diff --git a/src/aws.go b/src/aws.go index 65e4c159..6e375f35 100644 --- a/src/aws.go +++ b/src/aws.go @@ -1102,6 +1102,17 @@ var ( "aws_appmesh_virtual_node": awsAppmeshVirtualNode, "aws_appmesh_virtual_router": awsAppmeshVirtualRouter, "aws_appmesh_virtual_service": awsAppmeshVirtualService, + "aws_appstream_directory_config": awsAppstreamDirectoryConfig, + "aws_appstream_fleet": awsAppstreamFleet, + "aws_appstream_fleet_stack_association": awsAppstreamFleetStackAssociation, + "aws_appstream_stack": awsAppstreamStack, + "aws_appstream_user": awsAppstreamUser, + "aws_appstream_user_stack_association": awsAppstreamUserStackAssociation, + "aws_appsync_api_cache": awsAppsyncApiCache, + "aws_appsync_api_key": awsAppsyncApiKey, + "aws_appsync_datasource": awsAppsyncDatasource, + "aws_appsync_source_api_association": awsAppsyncSourceApiAssociation, + "aws_appsync_type": awsAppsyncType, } ) diff --git a/src/coverage/aws.md b/src/coverage/aws.md index a628f99b..0a8f5747 100644 --- a/src/coverage/aws.md +++ b/src/coverage/aws.md @@ -1,6 +1,6 @@ # todo aws -Resource percentage coverage 72.49 +Resource percentage coverage 74.25 Datasource percentage coverage 100.00 ./resource.ps1 aws_amplify_backend_environment @@ -13,17 +13,6 @@ Datasource percentage coverage 100.00 ./resource.ps1 aws_apprunner_connection ./resource.ps1 aws_apprunner_custom_domain_association ./resource.ps1 aws_apprunner_deployment -./resource.ps1 aws_appstream_directory_config -./resource.ps1 aws_appstream_fleet -./resource.ps1 aws_appstream_fleet_stack_association -./resource.ps1 aws_appstream_stack -./resource.ps1 aws_appstream_user -./resource.ps1 aws_appstream_user_stack_association -./resource.ps1 aws_appsync_api_cache -./resource.ps1 aws_appsync_api_key -./resource.ps1 aws_appsync_datasource -./resource.ps1 aws_appsync_source_api_association -./resource.ps1 aws_appsync_type ./resource.ps1 aws_bedrock_guardrail ./resource.ps1 aws_bedrock_guardrail_version ./resource.ps1 aws_bedrockagent_agent_collaborator diff --git a/src/files.go b/src/files.go index 85fa8bdf..13c9f191 100644 --- a/src/files.go +++ b/src/files.go @@ -3096,3 +3096,36 @@ var awsAppmeshVirtualRouter []byte //go:embed mapping/aws/resource/appmesh/aws_appmesh_virtual_service.json var awsAppmeshVirtualService []byte + +//go:embed mapping/aws/resource/appstream/aws_appstream_directory_config.json +var awsAppstreamDirectoryConfig []byte + +//go:embed mapping/aws/resource/appstream/aws_appstream_fleet.json +var awsAppstreamFleet []byte + +//go:embed mapping/aws/resource/appstream/aws_appstream_fleet_stack_association.json +var awsAppstreamFleetStackAssociation []byte + +//go:embed mapping/aws/resource/appstream/aws_appstream_stack.json +var awsAppstreamStack []byte + +//go:embed mapping/aws/resource/appstream/aws_appstream_user.json +var awsAppstreamUser []byte + +//go:embed mapping/aws/resource/appstream/aws_appstream_user_stack_association.json +var awsAppstreamUserStackAssociation []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_api_cache.json +var awsAppsyncApiCache []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_api_key.json +var awsAppsyncApiKey []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_datasource.json +var awsAppsyncDatasource []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_source_api_association.json +var awsAppsyncSourceApiAssociation []byte + +//go:embed mapping/aws/resource/appsync/aws_appsync_type.json +var awsAppsyncType []byte diff --git a/src/mapping/aws/resource/appstream/aws_appstream_directory_config.json b/src/mapping/aws/resource/appstream/aws_appstream_directory_config.json new file mode 100644 index 00000000..5855abd9 --- /dev/null +++ b/src/mapping/aws/resource/appstream/aws_appstream_directory_config.json @@ -0,0 +1,47 @@ +[ + { + "apply": [ + "appstream:CreateDirectoryConfig", + "appstream:DeleteDirectoryConfig", + "appstream:DeleteDirectoryConfig", + "appstream:DescribeDirectoryConfigs", + "appstream:UpdateDirectoryConfig", + "iam:CreateServiceLinkedRole", + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "attributes": { + "tags": [ + "appstream:TagResource", + "appstream:UntagResource" + ] + }, + "destroy": [ + "appstream:CreateDirectoryConfig", + "appstream:DeleteDirectoryConfig", + "appstream:DescribeDirectoryConfigs", + "appstream:UpdateDirectoryConfig", + "iam:CreateServiceLinkedRole", + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "modify": [ + "appstream:CreateDirectoryConfig", + "appstream:DeleteDirectoryConfig", + "appstream:DescribeDirectoryConfigs", + "appstream:UpdateDirectoryConfig", + "iam:CreateServiceLinkedRole", + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ], + "plan": [ + "appstream:CreateDirectoryConfig", + "appstream:DeleteDirectoryConfig", + "appstream:DescribeDirectoryConfigs", + "appstream:UpdateDirectoryConfig", + "iam:CreateServiceLinkedRole", + "iam:DeleteServiceLinkedRole", + "iam:GetServiceLinkedRoleDeletionStatus" + ] + } +] diff --git a/src/mapping/aws/resource/appstream/aws_appstream_fleet.json b/src/mapping/aws/resource/appstream/aws_appstream_fleet.json new file mode 100644 index 00000000..92ce59bd --- /dev/null +++ b/src/mapping/aws/resource/appstream/aws_appstream_fleet.json @@ -0,0 +1,20 @@ +[ + { + "apply": [ + "appstream:DescribeFleets", + "appstream:CreateFleet", + "appstream:DeleteFleet", + "appstream:UpdateFleet", + "appstream:ListTagsForResource" + ], + "attributes": { + "tags": [ + "appstream:TagResource", + "appstream:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appstream/aws_appstream_fleet_stack_association.json b/src/mapping/aws/resource/appstream/aws_appstream_fleet_stack_association.json new file mode 100644 index 00000000..7ade7a55 --- /dev/null +++ b/src/mapping/aws/resource/appstream/aws_appstream_fleet_stack_association.json @@ -0,0 +1,17 @@ +[ + { + "apply": [ + "appstream:AssociateFleet", + "appstream:DisassociateFleet" + ], + "attributes": { + "tags": [ + "appstream:TagResource", + "appstream:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appstream/aws_appstream_stack.json b/src/mapping/aws/resource/appstream/aws_appstream_stack.json new file mode 100644 index 00000000..f1d4a106 --- /dev/null +++ b/src/mapping/aws/resource/appstream/aws_appstream_stack.json @@ -0,0 +1,19 @@ +[ + { + "apply": [ + "appstream:DescribeStacks", + "appstream:CreateStack", + "appstream:DeleteStack", + "appstream:UpdateStack" + ], + "attributes": { + "tags": [ + "appstream:TagResource", + "appstream:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appstream/aws_appstream_user.json b/src/mapping/aws/resource/appstream/aws_appstream_user.json new file mode 100644 index 00000000..710d3f2d --- /dev/null +++ b/src/mapping/aws/resource/appstream/aws_appstream_user.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "appstream:DescribeUsers", + "appstream:CreateUser", + "appstream:DeleteUser" + ], + "attributes": { + "tags": [ + "appstream:TagResource", + "appstream:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appstream/aws_appstream_user_stack_association.json b/src/mapping/aws/resource/appstream/aws_appstream_user_stack_association.json new file mode 100644 index 00000000..07463646 --- /dev/null +++ b/src/mapping/aws/resource/appstream/aws_appstream_user_stack_association.json @@ -0,0 +1,18 @@ +[ + { + "apply": [ + "appstream:DescribeUserStackAssociations", + "appstream:BatchAssociateUserStack", + "appstream:BatchDisassociateUserStack" + ], + "attributes": { + "tags": [ + "appstream:TagResource", + "appstream:UntagResource" + ] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_api_cache.json b/src/mapping/aws/resource/appsync/aws_appsync_api_cache.json new file mode 100644 index 00000000..8eacce13 --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_api_cache.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "appsync:GetApiCache", + "appsync:CreateApiCache", + "appsync:DeleteApiCache", + "appsync:UpdateApiCache" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_api_key.json b/src/mapping/aws/resource/appsync/aws_appsync_api_key.json new file mode 100644 index 00000000..c5de1f92 --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_api_key.json @@ -0,0 +1,15 @@ +[ + { + "apply": [ + "appsync:CreateApiKey", + "appsync:DeleteApiKey", + "appsync:UpdateApiKey" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_datasource.json b/src/mapping/aws/resource/appsync/aws_appsync_datasource.json new file mode 100644 index 00000000..864d5f81 --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_datasource.json @@ -0,0 +1,24 @@ +[ + { + "apply": [ + "appsync:CreateDataSource", + "appsync:GetDataSource", + "appsync:UpdateDataSource", + "iam:PassRole" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "appsync:DeleteDataSource", + "appsync:GetDataSource" + ], + "modify": [ + "appsync:UpdateDataSource", + "iam:PassRole" + ], + "plan": [ + "appsync:GetDataSource" + ] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_source_api_association.json b/src/mapping/aws/resource/appsync/aws_appsync_source_api_association.json new file mode 100644 index 00000000..d4348078 --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_source_api_association.json @@ -0,0 +1,30 @@ +[ + { + "apply": [ + "appsync:AssociateSourceGraphqlApi", + "appsync:AssociateMergedGraphqlApi", + "appsync:UpdateSourceApiAssociation", + "appsync:GetSourceApiAssociation", + "appsync:DisassociateSourceGraphqlApi", + "appsync:DisassociateMergedGraphqlApi", + "appsync:ListSourceApiAssociations" + ], + "attributes": { + "tags": [] + }, + "destroy": [ + "appsync:GetSourceApiAssociation", + "appsync:DisassociateSourceGraphqlApi", + "appsync:DisassociateMergedGraphqlApi", + "appsync:ListSourceApiAssociations" + ], + "modify": [ + "appsync:UpdateSourceApiAssociation", + "appsync:GetSourceApiAssociation" + ], + "plan": [ + "appsync:GetSourceApiAssociation", + "appsync:ListSourceApiAssociations" + ] + } +] diff --git a/src/mapping/aws/resource/appsync/aws_appsync_type.json b/src/mapping/aws/resource/appsync/aws_appsync_type.json new file mode 100644 index 00000000..2cc23753 --- /dev/null +++ b/src/mapping/aws/resource/appsync/aws_appsync_type.json @@ -0,0 +1,16 @@ +[ + { + "apply": [ + "appsync:GetType", + "appsync:CreateType", + "appsync:DeleteType", + "appsync:UpdateType" + ], + "attributes": { + "tags": [] + }, + "destroy": [], + "modify": [], + "plan": [] + } +] diff --git a/terraform/aws/backup/aws_appstream_directory_config.tf b/terraform/aws/backup/aws_appstream_directory_config.tf new file mode 100644 index 00000000..171a524d --- /dev/null +++ b/terraform/aws/backup/aws_appstream_directory_config.tf @@ -0,0 +1,9 @@ +resource "aws_appstream_directory_config" "pike" { + directory_name = "NAME OF DIRECTORY" + organizational_unit_distinguished_names = ["DISTINGUISHED NAME"] + + service_account_credentials { + account_name = "NAME OF ACCOUNT" + account_password = "PASSWORD OF ACCOUNT" + } +} diff --git a/terraform/aws/backup/aws_appstream_fleet.tf b/terraform/aws/backup/aws_appstream_fleet.tf new file mode 100644 index 00000000..bb209e74 --- /dev/null +++ b/terraform/aws/backup/aws_appstream_fleet.tf @@ -0,0 +1,9 @@ +resource "aws_appstream_fleet" "pike" { + name = "NAME" + image_name = "Amazon-AppStream2-Sample-Image-03-11-2023" + instance_type = "stream.standard.small" + + compute_capacity { + desired_instances = 1 + } +} diff --git a/terraform/aws/backup/aws_appstream_fleet_stack_association.tf b/terraform/aws/backup/aws_appstream_fleet_stack_association.tf new file mode 100644 index 00000000..fe75bc38 --- /dev/null +++ b/terraform/aws/backup/aws_appstream_fleet_stack_association.tf @@ -0,0 +1,4 @@ +resource "aws_appstream_fleet_stack_association" "pike" { + fleet_name = aws_appstream_fleet.pike.name + stack_name = aws_appstream_stack.pike.name +} diff --git a/terraform/aws/backup/aws_appstream_stack.tf b/terraform/aws/backup/aws_appstream_stack.tf new file mode 100644 index 00000000..a734428e --- /dev/null +++ b/terraform/aws/backup/aws_appstream_stack.tf @@ -0,0 +1,3 @@ +resource "aws_appstream_stack" "pike" { + name = "pike" +} diff --git a/terraform/aws/backup/aws_appstream_user.tf b/terraform/aws/backup/aws_appstream_user.tf new file mode 100644 index 00000000..2432112c --- /dev/null +++ b/terraform/aws/backup/aws_appstream_user.tf @@ -0,0 +1,6 @@ +resource "aws_appstream_user" "pike" { + authentication_type = "USERPOOL" + user_name = "james@bridgecrew.io" + first_name = "james" + last_name = "woolfenden" +} diff --git a/terraform/aws/backup/aws_appstream_user_stack_association.tf b/terraform/aws/backup/aws_appstream_user_stack_association.tf new file mode 100644 index 00000000..682712c8 --- /dev/null +++ b/terraform/aws/backup/aws_appstream_user_stack_association.tf @@ -0,0 +1,5 @@ +resource "aws_appstream_user_stack_association" "pike" { + authentication_type = aws_appstream_user.pike.authentication_type + stack_name = aws_appstream_stack.pike.name + user_name = aws_appstream_user.pike.user_name +} diff --git a/terraform/aws/backup/aws_appsync_api_cache.tf b/terraform/aws/backup/aws_appsync_api_cache.tf new file mode 100644 index 00000000..d1d8eaa7 --- /dev/null +++ b/terraform/aws/backup/aws_appsync_api_cache.tf @@ -0,0 +1 @@ +resource "aws_appsync_api_cache" "pike" {} diff --git a/terraform/aws/backup/aws_appsync_api_key.tf b/terraform/aws/backup/aws_appsync_api_key.tf new file mode 100644 index 00000000..72d2f2a3 --- /dev/null +++ b/terraform/aws/backup/aws_appsync_api_key.tf @@ -0,0 +1 @@ +resource "aws_appsync_api_key" "pike" {} diff --git a/terraform/aws/backup/aws_appsync_datasource.tf b/terraform/aws/backup/aws_appsync_datasource.tf new file mode 100644 index 00000000..c8b92aac --- /dev/null +++ b/terraform/aws/backup/aws_appsync_datasource.tf @@ -0,0 +1 @@ +resource "aws_appsync_datasource" "pike" {} diff --git a/terraform/aws/backup/aws_appsync_source_api_association.tf b/terraform/aws/backup/aws_appsync_source_api_association.tf new file mode 100644 index 00000000..499df6ce --- /dev/null +++ b/terraform/aws/backup/aws_appsync_source_api_association.tf @@ -0,0 +1 @@ +resource "aws_appsync_source_api_association" "pike" {} diff --git a/terraform/aws/backup/aws_appsync_type.tf b/terraform/aws/backup/aws_appsync_type.tf new file mode 100644 index 00000000..fb0b199f --- /dev/null +++ b/terraform/aws/backup/aws_appsync_type.tf @@ -0,0 +1 @@ +resource "aws_appsync_type" "pike" {} diff --git a/terraform/aws/role/aws_iam_policy.basic.tf b/terraform/aws/role/aws_iam_policy.basic.tf index d4d5dea2..805b5d9d 100644 --- a/terraform/aws/role/aws_iam_policy.basic.tf +++ b/terraform/aws/role/aws_iam_policy.basic.tf @@ -38,19 +38,26 @@ resource "aws_iam_policy" "basic" { "appmesh:DescribeVirtualNode", "appmesh:CreateVirtualNode", "appmesh:DeleteVirtualNode", - "appmesh:UpdateVirtualNode", - - # aws_appmesh_virtual_router - "appmesh:DescribeVirtualRouter", - "appmesh:CreateVirtualRouter", - "appmesh:UpdateVirtualRouter", - "appmesh:DeleteVirtualRouter", - - # aws_appmesh_virtual_service - "appmesh:DescribeVirtualService", - "appmesh:CreateVirtualService", - "appmesh:DeleteVirtualService", - "appmesh:UpdateVirtualService" + "appstream:DescribeUsers", + "appstream:CreateUser", + "appstream:DeleteUser", + "appstream:DescribeStacks", + "appstream:CreateStack", + "appstream:DeleteStack", + "appstream:UpdateStack", + "appstream:DescribeFleets", + "appstream:CreateFleet", + "appstream:DeleteFleet", + "appstream:UpdateFleet", + "appstream:ListTagsForResource", + "appstream:CreateDirectoryConfig", + "appstream:DeleteDirectoryConfig", + "appstream:DeleteDirectoryConfig", + "appstream:DescribeDirectoryConfigs", + "appstream:UpdateDirectoryConfig", + "appstream:DescribeUserStackAssociations", + "appstream:BatchAssociateUserStack", + "appstream:BatchDisassociateUserStack", ], "Resource" : [ "*"