Merge pull request #17 from cloudgraphdev/feature/CG-1060

Feature/cg 1060

Author: tyler-dunkel

README.md

@@ -87,7 +87,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | cognitoUserPool             | appSync, lambda                                                                                                                                                                            |
 | configurationRecorder       | iamRole                                                                                                                               |
 | customerGateway             | vpnConnection                                                                                                                                                                              |
-| dynamodb                    | appSync                                                                                                                                                                                    |
+| dynamodb                    | appSync, iamRole, kms                                                                                                                                                                                    |
 | dmsReplicationInstance                         | securityGroup, subnet, vpc, kms                                                                                                                                      |
 | ebs                         | asg, ec2, emrInstance                                                                                                                                                                      |
 | ec2                         | alb, asg, ebs, eip, emrInstance, eksCluster, elasticBeanstalkEnv, iamInstanceProfile, iamRole, networkInterface, securityGroup, subnet, systemsManagerInstance, vpc, ecsContainer                                                                                                |
@@ -128,7 +128,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | iot                         |                                                                                                                                                                                            |
 | kinesisFirehose             | kinesisStream, s3                                                                                                                                                                          |
 | kinesisStream               | kinesisFirehose                                                                                                                                                                            |
-| kms                         | cloudtrail, cloudwatchLog, codebuild, efs, eksCluster, elastiCacheReplicationGroup, elasticSearchDomain, emrCluster, lambda, rdsClusterSnapshot, sns, sageMakerNotebookInstance, dmsReplicationInstance, redshiftCluster                                                             |
+| kms                         | cloudtrail, cloudwatchLog, codebuild, dynamodb, efs, eksCluster, elastiCacheReplicationGroup, elasticSearchDomain, emrCluster, lambda, rdsClusterSnapshot, sns, sageMakerNotebookInstance, dmsReplicationInstance, redshiftCluster                                                             |
 | lambda                      | appSync, cognitoUserPool, kms, securityGroup, subnet, vpc                                                                                                                                           |
 | managedAirflow                      | iamRole, securityGroups, subnet, s3                                                                                                                                          |
 | nacl                        | vpc                                                                                                                                                                                        |

src/services/dynamodb/connections.ts

@@ -0,0 +1,93 @@
+import { ServiceConnection } from '@cloudgraph/sdk'
+import { isEmpty } from 'lodash'
+import services from '../../enums/services'
+import { RawAwsDynamoDbTable } from './data'
+import { AwsKms } from '../kms/data'
+import { RawAwsIamRole } from '../iamRole/data'
+import { globalRegionName } from '../../enums/regions'
+
+/**
+ * Dynamo DB
+ */
+
+export default ({
+  service: dynamoDbTable,
+  data,
+  region,
+}: {
+  account: string
+  data: { name: string; data: { [property: string]: any[] } }[]
+  service: RawAwsDynamoDbTable
+  region: string
+}): { [key: string]: ServiceConnection[] } => {
+  const connections: ServiceConnection[] = []
+
+  const {
+    TableId: id,
+    SSEDescription: sseDescription,
+    Replicas: replicas,
+  } = dynamoDbTable
+
+  /**
+   * Find KMS
+   * related to this dynamo db table
+   */
+  const kmsMasterKeyArn = sseDescription?.KMSMasterKeyArn
+  const kms = data.find(({ name }) => name === services.kms)
+
+  if (kmsMasterKeyArn && kms?.data?.[region]) {
+    const kmsInRegion: AwsKms = kms.data[region].find(
+      ({ Arn }: AwsKms) => kmsMasterKeyArn === Arn
+    )
+
+    if (kmsInRegion) {
+      connections.push({
+        id: kmsInRegion.KeyId,
+        resourceType: services.kms,
+        relation: 'child',
+        field: 'kms',
+      })
+    }
+  }
+
+  /**
+   * Find IAM Roles
+   * related to this dynamo db table
+   */
+  const roleArns: string[] = []
+  replicas?.map(({ AutoScaling: autoScaling }) => {
+    roleArns.push(
+      autoScaling?.ReplicaProvisionedReadCapacityAutoScalingSettings
+        ?.AutoScalingRoleArn
+    )
+    roleArns.push(
+      autoScaling?.ReplicaProvisionedWriteCapacityAutoScalingSettings
+        ?.AutoScalingRoleArn
+    )
+  })
+
+  const roles: { name: string; data: { [property: string]: any[] } } =
+    data.find(({ name }) => name === services.iamRole)
+  if (roles?.data?.[globalRegionName]) {
+    const dataAtRegion: RawAwsIamRole[] = roles.data[globalRegionName].filter(
+      ({ Arn }: RawAwsIamRole) => roleArns?.includes(Arn)
+    )
+    if (!isEmpty(dataAtRegion)) {
+      for (const iamRole of dataAtRegion) {
+        const { Arn: arn }: RawAwsIamRole = iamRole
+
+        connections.push({
+          id: arn,
+          resourceType: services.iamRole,
+          relation: 'child',
+          field: 'iamRoles',
+        })
+      }
+    }
+  }
+
+  const dynamoDbResult = {
+    [id]: connections,
+  }
+  return dynamoDbResult
+}

src/services/dynamodb/data.ts

@@ -13,6 +13,10 @@ import DynamoDB, {
   TableNameList,
   ListTablesInput,
   ContinuousBackupsDescription,
+  DescribeTableReplicaAutoScalingOutput,
+  TableAutoScalingDescription,
+  ReplicaAutoScalingDescription,
+  ReplicaDescription,
 } from 'aws-sdk/clients/dynamodb'
 import { Config } from 'aws-sdk/lib/config'
 import { AWSError } from 'aws-sdk/lib/error'
@@ -31,11 +35,17 @@ const serviceName = 'DynamoDB'
 const errorLog = new AwsErrorLog(serviceName)
 const endpoint = initTestEndpoint(serviceName)
 
-export interface RawAwsDynamoDbTable extends TableDescription {
+export interface RawAwsReplicaDescription extends ReplicaDescription {
+  AutoScaling?: ReplicaAutoScalingDescription
+}
+
+export interface RawAwsDynamoDbTable
+  extends Omit<TableDescription, 'Replicas'> {
   region: string
   ttlEnabled?: boolean
   pointInTimeRecoveryEnabled?: boolean
   Tags?: TagMap
+  Replicas?: RawAwsReplicaDescription[]
 }
 
 const checkIfEnabled = (status: string): boolean =>
@@ -220,6 +230,30 @@ const getTableBackupsDescription = async (
     )
   })
 
+const getTableReplicaAutoScaling = async (
+  dynamoDb: DynamoDB,
+  tableName: TableName
+): Promise<TableAutoScalingDescription> =>
+  new Promise(resolve => {
+    dynamoDb.describeTableReplicaAutoScaling(
+      {
+        TableName: tableName,
+      },
+      (err: AWSError, data: DescribeTableReplicaAutoScalingOutput) => {
+        if (err) {
+          errorLog.generateAwsErrorLog({
+            functionName: 'dynamodb:describeTableReplicaAutoScaling',
+            err,
+          })
+        }
+        if (!isEmpty(data)) {
+          resolve(data.TableAutoScalingDescription)
+        }
+        resolve({})
+      }
+    )
+  })
+
 export default async ({
   regions,
   config,
@@ -235,6 +269,7 @@ export default async ({
     const tagsPromises = []
     const ttlInfoPromises = []
     const backupInfoPromises = []
+    const tableReplicaAutoScalingPromises = []
 
     // First we get all table name for all regions
     regions.split(',').map(region => {
@@ -306,7 +341,7 @@ export default async ({
     logger.debug(lt.gettingTableTtlInfo)
     await Promise.all(ttlInfoPromises)
 
-    // Finally we get the backup information for each table
+    // Get the backup information for each table
     tableData.map(({ TableName, region }, idx) => {
       const dynamoDb = new DynamoDB({ ...config, region, endpoint })
       const backupInfoPromise = new Promise<void>(async resolveBackupInfo => {
@@ -320,6 +355,36 @@ export default async ({
     })
     logger.debug(lt.gettingTableBackupInfo)
     await Promise.all(backupInfoPromises)
+
+    // Finally we get the auto scaling settings for each table
+    tableData.map(({ TableName: tableName, region }, idx) => {
+      const dynamoDb = new DynamoDB({ ...config, region, endpoint })
+      const tableReplicaAutoScalingPromise = new Promise<void>(
+        async resolveTableReplicaAutoScaling => {
+          const globalSettings: TableAutoScalingDescription =
+            await getTableReplicaAutoScaling(dynamoDb, tableName)
+          tableData[idx].Replicas = tableData[idx].Replicas?.map(
+            ({ RegionName: regionName, ...rest }) => {
+              const autoScaling: ReplicaAutoScalingDescription =
+                globalSettings?.Replicas?.find(
+                  r => r.RegionName === regionName
+                ) || {}
+              return {
+                AutoScaling: autoScaling,
+                RegionName: regionName,
+                ...rest,
+              }
+            }
+          )
+          resolveTableReplicaAutoScaling()
+        }
+      )
+      tableReplicaAutoScalingPromises.push(tableReplicaAutoScalingPromise)
+    })
+
+    logger.debug(lt.gettingTableBackupInfo)
+    await Promise.all(tableReplicaAutoScalingPromises)
+
     errorLog.reset()
 
     resolve(groupBy(tableData, 'region'))