Merge pull request #18 from cloudgraphdev/feature/CG-1062

Feature/cg 1062

Author: tyler-dunkel

README.md

@@ -81,7 +81,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | cloudfront                  | elb, s3                                                                                                                                                                                    |
 | cloudtrail                  | cloudwatch, cloudwatchLog, kms, s3, sns                                                                                                                                                                               |
 | cloudwatch                  | cloudtrail, cloudwatchLog, sns                                                                                                                                                                                           |
-| cloudwatchLog                  | cloudtrail, cloudwatch, kms                                                                                                                                                                                           |
+| cloudwatchLog                  | cloudtrail, cloudwatch, ecsCluster, kms                                                                                                                                                                                           |
 | codebuild                   | iamRole, kms, vpc, securityGroup, subnet                                                                                                                                                                                           |
 | cognitoIdentityPool         |                                                                                                                                                                                            |
 | cognitoUserPool             | appSync, lambda                                                                                                                                                                            |
@@ -92,7 +92,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | ebs                         | asg, ec2, emrInstance                                                                                                                                                                      |
 | ec2                         | alb, asg, ebs, eip, emrInstance, eksCluster, elasticBeanstalkEnv, iamInstanceProfile, iamRole, networkInterface, securityGroup, subnet, systemsManagerInstance, vpc, ecsContainer                                                                                                |
 | ecr                         |                                                                                                                                                                                            |
-| ecsCluster                  | ecsService, ecsTask, ecsTaskSet                                                                                                                                                            |
+| ecsCluster                  | cloudwatchLog, ecsService, ecsTask, ecsTaskSet, kms, s3                                                                                                                                                            |
 | ecsContainer                | ecsTask, ec2                                                                                                                                                                               |
 | ecsService                  | ecsCluster, ecsTaskDefinition, ecsTaskSet, elb, iamRole, securityGroup, subnet, vpc                                                                                                        |
 | ecsTask                     | ecsContainer, ecsCluster, ecsTaskDefinition                                                                                                                                                |
@@ -128,7 +128,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | iot                         |                                                                                                                                                                                            |
 | kinesisFirehose             | kinesisStream, s3                                                                                                                                                                          |
 | kinesisStream               | kinesisFirehose                                                                                                                                                                            |
-| kms                         | cloudtrail, cloudwatchLog, codebuild, dynamodb, efs, eksCluster, elastiCacheReplicationGroup, elasticSearchDomain, emrCluster, lambda, rdsClusterSnapshot, sns, sageMakerNotebookInstance, dmsReplicationInstance, redshiftCluster                                                             |
+| kms                         | cloudtrail, cloudwatchLog, codebuild, ecsCluster, efs, eksCluster, elastiCacheReplicationGroup, elasticSearchDomain, emrCluster, lambda, rdsClusterSnapshot, sns, sageMakerNotebookInstance, dmsReplicationInstance, redshiftCluster                                                             |
 | lambda                      | appSync, cognitoUserPool, kms, securityGroup, subnet, vpc                                                                                                                                           |
 | managedAirflow                      | iamRole, securityGroups, subnet, s3                                                                                                                                          |
 | nacl                        | vpc                                                                                                                                                                                        |
@@ -145,7 +145,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | sageMakerExperiment                          |                                                                                                                                                   |
 | sageMakerNotebookInstance   | iamRole, kms, networkInterface, subnet, securityGroup                                                                                                                                                 |
 | sageMakerProject                          |                                                                                                                                                  |
-| s3                          | cloudfront, cloudtrail, kinesisFirehose, managedAirflow                                                                                                                                                   |
+| s3                          | cloudfront, cloudtrail, ecsCluster, kinesisFirehose, managedAirflow                                                                                                                                                   |
 | secretsManager              |                                                                                                                                                                                            |
 | securityGroup               | alb, asg, clientVpnEndpoint, codebuild, dmsReplicationInstance, ecsService, lambda, ec2, elasticSearchDomain, elb, rdsCluster, rdsDbInstance, eksCluster, elastiCacheCluster, managedAirflow, sageMakerNotebookInstance                                             |
 | ses                         |                                                                                                                                                                                            |

src/services/cloudwatchLogs/schema.graphql

@@ -13,6 +13,7 @@ type awsCloudwatchLog @key(fields: "arn") {
   kms: [awsKms] @hasInverse(field: cloudwatchLog)
   cloudwatch: [awsCloudwatch] @hasInverse(field: cloudwatchLog)
   cloudtrail: [awsCloudtrail] @hasInverse(field: cloudwatchLog)
+  ecsCluster: [awsEcsCluster] @hasInverse(field: cloudwatchLog)
 }
 
 type awsMetricFilter

src/services/cognitoUserPool/connections.ts

@@ -103,7 +103,7 @@ export default ({
 
   if (kmsKeyID && kms?.data?.[region]) {
     const kmsInRegion: AwsKms = kms.data[region].find(
-      ({ KeyId }: AwsKms) => kmsKeyID === KeyId
+      ({ KeyArn }: AwsKms) => kmsKeyID === KeyArn
     )
 
     if (kmsInRegion) {

src/services/ecsCluster/connections.ts

@@ -0,0 +1,97 @@
+import { ServiceConnection } from '@cloudgraph/sdk'
+
+import { isEmpty } from 'lodash'
+import services from '../../enums/services'
+import { RawAwsEcsCluster } from '../ecsCluster/data'
+import { RawAwsS3 } from '../s3/data'
+import { RawAwsLogGroup } from '../cloudwatchLogs/data'
+import { AwsKms } from '../kms/data'
+import { gets3BucketId } from '../../utils/ids'
+
+export default ({
+  service: ecsCluster,
+  data,
+  region,
+}: {
+  service: RawAwsEcsCluster
+  data: Array<{ name: string; data: { [property: string]: any[] } }>
+  region: string
+}): {
+  [property: string]: ServiceConnection[]
+} => {
+  const {
+    clusterArn: arn,
+    configuration: {
+      executeCommandConfiguration: { logConfiguration, kmsKeyId } = {},
+    } = {},
+  } = ecsCluster
+  const connections: ServiceConnection[] = []
+
+  /**
+   * Find S3
+   * related to this ecs cluster
+   */
+  const buckets = data.find(({ name }) => name === services.s3)
+  if (buckets?.data?.[region]) {
+    const dataAtRegion: RawAwsS3[] = buckets.data[region].filter(
+      ({ Name: name }: RawAwsS3) => name === logConfiguration?.s3BucketName
+    )
+    for (const bucket of dataAtRegion) {
+      connections.push({
+        id: gets3BucketId(bucket.Name),
+        resourceType: services.s3,
+        relation: 'child',
+        field: 's3',
+      })
+    }
+  }
+
+  /**
+   * Find Cloudwatch Log Group
+   * related to this ecs cluster
+   */
+  const logGroups = data.find(({ name }) => name === services.cloudwatchLog)
+  let logGroupsInRegion: RawAwsLogGroup[] = []
+  if (logGroups?.data?.[region]) {
+    logGroupsInRegion = logGroups.data[region].filter(
+      ({ logGroupName }: RawAwsLogGroup) =>
+        logGroupName === logConfiguration?.cloudWatchLogGroupName
+    )
+  }
+
+  if (!isEmpty(logGroupsInRegion)) {
+    for (const logGroup of logGroupsInRegion) {
+      connections.push({
+        id: logGroup.logGroupName,
+        resourceType: services.cloudwatchLog,
+        relation: 'child',
+        field: 'cloudwatchLog',
+      })
+    }
+  }
+
+  /**
+   * Find MKS
+   * related to this ecs cluster
+   */
+  const kms = data.find(({ name }) => name === services.kms)
+  if (kms?.data?.[region]) {
+    const kmsInRegion: AwsKms = kms.data[region].find(
+      ({ KeyArn }: AwsKms) => KeyArn === kmsKeyId
+    )
+
+    if (kmsInRegion) {
+      connections.push({
+        id: kmsInRegion.KeyId,
+        resourceType: services.kms,
+        relation: 'child',
+        field: 'kms',
+      })
+    }
+  }
+
+  const natResult = {
+    [arn]: connections,
+  }
+  return natResult
+}

src/services/ecsCluster/index.ts

@@ -2,12 +2,15 @@ import {Service} from '@cloudgraph/sdk'
 import BaseService from '../base'
 import format from './format'
 import getData from './data'
+import getConnections from './connections'
 import mutation from './mutation'
 
 export default class EcsCluster extends BaseService implements Service {
   format = format.bind(this)
 
   getData = getData.bind(this)
 
+  getConnections = getConnections.bind(this)
+  
   mutation = mutation
 }

src/services/ecsCluster/schema.graphql

@@ -16,10 +16,11 @@ type awsEcsCluster implements awsBaseService @key(fields: "arn") {
   ecsService: [awsEcsService] @hasInverse(field: ecsCluster)
   ecsTask: [awsEcsTask] @hasInverse(field: ecsCluster)
   ecsTaskSet: [awsEcsTaskSet] @hasInverse(field: ecsCluster)
+  s3: [awsS3] @hasInverse(field: ecsCluster)
+  cloudwatchLog: [awsCloudwatchLog] @hasInverse(field: ecsCluster)
+  kms: [awsKms] @hasInverse(field: ecsCluster)
 }
 
-#TODO: add connections to cloudwatchLog, s3,
-
 type AwsEcsExecuteCommandLogConfiguration
   @generate(
     query: { get: false, query: true, aggregate: false }

src/services/kms/schema.graphql

@@ -28,6 +28,7 @@ type awsKms implements awsBaseService @key(fields: "id") {
   sageMakerNotebookInstances: [awsSageMakerNotebookInstance]
     @hasInverse(field: kms)
   rdsClusterSnapshots: [awsRdsClusterSnapshot] @hasInverse(field: kms)
+  ecsCluster: [awsEcsCluster] @hasInverse(field: kms)
   dynamodb: [awsDynamoDbTable] @hasInverse(field: kms)
   cognitoUserPools: [awsCognitoUserPool] @hasInverse(field: kms)
 }

src/services/s3/schema.graphql

@@ -23,6 +23,7 @@ type awsS3 implements awsBaseService @key(fields: "arn") {
   cloudfrontDistribution: [awsCloudfront] @hasInverse(field: s3) #change to plural
   cloudtrail: [awsCloudtrail] @hasInverse(field: s3) #change to plural
   managedAirflows: [awsManagedAirflow] @hasInverse(field: s3)
+  ecsCluster: [awsEcsCluster] @hasInverse(field: s3)
 }
 
 # TODO: use getBucketReplication and getBucketNotificationConfiguration to make connections to lambda, sns, iamRole, SQS

src/types/generated.ts

@@ -914,6 +914,7 @@ export type AwsCloudwatchLog = {
   cloudtrail?: Maybe<Array<Maybe<AwsCloudtrail>>>;
   cloudwatch?: Maybe<Array<Maybe<AwsCloudwatch>>>;
   creationTime?: Maybe<Scalars['String']>;
+  ecsCluster?: Maybe<Array<Maybe<AwsEcsCluster>>>;
   id: Scalars['String'];
   kms?: Maybe<Array<Maybe<AwsKms>>>;
   kmsKeyId?: Maybe<Scalars['String']>;
@@ -1595,15 +1596,18 @@ export type AwsEcsCluster = AwsBaseService & {
   attachments?: Maybe<Array<Maybe<AwsEcsAttachment>>>;
   attachmentsStatus?: Maybe<Scalars['String']>;
   capacityProviders?: Maybe<Array<Maybe<Scalars['String']>>>;
+  cloudwatchLog?: Maybe<Array<Maybe<AwsCloudwatchLog>>>;
   clusterName?: Maybe<Scalars['String']>;
   configuration?: Maybe<AwsEcsClusterConfiguration>;
   defaultCapacityProviderStrategy?: Maybe<Array<Maybe<AwsEcsCapacityProviderStrategyItem>>>;
   ecsService?: Maybe<Array<Maybe<AwsEcsService>>>;
   ecsTask?: Maybe<Array<Maybe<AwsEcsTask>>>;
   ecsTaskSet?: Maybe<Array<Maybe<AwsEcsTaskSet>>>;
+  kms?: Maybe<Array<Maybe<AwsKms>>>;
   pendingTasksCount?: Maybe<Scalars['Int']>;
   registeredContainerInstancesCount?: Maybe<Scalars['Int']>;
   runningTasksCount?: Maybe<Scalars['Int']>;
+  s3?: Maybe<Array<Maybe<AwsS3>>>;
   settings?: Maybe<Array<Maybe<AwsEcsClusterSettings>>>;
   statistics?: Maybe<Array<Maybe<AwsEcsStatistics>>>;
   status?: Maybe<Scalars['String']>;
@@ -3179,6 +3183,7 @@ export type AwsKms = AwsBaseService & {
   description?: Maybe<Scalars['String']>;
   dmsReplicationInstances?: Maybe<Array<Maybe<AwsDmsReplicationInstance>>>;
   dynamodb?: Maybe<Array<Maybe<AwsDynamoDbTable>>>;
+  ecsCluster?: Maybe<Array<Maybe<AwsEcsCluster>>>;
   efs?: Maybe<Array<Maybe<AwsEfs>>>;
   eksCluster?: Maybe<Array<Maybe<AwsEksCluster>>>;
   elastiCacheReplicationGroup?: Maybe<Array<Maybe<AwsElastiCacheReplicationGroup>>>;
@@ -3676,6 +3681,7 @@ export type AwsS3 = AwsBaseService & {
   cloudtrail?: Maybe<Array<Maybe<AwsCloudtrail>>>;
   corsConfiguration?: Maybe<Scalars['String']>;
   crossRegionReplication?: Maybe<Scalars['String']>;
+  ecsCluster?: Maybe<Array<Maybe<AwsEcsCluster>>>;
   encrypted?: Maybe<Scalars['String']>;
   ignorePublicAcls?: Maybe<Scalars['String']>;
   kinesisFirehose?: Maybe<Array<Maybe<AwsKinesisFirehose>>>;