fix(elasticBeanstalkApp): add connection to iamRole, fixes to iamRole

Author: hjaraujof

README.md

@@ -106,7 +106,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | eksCluster                  | ec2, iamRole, kms, securityGroup, subnet, vpc                                                                                                                                                                                                                                                                                    |
 | elastiCacheCluster          | securityGroup, subnet, vpc                                                                                                                                                                                                                                                                                                       |
 | elastiCacheReplicationGroup | kms                                                                                                                                                                                                                                                                                                                              |
-| elasticBeanstalkApp         | elasticBeanstalkEnv                                                                                                                                                                                                                                                                                                              |
+| elasticBeanstalkApp         | elasticBeanstalkEnv, iamRole |
 | elasticBeanstalkEnv         | ec2, elasticBeanstalkApp                                                                                                                                                                                                                                                                                                         |
 | elasticSearchDomain         | kms, securityGroup, subnet, vpc                                                                                                                                                                                                                                                                                                  |
 | elb                         | cloudfront, ecsService, securityGroup, subnet, vpc                                                                                                                                                                                                                                                                               |
@@ -124,7 +124,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | iamServerCertificate        |                                                                                                                                                                                                                                                                                                                                  |
 | iamUser                     | iamGroup                                                                                                                                                                                                                                                                                                                         |
 | iamPolicy                   | iamRole, iamGroup                                                                                                                                                                                                                                                                                                                |
-| iamRole                     | appSync, asg, cloudformationStackSet, codebuild, configurationRecorder, ec2, iamInstanceProfile, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, s3, sageMakerNotebookInstance, systemsManagerInstance guardDutyDetector, lambda, kinesisFirehose, rdsCluster                                                                                |
+| iamRole                     | appSync, asg, cloudformationStackSet, codebuild, configurationRecorder, ec2, iamInstanceProfile, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, s3, sageMakerNotebookInstance, systemsManagerInstance, guardDutyDetector, lambda, kinesisFirehose, rdsCluster, elasticBeanstalkApp |
 | iamGroup                    | iamUser, iamPolicy                                                                                                                                                                                                                                                                                                               |
 | igw                         | vpc                                                                                                                                                                                                                                                                                                                              |
 | iot                         |                                                                                                                                                                                                                                                                                                                                  |

src/services/ecsService/schema.graphql

@@ -29,7 +29,7 @@ type awsEcsService implements awsBaseService @key(fields: "arn") {
   ecsTaskDefinition: [awsEcsTaskDefinition] @hasInverse(field: ecsService)
   ecsTaskSet: [awsEcsTaskSet] @hasInverse(field: ecsService)
   elb: [awsElb] @hasInverse(field: ecsService)
-  iamRoles: [awsIamRole] @hasInverse(field: ecsService)
+  iamRoles: [awsIamRole] @hasInverse(field: ecsServices)
   securityGroups: [awsSecurityGroup] @hasInverse(field: ecsService)
   subnet: [awsSubnet] @hasInverse(field: ecsService) #change to plural
   vpc: [awsVpc] @hasInverse(field: ecsService)

src/services/eksCluster/schema.graphql

@@ -13,7 +13,7 @@ type awsEksCluster implements awsBaseService @key(fields: "arn") {
   platformVersion: String @search(by: [hash, regexp])
   encryptionConfig: [awsEksEncryptionConfig]
   tags: [awsRawTag]
-  iamRoles: [awsIamRole] @hasInverse(field: eksCluster)
+  iamRoles: [awsIamRole] @hasInverse(field: eksClusters)
   kms: [awsKms] @hasInverse(field: eksCluster)
   securityGroups: [awsSecurityGroup] @hasInverse(field: eksCluster)
   subnets: [awsSubnet] @hasInverse(field: eksCluster)

src/services/elasticBeanstalkApplication/format.ts

@@ -19,6 +19,7 @@ export default ({
     ApplicationName: name,
     Description: description,
     Tags = {},
+    ResourceLifecycleConfig: { ServiceRole: iamServiceRole } = {},
   } = application
 
   return {
@@ -28,6 +29,7 @@ export default ({
     name,
     description,
     region,
+    iamServiceRole,
     tags: formatTagsFromMap(Tags),
   }
 }

src/services/elasticBeanstalkApplication/schema.graphql

@@ -1,8 +1,8 @@
 type awsElasticBeanstalkApp implements awsBaseService @key(fields: "arn") {
   name: String @search(by: [hash, regexp])
   description: String @search(by: [hash, regexp])
-  elasticBeanstalkEnv: [awsElasticBeanstalkEnv] #change to plural
+  iamServiceRole: String @search(by: [hash, regexp])
+  elasticBeanstalkEnvs: [awsElasticBeanstalkEnv] @hasInverse(field: elasticBeanstalkApps)
   tags: [awsRawTag]
+  iamRole: [awsIamRole] @hasInverse(field: elasticBeanstalkApps)
 }
-
-#TODO: get iam role data and connection in format from ResourceLifecycleConfig

src/services/elasticBeanstalkEnvironment/connections.ts

@@ -44,7 +44,7 @@ export default ({
           id: app.ApplicationArn,
           resourceType: services.elasticBeanstalkApp,
           relation: 'child',
-          field: 'elasticBeanstalkApp',
+          field: 'elasticBeanstalkApps',
         })
       }
     }

src/services/elasticBeanstalkEnvironment/schema.graphql

@@ -11,7 +11,7 @@ type awsElasticBeanstalkEnv implements awsBaseService @key(fields: "arn") {
   tier: String @search(by: [hash])
   versionLabel: String @search(by: [hash, regexp])
   tags: [awsRawTag]
-  elasticBeanstalkApp: [awsElasticBeanstalkApp] @hasInverse(field: elasticBeanstalkEnv)
+  elasticBeanstalkApps: [awsElasticBeanstalkApp] @hasInverse(field: elasticBeanstalkEnvs)
   ec2Instances: [awsEc2] @hasInverse(field: elasticBeanstalkEnv)
 }
 

src/services/iamRole/connections.ts

@@ -15,6 +15,7 @@ import { RawAwsManagedAirflow } from '../managedAirflow/data'
 import { RawAwsGuardDutyDetector } from '../guardDutyDetector/data'
 import { RawAwsSageMakerNotebookInstance } from '../sageMakerNotebookInstance/data'
 import { RawAwsSystemsManagerInstance } from '../systemsManagerInstance/data'
+import { RawAwsElasticBeanstalkApp } from '../elasticBeanstalkApplication/data'
 
 /**
  * IAM Role
@@ -81,7 +82,7 @@ export default ({
           id: serviceArn,
           resourceType: services.ecsService,
           relation: 'child',
-          field: 'ecsService',
+          field: 'ecsServices',
         })
       }
     }
@@ -229,6 +230,30 @@ export default ({
     }
   }
 
+  /**
+   * Find any elasticBeanstalkApp related data
+   */
+  const elasticBApps = data.find(
+    ({ name }) => name === services.elasticBeanstalkApp
+  )
+  if (elasticBApps?.data?.[region]) {
+    const dataAtRegion: RawAwsElasticBeanstalkApp[] = elasticBApps.data[
+      region
+    ].filter(
+      ({
+        ResourceLifecycleConfig: { ServiceRole: iamServiceRole } = {},
+      }: RawAwsElasticBeanstalkApp) => iamServiceRole === role.Arn
+    )
+    for (const elasticBApp of dataAtRegion) {
+      connections.push({
+        id: elasticBApp.ApplicationArn,
+        resourceType: services.elasticBeanstalkApp,
+        relation: 'child',
+        field: 'elasticBeanstalkApps',
+      })
+    }
+  }
+
   return {
     [id]: connections,
   }

src/services/iamRole/schema.graphql

@@ -7,21 +7,20 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
   maxSessionDuration: Int @search
   tags: [awsRawTag]
   inlinePolicies: [String]
-  iamAttachedPolicies: [awsIamPolicy] @hasInverse(field: iamRoles)
-  eksCluster: [awsEksCluster] @hasInverse(field: iamRoles) #change to plural
-  ecsService: [awsEcsService] @hasInverse(field: iamRoles) #change to plural
-  flowLogs: [awsFlowLog] @hasInverse(field: iamRole)
   cloudFormationStack: [awsCloudFormationStack] @hasInverse(field: iamRole)
-  configurationRecorder: [awsConfigurationRecorder] @hasInverse(field: iamRole)
   codebuilds: [awsCodebuild] @hasInverse(field: iamRoles)
+  configurationRecorder: [awsConfigurationRecorder] @hasInverse(field: iamRole)
+  ecsServices: [awsEcsService] @hasInverse(field: iamRoles)
+  eksClusters: [awsEksCluster] @hasInverse(field: iamRoles)
+  elasticBeanstalkApps: [awsElasticBeanstalkApp] @hasInverse(field: iamRole)
+  flowLogs: [awsFlowLog] @hasInverse(field: iamRole)
   glueJobs: [awsGlueJob] @hasInverse(field: iamRole)
-  managedAirflows: [awsManagedAirflow] @hasInverse(field: iamRoles)
   guardDutyDetectors: [awsGuardDutyDetector] @hasInverse(field: iamRole)
-  sageMakerNotebookInstances: [awsSageMakerNotebookInstance]
-    @hasInverse(field: iamRole)
-  systemsManagerInstances: [awsSystemsManagerInstance]
-    @hasInverse(field: iamRole)
+  iamAttachedPolicies: [awsIamPolicy] @hasInverse(field: iamRoles)
   iamInstanceProfiles: [awsIamInstanceProfile] @hasInverse(field: iamRole)
+  managedAirflows: [awsManagedAirflow] @hasInverse(field: iamRoles)
+  sageMakerNotebookInstances: [awsSageMakerNotebookInstance] @hasInverse(field: iamRole)
+  systemsManagerInstances: [awsSystemsManagerInstance] @hasInverse(field: iamRole)
   s3: [awsS3] @hasInverse(field: iamRole)
   dynamodb: [awsDynamoDbTable] @hasInverse(field: iamRoles)
   ec2Instances: [awsEc2] @hasInverse(field: iamRole)

src/types/generated.ts

@@ -2490,7 +2490,9 @@ export type AwsElastiCacheUserGroupsUpdateStatus = {
 
 export type AwsElasticBeanstalkApp = AwsBaseService & {
   description?: Maybe<Scalars['String']>;
-  elasticBeanstalkEnv?: Maybe<Array<Maybe<AwsElasticBeanstalkEnv>>>;
+  elasticBeanstalkEnvs?: Maybe<Array<Maybe<AwsElasticBeanstalkEnv>>>;
+  iamRole?: Maybe<Array<Maybe<AwsIamRole>>>;
+  iamServiceRole?: Maybe<Scalars['String']>;
   name?: Maybe<Scalars['String']>;
   tags?: Maybe<Array<Maybe<AwsRawTag>>>;
 };
@@ -2500,7 +2502,7 @@ export type AwsElasticBeanstalkEnv = AwsBaseService & {
   cname?: Maybe<Scalars['String']>;
   description?: Maybe<Scalars['String']>;
   ec2Instances?: Maybe<Array<Maybe<AwsEc2>>>;
-  elasticBeanstalkApp?: Maybe<Array<Maybe<AwsElasticBeanstalkApp>>>;
+  elasticBeanstalkApps?: Maybe<Array<Maybe<AwsElasticBeanstalkApp>>>;
   endpointUrl?: Maybe<Scalars['String']>;
   name?: Maybe<Scalars['String']>;
   platformArn?: Maybe<Scalars['String']>;
@@ -3060,8 +3062,9 @@ export type AwsIamRole = AwsBaseService & {
   description?: Maybe<Scalars['String']>;
   dynamodb?: Maybe<Array<Maybe<AwsDynamoDbTable>>>;
   ec2Instances?: Maybe<Array<Maybe<AwsEc2>>>;
-  ecsService?: Maybe<Array<Maybe<AwsEcsService>>>;
-  eksCluster?: Maybe<Array<Maybe<AwsEksCluster>>>;
+  ecsServices?: Maybe<Array<Maybe<AwsEcsService>>>;
+  eksClusters?: Maybe<Array<Maybe<AwsEksCluster>>>;
+  elasticBeanstalkApps?: Maybe<Array<Maybe<AwsElasticBeanstalkApp>>>;
   flowLogs?: Maybe<Array<Maybe<AwsFlowLog>>>;
   glueJobs?: Maybe<Array<Maybe<AwsGlueJob>>>;
   guardDutyDetectors?: Maybe<Array<Maybe<AwsGuardDutyDetector>>>;