 	case "aws_vpcs":
 		Permissions = GetPermissionMap(data_aws_vpcs, result.Attributes)
-	case "aws_subnet_ids","aws_subnet", "aws_subnets":
+	case "aws_subnet_ids", "aws_subnet", "aws_subnets":
 		Permissions = GetPermissionMap(data_aws_subnet_ids, result.Attributes)
 	case "aws_ami":
 		Permissions = GetPermissionMap(data_aws_ami, result.Attributes)
 	case "aws_vpc":
 		Permissions = GetPermissionMap(data_aws_vpc, result.Attributes)
 	case "aws_availability_zones":
 		Permissions = GetPermissionMap(data_aws_availability_zones, result.Attributes)
-	case "aws_caller_identity","aws_iam_policy_document","aws_region":
+	case "aws_caller_identity", "aws_iam_policy_document", "aws_region", "aws_canonical_user_id":
 		//do nothing
 	default:
 		log.Printf("%s.%s not implemented", result.TypeName, result.Name)

src/files.go

@@ -7,6 +7,18 @@ import (
 //go:embed mapping/aws/resource/aws_s3_bucket.json
 var aws_s3_bucket []byte
 
+//go:embed mapping/aws/resource/aws_s3_bucket_acl.json
+var aws_s3_bucket_acl []byte
+
+//go:embed mapping/aws/resource/aws_s3_bucket_versioning.json
+var aws_s3_bucket_versioning []byte
+
+//go:embed mapping/aws/resource/aws_s3_bucket_server_side_encryption_configuration.json
+var aws_s3_bucket_server_side_encryption_configuration []byte
+
+//go:embed mapping/aws/resource/aws_s3_bucket_public_access_block.json
+var aws_s3_bucket_public_access_block []byte
+
 //go:embed mapping/aws/resource/aws_instance.json
 var aws_instance []byte
 
@@ -31,6 +43,18 @@ var aws_kms_key []byte
 //go:embed mapping/aws/resource/aws_iam_role.json
 var aws_iam_role []byte
 
+//go:embed mapping/aws/resource/aws_iam_role_policy.json
+var aws_iam_role_policy []byte
+
+//go:embed mapping/aws/resource/aws_iam_role_policy_attachment.json
+var aws_iam_role_policy_attachment []byte
+
+//go:embed mapping/aws/resource/aws_iam_policy.json
+var aws_iam_policy []byte
+
+//go:embed mapping/aws/resource/aws_iam_instance_profile.json
+var aws_iam_instance_profile []byte
+
 //go:embed mapping/aws/resource/aws_mq_broker.json
 var aws_mq_broker []byte
 
@@ -40,6 +64,14 @@ var aws_mq_configuration []byte
 //go:embed mapping/aws/resource/aws_cloudwatch_log_group.json
 var aws_cloudwatch_log_group []byte
 
+//go:embed mapping/aws/resource/aws_route53_record.json
+var aws_route53_record []byte
+
+//go:embed mapping/aws/resource/aws_sns_topic.json
+var aws_sns_topic []byte
+
+//go:embed mapping/aws/resource/aws_key_pair.json
+var aws_key_pair []byte
 
 //go:embed mapping/gcp/google_compute_instance.json
 var google_compute_instance []byte

src/mapping/aws/resource/aws_iam_instance_profile.json

@@ -0,0 +1,23 @@
+[
+  {
+    "apply": [
+      "iam:CreateInstanceProfile",
+      "iam:GetInstanceProfile",
+      "iam:RemoveRoleFromInstanceProfile",
+      "iam:DeleteInstanceProfile",
+      "iam:AddRoleToInstanceProfile",
+      "iam:PassRole"
+    ],
+    "attributes": {
+      "tags": [
+        "iam:TagInstanceProfile",
+        "iam:UntagInstanceProfile"
+      ]
+    },
+    "destroy": [
+      "iam:GetRole"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_iam_policy.json

@@ -0,0 +1,20 @@
+[
+  {
+    "apply": [
+      "iam:CreatePolicy",
+      "iam:GetPolicy",
+      "iam:GetPolicyVersion",
+      "iam:ListPolicyVersions",
+      "iam:DeletePolicy"
+    ],
+    "attributes": {
+      "tags": [
+        "iam:TagPolicy",
+        "iam:UntagPolicy"
+      ]
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_iam_role_policy.json

@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "iam:PutRolePolicy",
+      "iam:GetRolePolicy",
+      "iam:DeleteRolePolicy"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "iam:DeleteRolePolicy"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_iam_role_policy_attachment.json

@@ -0,0 +1,15 @@
+[
+  {
+    "apply": [
+      "iam:AttachRolePolicy",
+      "iam:ListAttachedRolePolicies",
+      "iam:DetachRolePolicy"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_key_pair.json

@@ -0,0 +1,21 @@
+[
+  {
+    "apply": [
+      "ec2:ImportKeyPair",
+      "ec2:CreateKeyPair",
+      "ec2:DescribeKeyPairs",
+      "ec2:DeleteKeyPair"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:DeleteTags",
+        "ec2:CreateTags"
+      ]
+    },
+    "destroy": [
+      "ec2:DeleteKeyPair"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_route53_record.json

@@ -0,0 +1,16 @@
+[
+  {
+    "apply": [
+      "route53:GetHostedZone",
+      "route53:ChangeResourceRecordSets",
+      "route53:GetChange",
+      "route53:ListResourceRecordSets"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_s3_bucket_acl.json

@@ -0,0 +1,15 @@
+[
+  {
+    "apply": [
+      "s3:ListAllMyBuckets",
+      "s3:PutBucketAcl",
+      "s3:ListBucket",
+      "s3:GetBucketAcl"
+    ],
+    "attributes": {
+      "tag": []
+    },
+    "destroy": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_s3_bucket_public_access_block.json

@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "s3:GetBucketPublicAccessBlock",
+      "s3:PutBucketPublicAccessBlock"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_s3_bucket_server_side_encryption_configuration.json

@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "s3:PutEncryptionConfiguration",
+      "s3:GetEncryptionConfiguration"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_s3_bucket_versioning.json

@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [
+      "s3:PutBucketVersioning",
+      "s3:GetBucketVersioning"
+    ],
+    "attributes": {
+      "tag": []
+    },
+    "destroy": [],
+    "plan": []
+  }
+]

src/mapping/aws/resource/aws_sns_topic.json

@@ -0,0 +1,22 @@
+[
+  {
+    "apply": [
+      "SNS:CreateTopic",
+      "SNS:SetTopicAttributes",
+      "SNS:GetTopicAttributes",
+      "SNS:ListTagsForResource",
+      "SNS:DeleteTopic"
+    ],
+    "attributes": {
+      "tags": [
+        "SNS:TagResource",
+        "SNS:UnTagResource"
+      ]
+    },
+    "destroy": [
+      "SNS:DeleteTopic"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]

src/policy.go

@@ -1,12 +1,12 @@
 package pike
 
 import (
+	_ "embed" //required for embed
 	"encoding/json"
 	"errors"
 	"fmt"
 	"os"
 	"text/template"
-	_ "embed" //required for embed
 )
 
 //go:embed terraform.policy.template
@@ -61,26 +61,30 @@ func AWSPolicy(Permissions []string, output string) error {
 		fmt.Println(err)
 		return err
 	}
-    
+
 	switch output {
-	case "terraform","Terraform":
-		
+	case "terraform", "Terraform":
+
 		type PolicyDetails struct {
-			Policy string
-			Name string
-			Path string
+			Policy      string
+			Name        string
+			Path        string
 			Description string
 		}
 
-        PolicyName:= "terraform"+ randSeq(8)
-		theDetails := PolicyDetails{string(b), PolicyName,"/", "Add Description"}
+		PolicyName := "terraform" + randSeq(8)
+		theDetails := PolicyDetails{string(b), PolicyName, "/", "Add Description"}
 		tmpl, err := template.New("test").Parse(string(policyTemplate))
-		if err != nil { panic(err) }
+		if err != nil {
+			panic(err)
+		}
 
 		err = tmpl.Execute(os.Stdout, theDetails)
 
-		if err != nil { panic(err) }
-	default: 
+		if err != nil {
+			panic(err)
+		}
+	default:
 		fmt.Print(string(b))
 		fmt.Print("\n")
 	}

src/utils.go

@@ -1,4 +1,4 @@
-package pike 
+package pike
 
 import (
 	"math/rand"
@@ -7,9 +7,9 @@ import (
 var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
 
 func randSeq(n int) string {
-    b := make([]rune, n)
-    for i := range b {
-        b[i] = letters[rand.Intn(len(letters))]
-    }
-    return string(b)
-}
+	b := make([]rune, n)
+	for i := range b {
+		b[i] = letters[rand.Intn(len(letters))]
+	}
+	return string(b)
+}