add rds co (#155)

iakov-aws · web-flow · commit cc2c9356992a · 2024-07-18T14:29:04.000+02:00
diff --git a/data-collection/deploy/deploy-in-management-account.yaml b/data-collection/deploy/deploy-in-management-account.yaml
@@ -226,11 +226,11 @@ Resources:
         rules_to_suppress:
           - id: W12
             reason: "Policy is used for scanning of a wide range of resources"
-  COExportLambdaFunctionRecommendations:
+  COExportRecommendations:
     Type: "AWS::IAM::Policy"
     Condition: EnableComputeOptimizerModule
     Properties:
-      PolicyName: ComputeOptimizer-ExportLambdaFunctionRecommendations
+      PolicyName: ComputeOptimizer-ExportRecommendations
       PolicyDocument:
         Version: "2012-10-17"
         Statement:
@@ -241,84 +241,24 @@ Resources:
               - "lambda:ListFunctions"
               - "lambda:ListProvisionedConcurrencyConfigs"
             Resource: "*"
-      Roles:
-        - Ref: LambdaRole
-    Metadata:
-      cfn_nag:
-        rules_to_suppress:
-          - id: W12
-            reason: "Policy is used for scanning of a wide range of resources"
-  COExportAutoScalingGroupRecommendations:
-    Type: "AWS::IAM::Policy"
-    Condition: EnableComputeOptimizerModule
-    Properties:
-      PolicyName: ComputeOptimizer-ExportAutoScalingGroupRecommendations
-      PolicyDocument:
-        Version: "2012-10-17"
-        Statement:
           - Effect: "Allow"
             Action:
               - "compute-optimizer:ExportAutoScalingGroupRecommendations"
               - "compute-optimizer:GetAutoScalingGroupRecommendations"
               - "autoscaling:DescribeAutoScalingGroups"
             Resource: "*"
-      Roles:
-        - Ref: LambdaRole
-    Metadata:
-      cfn_nag:
-        rules_to_suppress:
-          - id: W12
-            reason: "Policy is used for scanning of a wide range of resources"
-  COExportEBSVolumeRecommendations:
-    Type: "AWS::IAM::Policy"
-    Condition: EnableComputeOptimizerModule
-    Properties:
-      PolicyName: ComputeOptimizer-ExportEBSVolumeRecommendations
-      PolicyDocument:
-        Version: "2012-10-17"
-        Statement:
           - Effect: "Allow"
             Action:
               - "compute-optimizer:ExportEBSVolumeRecommendations"
               - "compute-optimizer:GetEBSVolumeRecommendations"
-              - "EC2:DescribeVolumes"
+              - "ec2:DescribeVolumes"
             Resource: "*"
-      Roles:
-        - Ref: LambdaRole
-    Metadata:
-      cfn_nag:
-        rules_to_suppress:
-          - id: W12
-            reason: "Policy is used for scanning of a wide range of resources"
-  COExportEC2InstanceRecommendations:
-    Type: "AWS::IAM::Policy"
-    Condition: EnableComputeOptimizerModule
-    Properties:
-      PolicyName: ComputeOptimizer-ExportEC2InstanceRecommendations
-      PolicyDocument:
-        Version: "2012-10-17"
-        Statement:
           - Effect: "Allow"
             Action:
               - "compute-optimizer:ExportEC2InstanceRecommendations"
               - "compute-optimizer:GetEC2InstanceRecommendations"
-              - "EC2:DescribeInstances"
+              - "ec2:DescribeInstances"
             Resource: "*"
-      Roles:
-        - Ref: LambdaRole
-    Metadata:
-      cfn_nag:
-        rules_to_suppress:
-          - id: W12
-            reason: "Policy is used for scanning of a wide range of resources"
-  COExportECSRecommendations:
-    Type: "AWS::IAM::Policy"
-    Condition: EnableComputeOptimizerModule
-    Properties:
-      PolicyName: ComputeOptimizer-ExportECSRecommendations
-      PolicyDocument:
-        Version: "2012-10-17"
-        Statement:
           - Effect: "Allow"
             Action:
               - "compute-optimizer:ExportECSServiceRecommendations"
@@ -327,27 +267,20 @@ Resources:
               - "ecs:ListServices"
               - "ecs:ListClusters"
             Resource: "*"
-      Roles:
-        - Ref: LambdaRole
-    Metadata:
-      cfn_nag:
-        rules_to_suppress:
-          - id: W12
-            reason: "Policy is used for scanning of a wide range of resources"
-  COExportLicenseRecommendations:
-    Type: "AWS::IAM::Policy"
-    Condition: EnableComputeOptimizerModule
-    Properties:
-      PolicyName: ComputeOptimizer-ExportLicenseRecommendations
-      PolicyDocument:
-        Version: "2012-10-17"
-        Statement:
           - Effect: "Allow"
             Action:
               - "compute-optimizer:ExportLicenseRecommendations"
               - "compute-optimizer:GetLicenseRecommendations"
               - "ec2:DescribeInstances"
             Resource: "*"
+          - Effect: "Allow"
+            Action:
+              - "compute-optimizer:ExportRDSDatabaseRecommendations"
+              - "compute-optimizer:GetRDSDatabaseRecommendations"
+              - "compute-optimizer:GetRDSDatabaseRecommendationProjectedMetrics"
+              - "rds:DescribeDBInstances"
+              - "rds:DescribeDBClusters"
+            Resource: "*"
       Roles:
         - Ref: LambdaRole
     Metadata:
diff --git a/data-collection/deploy/module-compute-optimizer.yaml b/data-collection/deploy/module-compute-optimizer.yaml
@@ -410,6 +410,7 @@ Resources:
                           'ebs_volume':   co.export_ebs_volume_recommendations,
                           'ecs_service':  co.export_ecs_service_recommendations,
                           'license':      co.export_license_recommendations,
+                          'rds_database': partial(co.export_rds_database_recommendations, recommendationPreferences={'cpuVendorArchitectures': ARCH}),
                       }
                       bucket = BUCKET_PREFIX + '.' + region
                       logger.info(f"INFO: bucket={bucket}")
diff --git a/data-collection/test/test_from_scratch.py b/data-collection/test/test_from_scratch.py
@@ -154,7 +154,7 @@ def test_compute_optimizer_export_triggered(compute_optimizer, start_time):
     jobs = compute_optimizer.describe_recommendation_export_jobs()['recommendationExportJobs']
     logger.debug(f'Jobs in: {jobs}')
     jobs_since_start = [job for job in jobs if job['creationTimestamp'].replace(tzinfo=None) > start_time.replace(tzinfo=None)]
-    assert len(jobs_since_start) == 6, f'started {len(jobs_since_start)} jobs. Expected 6. Not all jobs launched'
+    assert len(jobs_since_start) == 7, f'started {len(jobs_since_start)} jobs. Expected 7. Not all jobs launched'
     jobs_failed = [job for job in jobs_since_start if job.get('status') == 'failed']
     assert len(jobs_failed) == 0, f'Some jobs failed {jobs_failed}'
     # TODO: check how we can add better test, taking into account 15-30 mins delay of export in CO

Original file line number	Diff line number	Diff line change
`@@ -410,6 +410,7 @@ Resources:`
`410`	`410`	`'ebs_volume': co.export_ebs_volume_recommendations,`
`411`	`411`	`'ecs_service': co.export_ecs_service_recommendations,`
`412`	`412`	`'license': co.export_license_recommendations,`
	`413`	`+ 'rds_database': partial(co.export_rds_database_recommendations, recommendationPreferences={'cpuVendorArchitectures': ARCH}),`
`413`	`414`	`}`
`414`	`415`	`bucket = BUCKET_PREFIX + '.' + region`
`415`	`416`	`logger.info(f"INFO: bucket={bucket}")`