feat: add DB cluster snapshot support and region wide scan flag; bump external package.

Author: wakeful

.golangci.yaml

@@ -1,6 +1,9 @@
 version: "2"
 linters:
   default: all
+  disable:
+    - dupl
+    - funlen
   settings:
     cyclop:
       max-complexity: 11
@@ -20,11 +23,15 @@ linters:
   exclusions:
     generated: disable
     rules:
+      - path: gen/
+        linters:
+          - exhaustruct
+          - revive
       - path: main.go
         linters:
           - funlen
           - lll
-      - path: _string.go
+      - path: (gen_.*|_string).go
         linters:
           - gochecknoglobals
       - path: _test.go

gen.go

@@ -0,0 +1,6 @@
+// Copyright 2025 variHQ OÜ
+// SPDX-License-Identifier: BSD-3-Clause
+
+package main
+
+//go:generate go run ./gen/regions/main.go

gen/regions/main.go

@@ -0,0 +1,101 @@
+// Copyright 2025 variHQ OÜ
+// SPDX-License-Identifier: BSD-3-Clause
+
+package main
+
+import (
+	"context"
+	_ "embed"
+	"fmt"
+	"log/slog"
+	"os"
+	"sort"
+	"text/template"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+)
+
+//go:embed regions.gotpl
+var templateContent string
+
+type regionTemplate struct {
+	Regions []string
+}
+
+const useRegion = "eu-west-1"
+
+func main() {
+	slog.SetDefault(slog.New(slog.NewTextHandler(os.Stdout, &slog.HandlerOptions{
+		AddSource: false,
+		Level:     slog.LevelDebug,
+	})))
+
+	ctx := context.Background()
+
+	cnf, errGetConfig := config.LoadDefaultConfig(ctx, config.WithRegion(useRegion))
+	if errGetConfig != nil {
+		slog.Error("failed to get AWS config", slog.String("error", errGetConfig.Error()))
+
+		return
+	}
+
+	regions, errGetRegions := getActiveRegions(ctx, cnf)
+	if errGetRegions != nil {
+		slog.Error("failed to get active regions", slog.String("error", errGetRegions.Error()))
+
+		return
+	}
+
+	slog.Info("found regions", slog.Int("count", len(regions)))
+
+	target, errCreateFile := os.Create("./gen_regions.go")
+	if errCreateFile != nil {
+		slog.Error("failed to create target file", slog.String("error", errCreateFile.Error()))
+
+		return
+	}
+
+	defer func(target *os.File) {
+		errCloseFile := target.Close()
+		if errCloseFile != nil {
+			slog.Error("failed to close target file", slog.String("error", errCloseFile.Error()))
+		}
+	}(target)
+
+	supportedRegionsTemplate := template.Must(template.New("").Parse(templateContent))
+
+	if errTemplate := supportedRegionsTemplate.Execute(target, regionTemplate{Regions: regions}); errTemplate != nil {
+		slog.Error("failed to execute template", slog.String("error", errTemplate.Error()))
+
+		return
+	}
+
+	slog.Warn("generated file with regions")
+}
+
+// getActiveRegions return a list of active regions in the current AWS account.
+func getActiveRegions(ctx context.Context, cfg aws.Config) ([]string, error) {
+	client := ec2.NewFromConfig(cfg)
+
+	regions, err := client.DescribeRegions(ctx, &ec2.DescribeRegionsInput{
+		AllRegions: aws.Bool(false),
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to describe regions: %w", err)
+	}
+
+	activeRegions := make([]string, 0, len(regions.Regions))
+
+	for _, region := range regions.Regions {
+		slog.Debug("found region", slog.String("name", *region.RegionName))
+		activeRegions = append(activeRegions, *region.RegionName)
+	}
+
+	slog.Debug("found regions", slog.Int("count", len(activeRegions)))
+
+	sort.Strings(activeRegions)
+
+	return activeRegions, nil
+}

gen/regions/regions.gotpl

@@ -0,0 +1,8 @@
+// Package gen Code generated. DO NOT EDIT.
+package main
+
+var supportedRegions = []string{
+	{{- range .Regions }}
+	{{ printf "%q" . }},
+	{{- end }}
+}

gen_regions.go

@@ -0,0 +1,25 @@
+// Copyright 2025 variHQ OÜ
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Package gen Code generated. DO NOT EDIT.
+package main
+
+var supportedRegions = []string{
+	"ap-northeast-1",
+	"ap-northeast-2",
+	"ap-northeast-3",
+	"ap-south-1",
+	"ap-southeast-1",
+	"ap-southeast-2",
+	"ca-central-1",
+	"eu-central-1",
+	"eu-north-1",
+	"eu-west-1",
+	"eu-west-2",
+	"eu-west-3",
+	"sa-east-1",
+	"us-east-1",
+	"us-east-2",
+	"us-west-1",
+	"us-west-2",
+}

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/rds v1.96.0
 	github.com/aws/aws-sdk-go-v2/service/ssm v1.59.0
 	github.com/aws/aws-sdk-go-v2/service/sts v1.33.19
-	golang.org/x/sync v0.14.0
+	golang.org/x/sync v0.15.0
 )
 
 require (

go.sum

@@ -30,5 +30,5 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 h1:1XuUZ8mYJw9B6lzAkXhqHlJd/Xv
 github.com/aws/aws-sdk-go-v2/service/sts v1.33.19/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4=
 github.com/aws/smithy-go v1.22.3 h1:Z//5NuZCSW6R4PhQ93hShNbyBbn8BWCmCVCt+Q8Io5k=
 github.com/aws/smithy-go v1.22.3/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
-golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
-golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=

main.go

@@ -16,12 +16,13 @@ var version = "dev"
 
 func main() {
 	var (
-		target       = flag.String("target", "self", "target AWS account ID")
-		listScanners = flag.Bool("list-scanners", false, "list available resource types")
-		showVersion  = flag.Bool("version", false, "show version")
-		verbose      = flag.Bool("verbose", false, "verbose log output")
-		regionVars   StringSlice
-		scannersVars StringSlice
+		target         = flag.String("target", "self", "target AWS account ID")
+		listScanners   = flag.Bool("list-scanners", false, "list available resource types")
+		showVersion    = flag.Bool("version", false, "show version")
+		verbose        = flag.Bool("verbose", false, "verbose log output")
+		scanAllRegions = flag.Bool("region-all", false, "scan all regions")
+		regionVars     StringSlice
+		scannersVars   StringSlice
 	)
 
 	flag.Var(
@@ -58,6 +59,12 @@ func main() {
 		return
 	}
 
+	if *scanAllRegions {
+		slog.Debug("scan all regions")
+
+		regionVars = supportedRegions
+	}
+
 	ctx := context.TODO()
 
 	app, err := newApp(

scan_rds_snapshot.go

@@ -15,11 +15,13 @@ import (
 )
 
 var (
-	_ rds.DescribeDBSnapshotsAPIClient = (rdsSnapshotClient)(nil)
-	_ runner                           = (*rdsSnapshotScan)(nil)
+	_ rds.DescribeDBClusterSnapshotsAPIClient = (rdsSnapshotClient)(nil)
+	_ rds.DescribeDBSnapshotsAPIClient        = (rdsSnapshotClient)(nil)
+	_ runner                                  = (*rdsSnapshotScan)(nil)
 )
 
 type rdsSnapshotClient interface {
+	rds.DescribeDBClusterSnapshotsAPIClient
 	rds.DescribeDBSnapshotsAPIClient
 }
 
@@ -46,6 +48,22 @@ func (r *rdsSnapshotScan) scan(ctx context.Context, target string) ([]Result, er
 		return nil, fmt.Errorf("%w: target account ID is required", errEmptyTarget)
 	}
 
+	outputSnapShoots, err := r.scanSnapshots(ctx, target)
+	if err != nil {
+		return nil, err
+	}
+
+	outputClusterSnapShoots, err := r.scanClusterSnapshots(ctx, target)
+	if err != nil {
+		return nil, err
+	}
+
+	outputSnapShoots = append(outputSnapShoots, outputClusterSnapShoots...)
+
+	return outputSnapShoots, nil
+}
+
+func (r *rdsSnapshotScan) scanSnapshots(ctx context.Context, target string) ([]Result, error) {
 	slog.Debug(
 		"starting RDS snapshot scan",
 		slog.String("region", r.region),
@@ -102,3 +120,67 @@ func (r *rdsSnapshotScan) scan(ctx context.Context, target string) ([]Result, er
 
 	return output, nil
 }
+
+func (r *rdsSnapshotScan) scanClusterSnapshots(
+	ctx context.Context,
+	target string,
+) ([]Result, error) {
+	slog.Debug(
+		"starting RDS cluster snapshot scan",
+		slog.String("region", r.region),
+		slog.String("target", target),
+	)
+
+	var output []Result
+
+	paginator := rds.NewDescribeDBClusterSnapshotsPaginator(
+		r.client,
+		&rds.DescribeDBClusterSnapshotsInput{
+			DBClusterIdentifier:         nil,
+			DBClusterSnapshotIdentifier: nil,
+			DbClusterResourceId:         nil,
+			Filters:                     nil,
+			IncludePublic:               aws.Bool(true),
+			IncludeShared:               aws.Bool(true),
+			Marker:                      nil,
+			MaxRecords:                  nil,
+			SnapshotType:                nil,
+		},
+	)
+	for paginator.HasMorePages() {
+		if ctx.Err() != nil {
+			return nil, fmt.Errorf("%w: %w", errCtxCancelled, ctx.Err())
+		}
+
+		page, err := paginator.NextPage(ctx)
+		if err != nil {
+			return nil, fmt.Errorf("failed to fetch RDS cluster snapshots, %w", err)
+		}
+
+		for _, snapshot := range page.DBClusterSnapshots {
+			if !strings.Contains(*snapshot.DBClusterSnapshotIdentifier, target) {
+				slog.Debug("skipping RDS cluster snapshots",
+					slog.String("name", *snapshot.DBClusterSnapshotIdentifier),
+					slog.String("region", r.region),
+				)
+
+				continue
+			}
+
+			output = append(output, Result{
+				CreationDate: snapshot.SnapshotCreateTime.Format(time.RFC3339),
+				Identifier:   *snapshot.DBClusterSnapshotIdentifier,
+				Region:       r.region,
+				RType:        r.runType(),
+			})
+		}
+	}
+
+	slog.Debug("finished RDS cluster snapshot scan",
+		slog.Int("count", len(output)),
+		slog.String("region", r.region),
+		slog.String("target", target),
+	)
+
+	return output, nil
+}