Merge pull request #107 from cloudgraphdev/beta

RELEASE: 0.84.0

Author: tyler-dunkel

CHANGELOG.md

@@ -1,3 +1,21 @@
+# [0.84.0-beta.1](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.83.1...0.84.0-beta.1) (2023-01-24)
+
+
+### Features
+
+* **CG-1311:** add AWS security hub ([067bf70](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/067bf70678fd48b60f97feb6c2390e6ae31ea358))
+* **CG-1311:** update README ([b36b426](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/b36b426f8c25a2ebc96934fd7236aec669080083))
+* **creds:** update credentials flow to support sso ([db29e83](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/db29e8339cd8e6f481333cdeccf83ca4568439b1))
+
+# [0.84.0-alpha.1](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.83.1...0.84.0-alpha.1) (2023-01-24)
+
+
+### Features
+
+* **CG-1311:** add AWS security hub ([067bf70](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/067bf70678fd48b60f97feb6c2390e6ae31ea358))
+* **CG-1311:** update README ([b36b426](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/b36b426f8c25a2ebc96934fd7236aec669080083))
+* **creds:** update credentials flow to support sso ([db29e83](https://github.com/cloudgraphdev/cloudgraph-provider-aws/commit/db29e8339cd8e6f481333cdeccf83ca4568439b1))
+
 ## [0.83.1](https://github.com/cloudgraphdev/cloudgraph-provider-aws/compare/0.83.0...0.83.1) (2022-11-28)
 
 

README.md

@@ -4,7 +4,8 @@ Use the CloudGraph AWS Provider to scan and normalize cloud infrastructure using
 
 <!-- toc -->
 
-- [Docs](#install)
+- [CloudGraph AWS Provider](#cloudgraph-aws-provider)
+- [Docs](#docs)
 - [Install](#install)
 - [Authentication](#authentication)
 - [Multi Account](#multi-account)
@@ -154,6 +155,7 @@ CloudGraph AWS Provider will ask you what regions you would like to crawl and wi
 | s3                          | cloudfront, cloudtrail, ecsCluster, iamRole, kinesisFirehose, kms, lambda, managedAirflow, sns, sqs                                                                                                                                                                                                                                                                                |
 | secretsManager              | kms, lambda                                                                                                                                                                                                                                                                                                                                                                   |
 | securityGroup               | alb, asg, clientVpnEndpoint, codebuild, dmsReplicationInstance, ecsService, lambda, ec2, elasticSearchDomain, elb, rdsCluster, rdsDbInstance, eksCluster, elastiCacheCluster, managedAirflow, sageMakerNotebookInstance, networkInterface, vpcEndpoint                                                                                                                                     |
+| securityHub                 |                                                                                                                                                                                                                                                                                                                                                                               |
 | ses                         |                                                                                                                                                                                                                                                                                                                                                                               |
 | sns                         | kms, cloudtrail, cloudwatch, s3                                                                                                                                                                                                                                                                                                                                               |
 | sqs                         | elasticBeanstalkEnv, s3                                                                                                                                                                                                                                                                                                                                                       |

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cloudgraph/cg-provider-aws",
-  "version": "0.83.1",
+  "version": "0.84.0-beta.1",
   "description": "cloud-graph provider plugin for AWS used to fetch AWS cloud data.",
   "publishConfig": {
     "registry": "https://registry.npmjs.org/",
@@ -31,6 +31,8 @@
     "terraform:cleanup": "rimraf ./tests/terraform/{.terraform,.terraform.lock.hcl,tfplan} ./tests/terraform/*.{tfstate,tfplan,backup}"
   },
   "dependencies": {
+    "@aws-sdk/credential-providers": "^3.256.0",
+    "@aws-sdk/shared-ini-file-loader": "^3.254.0",
     "@cloudgraph/sdk": "^0.22.1",
     "@fast-csv/parse": "^4.3.6",
     "@graphql-tools/load-files": "^6.5.3",

src/enums/resources.ts

@@ -44,6 +44,7 @@ export default {
   dynamoDbTable: 'aws_dynamodb_table',
   kinesisStream: 'aws_kinesis_stream',
   securityGroup: 'aws_security_group',
+  securityHub: 'aws_security_hub',
   iamRolePolicy: 'aws_iam_role_policy',
   efsMountTarget: 'aws_efs_mount_target',
   route53ZRecord: 'aws_route53_record',

src/enums/schemasMap.ts

@@ -78,6 +78,7 @@ export default {
   [services.nat]: 'awsNatGateway',
   [services.networkInterface]: 'awsNetworkInterface',
   [services.sg]: 'awsSecurityGroup',
+  [services.securityHub]: 'awsSecurityHub',
   [services.subnet]: 'awsSubnet',
   [services.vpc]: 'awsVpc',
   [services.vpcEndpoint]: 'awsVpcEndpoint',

src/enums/serviceAliases.ts

@@ -67,6 +67,7 @@ export default {
   [services.sageMakerProject]: 'sageMakerProjects',
   [services.secretsManager]: 'secretsManager',
   [services.sg]: 'securityGroups',
+  [services.securityHub]: 'securityHubs',
   [services.subnet]: 'subnets',
   [services.systemsManagerDocument]: 'systemsManagerDocuments',
   [services.systemsManagerInstance]: 'systemsManagerInstances',

src/enums/serviceMap.ts

@@ -53,6 +53,7 @@ import Route53HostedZone from '../services/route53HostedZone'
 import Route53Record from '../services/route53Record'
 import RouteTable from '../services/routeTable'
 import SecretsManager from '../services/secretsManager'
+import SecurityHub from '../services/securityHub'
 import S3 from '../services/s3'
 import SES from '../services/ses'
 import SQS from '../services/sqs'
@@ -182,6 +183,7 @@ export default {
   [services.sageMakerProject]: SageMakerProject,
   [services.s3]: S3,
   [services.secretsManager]: SecretsManager,
+  [services.securityHub]: SecurityHub,
   [services.ses]: SES,
   [services.iamAccessAnalyzer]: IamAccessAnalyzer,
   [services.iamUser]: IamUser,

src/enums/services.ts

@@ -84,6 +84,7 @@ export default {
   sageMakerProject: 'sageMakerProject',
   s3: 's3',
   secretsManager: 'secretsManager',
+  securityHub: 'securityHub',
   ses: 'ses',
   sg: 'sg',
   sns: 'sns',

src/properties/logger.ts

@@ -689,4 +689,10 @@ export default {
    * Vpc Peering Connections
    */
   fetchedVpcPeeringConnections: (num: number): string => `Found ${num} Vpc Peering Connections`,
+  /**
+   * Security Hub
+   */
+  securityHubNotFound: (region: string): string => `Security Hub not found/disabled for region: ${region}`,
+  fetchedSecurityHub: (region: string): string => `Security Hub found/enabled for region: ${region}`,
+  fetchingSecurityHub: 'Fetching Security Hub data for this AWS account via the AWS SDK...',
 }

src/services/account/schema.graphql

@@ -86,6 +86,7 @@ type awsAccount implements awsOptionalService @key(fields: "id") {
   sageMakerProjects: [awsSageMakerProject]
   secretsManager: [awsSecretsManager]
   securityGroups: [awsSecurityGroup]
+  securityHub: [awsSecurityHub]
   systemsManagerDocuments: [awsSystemsManagerDocument]
   systemsManagerInstances: [awsSystemsManagerInstance]
   ses: [awsSes]