Skip to content

Commit eb2b6f7

Browse files
committed
Merge branch 'alpha' into feature/CG-1060
2 parents d2b42ce + e687b56 commit eb2b6f7

File tree

21 files changed

+347
-75
lines changed

21 files changed

+347
-75
lines changed

CHANGELOG.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,19 @@
1+
# [0.79.0-alpha.3](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.2...0.79.0-alpha.3) (2022-04-08)
2+
3+
4+
### Features
5+
6+
* **appSync:** add iamRole/wafV2WebAcl connections ([36b90f2](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/36b90f256445568dd33d9f0fcbed8dc66531407a))
7+
8+
# [0.79.0-alpha.2](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.79.0-alpha.1...0.79.0-alpha.2) (2022-04-08)
9+
10+
11+
### Features
12+
13+
* Added iamInstanceProfile connection ([652f2f7](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/652f2f7b9bf551cab37afa2893bea5bb504699c9))
14+
* Added IamRole connection to ec2 ([4ff22ec](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/4ff22ecb130345de06cd6afd06c15f2978c8a4c7))
15+
* Handle TODOs for EC2 ([832fc7b](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/832fc7bdff1a02d89fbdbf50d1d030669d7568b9))
16+
117
# [0.79.0-alpha.1](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.78.2-alpha.1...0.79.0-alpha.1) (2022-04-07)
218

319

README.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
7171
| apiGatewayRestApi | apiGatewayResource, apiGatewayStage, route53Record |
7272
| apiGatewayStage | apiGatewayRestApi |
7373
| apiGatewayResource | apiGatewayRestApi |
74-
| appSync | cognitoUserPool, dynamodb, lambda, rdsCluster |
74+
| appSync | cognitoUserPool, dynamodb, iamRole, lambda, rdsCluster, wafV2WebAcl |
7575
| asg | ebs, ec2, securityGroup, subnet |
7676
| athenaDataCatalog | |
7777
| clientVpnEndpoint | securityGroup |
@@ -90,7 +90,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
9090
| dynamodb | appSync, iamRole, kms |
9191
| dmsReplicationInstance | securityGroup, subnet, vpc, kms |
9292
| ebs | asg, ec2, emrInstance |
93-
| ec2 | alb, asg, ebs, eip, emrInstance, networkInterface, securityGroup, subnet, systemsManagerInstance, vpc, ecsContainer |
93+
| ec2 | alb, asg, ebs, eip, emrInstance, eksCluster, elasticBeanstalkEnv, iamInstanceProfile, iamRole, networkInterface, securityGroup, subnet, systemsManagerInstance, vpc, ecsContainer |
9494
| ecr | |
9595
| ecsCluster | ecsService, ecsTask, ecsTaskSet |
9696
| ecsContainer | ecsTask, ec2 |
@@ -101,11 +101,11 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
101101
| efs | kms |
102102
| efsMountTarget | networkInterface, subnet, vpc |
103103
| eip | ec2, networkInterface, vpc |
104-
| eksCluster | iamRole, kms, securityGroup, subnet, vpc |
104+
| eksCluster | ec2, iamRole, kms, securityGroup, subnet, vpc |
105105
| elastiCacheCluster | securityGroup, subnet, vpc |
106106
| elastiCacheReplicationGroup | kms |
107107
| elasticBeanstalkApp | elasticBeanstalkEnv |
108-
| elasticBeanstalkEnv | elasticBeanstalkApp |
108+
| elasticBeanstalkEnv | ec2, elasticBeanstalkApp |
109109
| elasticSearchDomain | kms, securityGroup, subnet, vpc |
110110
| elb | cloudfront, ecsService, securityGroup, subnet, vpc |
111111
| emrCluster | kms, subnet |
@@ -115,14 +115,14 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
115115
| glueJob | iamRole |
116116
| glueRegistry | |
117117
| guardDutyDetector | iamRole |
118-
| iamInstanceProfile | iamRole |
118+
| iamInstanceProfile | ec2, iamRole |
119119
| iamPasswordPolicy | |
120120
| iamSamlProvider | |
121121
| iamOpenIdConnectProvider | |
122122
| iamServerCertificate | |
123123
| iamUser | iamGroup |
124124
| iamPolicy | iamRole, iamGroup |
125-
| iamRole | codebuild, configurationRecorder, iamInstanceProfile, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, sageMakerNotebookInstance, systemsManagerInstance guardDutyDetector |
125+
| iamRole | appSync, codebuild, configurationRecorder, ec2, iamInstanceProfile, iamPolicy, eksCluster, ecsService, flowLog, glueJob, managedAirflow, sageMakerNotebookInstance, systemsManagerInstance guardDutyDetector |
126126
| iamGroup | iamUser, iamPolicy |
127127
| igw | vpc |
128128
| iot | |
@@ -159,5 +159,5 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
159159
| vpc | alb, codebuild, dmsReplicationInstance, ec2, eip, elb, ecsService, efsMountTarget, eksCluster igw, elastiCacheCluster, elasticSearchDomain, lambda, nacl, natGateway, networkInterface, rdsClusterSnapshot, rdsDbInstance, redshiftCluster, route53HostedZone, routeTable, subnet, flowLog, vpnGateway, transitGatewayAttachment |
160160
| vpnConnection | customerGateway, transitGateway, transitGatewayAttachment, vpnGateway |
161161
| vpnGateway | vpc, vpnConnection |
162-
| wafV2WebAcl | |
162+
| wafV2WebAcl | appSync |
163163

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@cloudgraph/cg-provider-aws",
3-
"version": "0.79.0-alpha.1",
3+
"version": "0.79.0-alpha.3",
44
"description": "cloud-graph provider plugin for AWS used to fetch AWS cloud data.",
55
"publishConfig": {
66
"registry": "https://registry.npmjs.org/",

src/enums/relations.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,4 +8,5 @@ export default {
88
route53HostedZone: ['route53Record'],
99
emrCluster: ['emrInstance', 'emrStep'],
1010
ecsService: ['ecsTaskSet', 'ecsTaskDefinition'],
11+
iamInstanceProfile: ['ec2Instance'],
1112
}

src/services/appSync/connections.ts

Lines changed: 58 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,9 @@ import { RawAwsDynamoDbTable } from '../dynamodb/data'
1010
import { RawAwsLambdaFunction } from '../lambda/data'
1111
import { RawAwsCognitoUserPool } from '../cognitoUserPool/data'
1212
import { RawAwsRdsCluster } from '../rdsCluster/data'
13+
import { RawAwsIamRole } from '../iamRole/data'
14+
import { globalRegionName } from '../../enums/regions'
15+
import { RawAwsWafV2WebAcl } from '../wafV2WebAcl/data'
1316

1417
/**
1518
* AppSync
@@ -27,7 +30,7 @@ export default ({
2730
region: string
2831
}): { [key: string]: ServiceConnection[] } => {
2932
const connections: ServiceConnection[] = []
30-
const { apiId: id, awsDataSources, userPoolConfig } = appSync
33+
const { apiId: id, awsDataSources, userPoolConfig, wafWebAclArn } = appSync
3134

3235
/**
3336
* Find cognito user pools
@@ -153,6 +156,60 @@ export default ({
153156
}
154157
}
155158

159+
/**
160+
* Find related IAM Roles
161+
*/
162+
const roles: { name: string; data: { [property: string]: any[] } } =
163+
data.find(({ name }) => name === services.iamRole)
164+
165+
const roleArns = awsDataSources?.map(
166+
({ serviceRoleArn }) => serviceRoleArn
167+
)
168+
169+
if (roles?.data?.[globalRegionName]) {
170+
const dataAtRegion: RawAwsIamRole[] = roles.data[globalRegionName].filter(
171+
role => roleArns.includes(role.Arn)
172+
)
173+
if (!isEmpty(dataAtRegion)) {
174+
for (const instance of dataAtRegion) {
175+
const { Arn: arn }: RawAwsIamRole = instance
176+
177+
connections.push({
178+
id: arn,
179+
resourceType: services.iamRole,
180+
relation: 'child',
181+
field: 'iamRoles',
182+
})
183+
}
184+
}
185+
}
186+
187+
/**
188+
* Find wafV2WebAcls
189+
*/
190+
const acls: {
191+
name: string
192+
data: { [property: string]: RawAwsWafV2WebAcl[] }
193+
} = data.find(({ name }) => name === services.wafV2WebAcl)
194+
195+
if (acls?.data) {
196+
const allAcls = Object.values(acls.data).flat()
197+
const dataInRegion: RawAwsWafV2WebAcl[] = allAcls.filter(
198+
({ ARN }: RawAwsWafV2WebAcl) => ARN === wafWebAclArn
199+
)
200+
201+
if (!isEmpty(dataInRegion)) {
202+
for (const acl of dataInRegion) {
203+
connections.push({
204+
id: acl.Id,
205+
resourceType: services.wafV2WebAcl,
206+
relation: 'child',
207+
field: 'webAcl',
208+
})
209+
}
210+
}
211+
}
212+
156213
const appSyncResult = {
157214
[id]: connections,
158215
}

src/services/appSync/schema.graphql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -124,9 +124,7 @@ type awsAdditionalAuthenticationProvider
124124
userPoolAwsRegion: String @search(by: [hash, regexp])
125125
userPoolAppIdClientRegex: String @search(by: [hash, regexp])
126126
}
127-
# TODO: add iam role connection
128-
# TODO: waf web acl connection
129-
# TODO: add cloudwatchLog connection
127+
130128
type awsAppSync implements awsBaseService @key(fields: "arn") {
131129
name: String @search(by: [hash, regexp])
132130
authenticationType: String @search(by: [hash, regexp])
@@ -158,4 +156,6 @@ type awsAppSync implements awsBaseService @key(fields: "arn") {
158156
dynamodb: [awsDynamoDbTable] @hasInverse(field: appSync)
159157
lambda: [awsLambda] @hasInverse(field: appSync)
160158
rdsCluster: [awsRdsCluster] @hasInverse(field: appSync)
159+
iamRoles: [awsIamRole] @hasInverse(field: appSync)
160+
webAcl: [awsWafV2WebAcl] @hasInverse(field: appSync)
161161
}

0 commit comments

Comments
 (0)