Skip to content

Commit d5af1af

Browse files
committed
fix(elasticBeanstalkApp): add connection to iamRole, fixes to iamRole
1 parent fe254b8 commit d5af1af

File tree

10 files changed

+53
-24
lines changed

10 files changed

+53
-24
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
106106
| eksCluster | ec2, iamRole, kms, securityGroup, subnet, vpc |
107107
| elastiCacheCluster | securityGroup, subnet, vpc |
108108
| elastiCacheReplicationGroup | kms |
109-
| elasticBeanstalkApp | elasticBeanstalkEnv |
109+
| elasticBeanstalkApp | elasticBeanstalkEnv, iamRole |
110110
| elasticBeanstalkEnv | ec2, elasticBeanstalkApp |
111111
| elasticSearchDomain | kms, securityGroup, subnet, vpc |
112112
| elb | cloudfront, ecsService, securityGroup, subnet, vpc |
@@ -124,7 +124,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
124124
| iamServerCertificate | |
125125
| iamUser | iamGroup |
126126
| iamPolicy | iamRole, iamGroup |
127-
| iamRole | appSync, asg, cloudformationStackSet, codebuild, configurationRecorder, ec2, iamInstanceProfile, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, s3, sageMakerNotebookInstance, systemsManagerInstance guardDutyDetector, lambda, kinesisFirehose, rdsCluster |
127+
| iamRole | appSync, asg, cloudformationStackSet, codebuild, configurationRecorder, ec2, iamInstanceProfile, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, s3, sageMakerNotebookInstance, systemsManagerInstance, guardDutyDetector, lambda, kinesisFirehose, rdsCluster, elasticBeanstalkApp |
128128
| iamGroup | iamUser, iamPolicy |
129129
| igw | vpc |
130130
| iot | |

src/services/ecsService/schema.graphql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@ type awsEcsService implements awsBaseService @key(fields: "arn") {
2929
ecsTaskDefinition: [awsEcsTaskDefinition] @hasInverse(field: ecsService)
3030
ecsTaskSet: [awsEcsTaskSet] @hasInverse(field: ecsService)
3131
elb: [awsElb] @hasInverse(field: ecsService)
32-
iamRoles: [awsIamRole] @hasInverse(field: ecsService)
32+
iamRoles: [awsIamRole] @hasInverse(field: ecsServices)
3333
securityGroups: [awsSecurityGroup] @hasInverse(field: ecsService)
3434
subnet: [awsSubnet] @hasInverse(field: ecsService) #change to plural
3535
vpc: [awsVpc] @hasInverse(field: ecsService)

src/services/eksCluster/schema.graphql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ type awsEksCluster implements awsBaseService @key(fields: "arn") {
1313
platformVersion: String @search(by: [hash, regexp])
1414
encryptionConfig: [awsEksEncryptionConfig]
1515
tags: [awsRawTag]
16-
iamRoles: [awsIamRole] @hasInverse(field: eksCluster)
16+
iamRoles: [awsIamRole] @hasInverse(field: eksClusters)
1717
kms: [awsKms] @hasInverse(field: eksCluster)
1818
securityGroups: [awsSecurityGroup] @hasInverse(field: eksCluster)
1919
subnets: [awsSubnet] @hasInverse(field: eksCluster)

src/services/elasticBeanstalkApplication/format.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ export default ({
1919
ApplicationName: name,
2020
Description: description,
2121
Tags = {},
22+
ResourceLifecycleConfig: { ServiceRole: iamServiceRole } = {},
2223
} = application
2324

2425
return {
@@ -28,6 +29,7 @@ export default ({
2829
name,
2930
description,
3031
region,
32+
iamServiceRole,
3133
tags: formatTagsFromMap(Tags),
3234
}
3335
}
Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,8 @@
11
type awsElasticBeanstalkApp implements awsBaseService @key(fields: "arn") {
22
name: String @search(by: [hash, regexp])
33
description: String @search(by: [hash, regexp])
4-
elasticBeanstalkEnv: [awsElasticBeanstalkEnv] #change to plural
4+
iamServiceRole: String @search(by: [hash, regexp])
5+
elasticBeanstalkEnvs: [awsElasticBeanstalkEnv] @hasInverse(field: elasticBeanstalkApps)
56
tags: [awsRawTag]
7+
iamRole: [awsIamRole] @hasInverse(field: elasticBeanstalkApps)
68
}
7-
8-
#TODO: get iam role data and connection in format from ResourceLifecycleConfig

src/services/elasticBeanstalkEnvironment/connections.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ export default ({
4444
id: app.ApplicationArn,
4545
resourceType: services.elasticBeanstalkApp,
4646
relation: 'child',
47-
field: 'elasticBeanstalkApp',
47+
field: 'elasticBeanstalkApps',
4848
})
4949
}
5050
}

src/services/elasticBeanstalkEnvironment/schema.graphql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ type awsElasticBeanstalkEnv implements awsBaseService @key(fields: "arn") {
1111
tier: String @search(by: [hash])
1212
versionLabel: String @search(by: [hash, regexp])
1313
tags: [awsRawTag]
14-
elasticBeanstalkApp: [awsElasticBeanstalkApp] @hasInverse(field: elasticBeanstalkEnv)
14+
elasticBeanstalkApps: [awsElasticBeanstalkApp] @hasInverse(field: elasticBeanstalkEnvs)
1515
ec2Instances: [awsEc2] @hasInverse(field: elasticBeanstalkEnv)
1616
}
1717

src/services/iamRole/connections.ts

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ import { RawAwsManagedAirflow } from '../managedAirflow/data'
1515
import { RawAwsGuardDutyDetector } from '../guardDutyDetector/data'
1616
import { RawAwsSageMakerNotebookInstance } from '../sageMakerNotebookInstance/data'
1717
import { RawAwsSystemsManagerInstance } from '../systemsManagerInstance/data'
18+
import { RawAwsElasticBeanstalkApp } from '../elasticBeanstalkApplication/data'
1819

1920
/**
2021
* IAM Role
@@ -81,7 +82,7 @@ export default ({
8182
id: serviceArn,
8283
resourceType: services.ecsService,
8384
relation: 'child',
84-
field: 'ecsService',
85+
field: 'ecsServices',
8586
})
8687
}
8788
}
@@ -229,6 +230,30 @@ export default ({
229230
}
230231
}
231232

233+
/**
234+
* Find any elasticBeanstalkApp related data
235+
*/
236+
const elasticBApps = data.find(
237+
({ name }) => name === services.elasticBeanstalkApp
238+
)
239+
if (elasticBApps?.data?.[region]) {
240+
const dataAtRegion: RawAwsElasticBeanstalkApp[] = elasticBApps.data[
241+
region
242+
].filter(
243+
({
244+
ResourceLifecycleConfig: { ServiceRole: iamServiceRole } = {},
245+
}: RawAwsElasticBeanstalkApp) => iamServiceRole === role.Arn
246+
)
247+
for (const elasticBApp of dataAtRegion) {
248+
connections.push({
249+
id: elasticBApp.ApplicationArn,
250+
resourceType: services.elasticBeanstalkApp,
251+
relation: 'child',
252+
field: 'elasticBeanstalkApps',
253+
})
254+
}
255+
}
256+
232257
return {
233258
[id]: connections,
234259
}

src/services/iamRole/schema.graphql

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -7,21 +7,20 @@ type awsIamRole implements awsBaseService @key(fields: "id") {
77
maxSessionDuration: Int @search
88
tags: [awsRawTag]
99
inlinePolicies: [String]
10-
iamAttachedPolicies: [awsIamPolicy] @hasInverse(field: iamRoles)
11-
eksCluster: [awsEksCluster] @hasInverse(field: iamRoles) #change to plural
12-
ecsService: [awsEcsService] @hasInverse(field: iamRoles) #change to plural
13-
flowLogs: [awsFlowLog] @hasInverse(field: iamRole)
1410
cloudFormationStack: [awsCloudFormationStack] @hasInverse(field: iamRole)
15-
configurationRecorder: [awsConfigurationRecorder] @hasInverse(field: iamRole)
1611
codebuilds: [awsCodebuild] @hasInverse(field: iamRoles)
12+
configurationRecorder: [awsConfigurationRecorder] @hasInverse(field: iamRole)
13+
ecsServices: [awsEcsService] @hasInverse(field: iamRoles)
14+
eksClusters: [awsEksCluster] @hasInverse(field: iamRoles)
15+
elasticBeanstalkApps: [awsElasticBeanstalkApp] @hasInverse(field: iamRole)
16+
flowLogs: [awsFlowLog] @hasInverse(field: iamRole)
1717
glueJobs: [awsGlueJob] @hasInverse(field: iamRole)
18-
managedAirflows: [awsManagedAirflow] @hasInverse(field: iamRoles)
1918
guardDutyDetectors: [awsGuardDutyDetector] @hasInverse(field: iamRole)
20-
sageMakerNotebookInstances: [awsSageMakerNotebookInstance]
21-
@hasInverse(field: iamRole)
22-
systemsManagerInstances: [awsSystemsManagerInstance]
23-
@hasInverse(field: iamRole)
19+
iamAttachedPolicies: [awsIamPolicy] @hasInverse(field: iamRoles)
2420
iamInstanceProfiles: [awsIamInstanceProfile] @hasInverse(field: iamRole)
21+
managedAirflows: [awsManagedAirflow] @hasInverse(field: iamRoles)
22+
sageMakerNotebookInstances: [awsSageMakerNotebookInstance] @hasInverse(field: iamRole)
23+
systemsManagerInstances: [awsSystemsManagerInstance] @hasInverse(field: iamRole)
2524
s3: [awsS3] @hasInverse(field: iamRole)
2625
dynamodb: [awsDynamoDbTable] @hasInverse(field: iamRoles)
2726
ec2Instances: [awsEc2] @hasInverse(field: iamRole)

src/types/generated.ts

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2490,7 +2490,9 @@ export type AwsElastiCacheUserGroupsUpdateStatus = {
24902490

24912491
export type AwsElasticBeanstalkApp = AwsBaseService & {
24922492
description?: Maybe<Scalars['String']>;
2493-
elasticBeanstalkEnv?: Maybe<Array<Maybe<AwsElasticBeanstalkEnv>>>;
2493+
elasticBeanstalkEnvs?: Maybe<Array<Maybe<AwsElasticBeanstalkEnv>>>;
2494+
iamRole?: Maybe<Array<Maybe<AwsIamRole>>>;
2495+
iamServiceRole?: Maybe<Scalars['String']>;
24942496
name?: Maybe<Scalars['String']>;
24952497
tags?: Maybe<Array<Maybe<AwsRawTag>>>;
24962498
};
@@ -2500,7 +2502,7 @@ export type AwsElasticBeanstalkEnv = AwsBaseService & {
25002502
cname?: Maybe<Scalars['String']>;
25012503
description?: Maybe<Scalars['String']>;
25022504
ec2Instances?: Maybe<Array<Maybe<AwsEc2>>>;
2503-
elasticBeanstalkApp?: Maybe<Array<Maybe<AwsElasticBeanstalkApp>>>;
2505+
elasticBeanstalkApps?: Maybe<Array<Maybe<AwsElasticBeanstalkApp>>>;
25042506
endpointUrl?: Maybe<Scalars['String']>;
25052507
name?: Maybe<Scalars['String']>;
25062508
platformArn?: Maybe<Scalars['String']>;
@@ -3060,8 +3062,9 @@ export type AwsIamRole = AwsBaseService & {
30603062
description?: Maybe<Scalars['String']>;
30613063
dynamodb?: Maybe<Array<Maybe<AwsDynamoDbTable>>>;
30623064
ec2Instances?: Maybe<Array<Maybe<AwsEc2>>>;
3063-
ecsService?: Maybe<Array<Maybe<AwsEcsService>>>;
3064-
eksCluster?: Maybe<Array<Maybe<AwsEksCluster>>>;
3065+
ecsServices?: Maybe<Array<Maybe<AwsEcsService>>>;
3066+
eksClusters?: Maybe<Array<Maybe<AwsEksCluster>>>;
3067+
elasticBeanstalkApps?: Maybe<Array<Maybe<AwsElasticBeanstalkApp>>>;
30653068
flowLogs?: Maybe<Array<Maybe<AwsFlowLog>>>;
30663069
glueJobs?: Maybe<Array<Maybe<AwsGlueJob>>>;
30673070
guardDutyDetectors?: Maybe<Array<Maybe<AwsGuardDutyDetector>>>;

0 commit comments

Comments
 (0)