Merge pull request #15 from cloudgraphdev/fix/CG-1065

fix:(elasticBeanstalkEnv): add connection to iamRole

Author: tyler-dunkel

README.md

@@ -107,7 +107,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | elastiCacheCluster          | securityGroup, subnet, vpc                                                                                                                                                                                                                                                                                                       |
 | elastiCacheReplicationGroup | kms                                                                                                                                                                                                                                                                                                                              |
 | elasticBeanstalkApp         | elasticBeanstalkEnv, iamRole |
-| elasticBeanstalkEnv         | ec2, elasticBeanstalkApp                                                                                                                                                                                                                                                                                                         |
+| elasticBeanstalkEnv         | ec2, elasticBeanstalkApp, iamRole |
 | elasticSearchDomain         | kms, securityGroup, subnet, vpc                                                                                                                                                                                                                                                                                                  |
 | elb                         | cloudfront, ecsService, securityGroup, subnet, vpc                                                                                                                                                                                                                                                                               |
 | emrCluster                  | kms, subnet                                                                                                                                                                                                                                                                                                                      |
@@ -124,7 +124,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | iamServerCertificate        |                                                                                                                                                                                                                                                                                                                                  |
 | iamUser                     | iamGroup                                                                                                                                                                                                                                                                                                                         |
 | iamPolicy                   | iamRole, iamGroup                                                                                                                                                                                                                                                                                                                |
-| iamRole                     | appSync, asg, cloudformationStackSet, codebuild, configurationRecorder, ec2, iamInstanceProfile, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, s3, sageMakerNotebookInstance, systemsManagerInstance, guardDutyDetector, lambda, kinesisFirehose, rdsCluster, elasticBeanstalkApp |
+| iamRole                     | appSync, asg, cloudformationStackSet, codebuild, configurationRecorder, ec2, iamInstanceProfile, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, s3, sageMakerNotebookInstance, systemsManagerInstance, guardDutyDetector, lambda, kinesisFirehose, rdsCluster, elasticBeanstalkApp, elasticBeanstalkEnv |
 | iamGroup                    | iamUser, iamPolicy                                                                                                                                                                                                                                                                                                               |
 | igw                         | vpc                                                                                                                                                                                                                                                                                                                              |
 | iot                         |                                                                                                                                                                                                                                                                                                                                  |

src/services/elasticBeanstalkEnvironment/schema.graphql

@@ -10,6 +10,7 @@ type awsElasticBeanstalkEnv implements awsBaseService @key(fields: "arn") {
   solutionStackName: String @search(by: [hash, regexp])
   tier: String @search(by: [hash])
   versionLabel: String @search(by: [hash, regexp])
+  iamRole: [awsIamRole] @hasInverse(field: elasticBeanstalkEnvs)
   tags: [awsRawTag]
   elasticBeanstalkApps: [awsElasticBeanstalkApp] @hasInverse(field: elasticBeanstalkEnvs)
   ec2Instances: [awsEc2] @hasInverse(field: elasticBeanstalkEnv)
@@ -27,5 +28,3 @@ type awsElasticBeanstalkEnvResource {
   name: String @search(by: [hash, regexp])
   value: [String] @search(by: [hash, regexp])
 }
-
-# TODO: add iam role based on OperationsRole field

src/services/iamRole/connections.ts

@@ -16,6 +16,7 @@ import { RawAwsGuardDutyDetector } from '../guardDutyDetector/data'
 import { RawAwsSageMakerNotebookInstance } from '../sageMakerNotebookInstance/data'
 import { RawAwsSystemsManagerInstance } from '../systemsManagerInstance/data'
 import { RawAwsElasticBeanstalkApp } from '../elasticBeanstalkApplication/data'
+import { RawAwsElasticBeanstalkEnv } from '../elasticBeanstalkEnvironment/data'
 
 /**
  * IAM Role
@@ -254,6 +255,29 @@ export default ({
     }
   }
 
+  /**
+   * Find any elasticBeanstalkEnv related data
+   */
+  const elasticBEnvs = data.find(
+    ({ name }) => name === services.elasticBeanstalkEnv
+  )
+  if (elasticBEnvs?.data?.[region]) {
+    const dataAtRegion: RawAwsElasticBeanstalkEnv[] = elasticBEnvs.data[
+      region
+    ].filter(
+      ({ OperationsRole }: RawAwsElasticBeanstalkEnv) =>
+        OperationsRole === role.Arn
+    )
+    for (const elasticBEnv of dataAtRegion) {
+      connections.push({
+        id: elasticBEnv.EnvironmentId,
+        resourceType: services.elasticBeanstalkEnv,
+        relation: 'child',
+        field: 'elasticBeanstalkEnvs',
+      })
+    }
+  }
+
   return {
     [id]: connections,
   }

src/services/iamRole/schema.graphql

@@ -13,6 +13,7 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
   ecsServices: [awsEcsService] @hasInverse(field: iamRoles)
   eksClusters: [awsEksCluster] @hasInverse(field: iamRoles)
   elasticBeanstalkApps: [awsElasticBeanstalkApp] @hasInverse(field: iamRole)
+  elasticBeanstalkEnvs: [awsElasticBeanstalkEnv] @hasInverse(field: iamRole)
   flowLogs: [awsFlowLog] @hasInverse(field: iamRole)
   glueJobs: [awsGlueJob] @hasInverse(field: iamRole)
   guardDutyDetectors: [awsGuardDutyDetector] @hasInverse(field: iamRole)

src/types/generated.ts

@@ -2504,6 +2504,7 @@ export type AwsElasticBeanstalkEnv = AwsBaseService & {
   ec2Instances?: Maybe<Array<Maybe<AwsEc2>>>;
   elasticBeanstalkApps?: Maybe<Array<Maybe<AwsElasticBeanstalkApp>>>;
   endpointUrl?: Maybe<Scalars['String']>;
+  iamRole?: Maybe<Array<Maybe<AwsIamRole>>>;
   name?: Maybe<Scalars['String']>;
   platformArn?: Maybe<Scalars['String']>;
   resources?: Maybe<Array<Maybe<AwsElasticBeanstalkEnvResource>>>;
@@ -3065,6 +3066,7 @@ export type AwsIamRole = AwsBaseService & {
   ecsServices?: Maybe<Array<Maybe<AwsEcsService>>>;
   eksClusters?: Maybe<Array<Maybe<AwsEksCluster>>>;
   elasticBeanstalkApps?: Maybe<Array<Maybe<AwsElasticBeanstalkApp>>>;
+  elasticBeanstalkEnvs?: Maybe<Array<Maybe<AwsElasticBeanstalkEnv>>>;
   flowLogs?: Maybe<Array<Maybe<AwsFlowLog>>>;
   glueJobs?: Maybe<Array<Maybe<AwsGlueJob>>>;
   guardDutyDetectors?: Maybe<Array<Maybe<AwsGuardDutyDetector>>>;