Merge branch 'chore/add-todos' into 'master'

tyler-dunkel · tyler-dunkel · commit fcb3ff3e37de · 2022-03-31T14:39:01.000Z
chore(services): add todos for serivces with data needs

See merge request auto-cloud/cloudgraph/provider/cloudgraph-provider-aws!230
diff --git a/src/services/appSync/schema.graphql b/src/services/appSync/schema.graphql
@@ -124,7 +124,9 @@ type awsAdditionalAuthenticationProvider
     userPoolAwsRegion: String @search(by: [hash, regexp])
     userPoolAppIdClientRegex: String @search(by: [hash, regexp])
   }
-
+# TODO: add iam role connection
+# TODO: waf web acl connection
+# TODO: add cloudwatchLog connection
 type awsAppSync @key(fields: "arn") {
   id: String! @id @search(by: [hash])
   accountId: String! @search(by: [hash])
diff --git a/src/services/asg/schema.graphql b/src/services/asg/schema.graphql
@@ -93,6 +93,7 @@ type awsLaunchConfiguration
     metadataOptHttpEndpoint: String @search(by: [hash, regexp])
   }
 
+#TODO: add iam role connection here
 type awsAsg @key(fields: "arn") {
   id: String! @search(by: [hash])
   accountId: String! @search(by: [hash])
diff --git a/src/services/cloudFormationStackSet/schema.graphql b/src/services/cloudFormationStackSet/schema.graphql
@@ -40,7 +40,7 @@ type awsCloudFormationStackAutoDeploymentConfig {
   enabled: String @search(by: [hash, regexp])
   retainStacksOnAccountRemoval: String @search(by: [hash, regexp])
 }
-# add accountId to cloudFormationStackSet
+# TODO: add accountId to cloudFormationStackSet
 type awsCloudFormationStackSet @key(fields: "arn") {
   id: String! @search(by: [hash])
   arn: String! @id @search(by: [hash, regexp])
@@ -59,3 +59,5 @@ type awsCloudFormationStackSet @key(fields: "arn") {
   permissionModel: String @search(by: [hash, regexp])
   organizationalUnitIds: [String] @search
 }
+
+# TODO: add iam role connection using AdministrationRoleARN (also see if a connection can be made using ExecutionRoleName)
diff --git a/src/services/cloudtrail/schema.graphql b/src/services/cloudtrail/schema.graphql
@@ -12,7 +12,7 @@ type awsCloudtrail @key(fields: "cgId") {
   homeRegion: String @search(by: [hash, regexp])
   logFileValidationEnabled: String @search(by: [hash, regexp])
   cloudWatchLogsLogGroupArn: String @search(by: [hash, regexp])
-  cloudWatchLogsRoleArn: String @search(by: [hash, regexp])
+  cloudWatchLogsRoleArn: String @search(by: [hash, regexp]) # add iamRole connection here
   kmsKeyId: String @search(by: [hash, regexp])
   hasCustomEventSelectors: String @search(by: [hash, regexp])
   hasInsightSelectors: String @search(by: [hash, regexp])
diff --git a/src/services/cognitoIdentityPool/schema.graphql b/src/services/cognitoIdentityPool/schema.graphql
@@ -34,3 +34,7 @@ type awsCognitoIdentityPool @key(fields: "id") {
   samlProviderARNs: [String] @search
   tags: [awsRawTag]
 }
+
+# TODO: add an arn for identity pool see here: https://docs.aws.amazon.com/cognito/latest/developerguide/security_iam_service-with-iam.html
+#TODO: add connections to iamSamlProvider and iamOpenIdConnectProvider
+#TODO: try to add connection to iam role using getIdentityPoolRoles 
diff --git a/src/services/cognitoUserPool/schema.graphql b/src/services/cognitoUserPool/schema.graphql
@@ -118,3 +118,6 @@ type awsCognitoUserPool @key(fields: "id") {
   lambda: [awsLambda] @hasInverse(field: cognitoUserPool) #change to plural
   appSync: [awsAppSync] @hasInverse(field: cognitoUserPool)
 }
+
+# TODO: add connetion to kms
+# TODO: add connection to iamRole using SmsConfiguration.SnsCallerArn
diff --git a/src/services/dynamodb/schema.graphql b/src/services/dynamodb/schema.graphql
@@ -174,3 +174,5 @@ type awsDynamoDbTable @key(fields: "arn") {
   ttlEnabled: Boolean @search
   appSync: [awsAppSync] @hasInverse(field: dynamodb)
 }
+
+#TODO: create conenction to iam roles using autoscalingRoleArn, also connect to KMS
diff --git a/src/services/ec2/schema.graphql b/src/services/ec2/schema.graphql
@@ -96,7 +96,7 @@ type awsEc2 @key(fields: "arn") {
   sourceDestCheck: String @search(by: [hash, regexp])
   availabilityZone: String @search(by: [hash, regexp])
   cpuThreadsPerCore: Int @search
-  iamInstanceProfile: String @search(by: [hash, regexp]) # TODO: use to make a connection to a role
+  iamInstanceProfile: String @search(by: [hash, regexp]) # TODO: use to make a connection to a iamRole
   deletionProtection: String @search(by: [hash, regexp])
   dailyCost: awsTotalBillingInfo
   primaryNetworkInterface: String @search(by: [hash, regexp])
diff --git a/src/services/ecsCluster/schema.graphql b/src/services/ecsCluster/schema.graphql
@@ -21,6 +21,8 @@ type awsEcsCluster @key(fields: "arn") {
   ecsTaskSet: [awsEcsTaskSet] @hasInverse(field: ecsCluster)
 }
 
+#TODO: add connections to cloudwatchLog, s3, 
+
 type AwsEcsExecuteCommandLogConfiguration 
   @generate(
     query: { get: false, query: true, aggregate: false }
diff --git a/src/services/ecsTask/schema.graphql b/src/services/ecsTask/schema.graphql
@@ -1,3 +1,4 @@
+#TODO: add iam role connection
 type awsEcsTask @key(fields: "arn") {
   id: String! @id @search(by: [hash])
 	arn: String! @id @search(by: [hash, regexp])
diff --git a/src/services/efsMountTarget/schema.graphql b/src/services/efsMountTarget/schema.graphql
@@ -12,4 +12,6 @@ type awsEfsMountTarget @key(fields: "id") {
   networkInterface: [awsNetworkInterface] @hasInverse(field: efsMountTarget) #change to plural
   subnet: [awsSubnet] @hasInverse(field: efsMountTarget) #change to plural
   vpc: [awsVpc] @hasInverse(field: efsMountTarget)
-}
+}
+
+# TODO: add an arn if possible
diff --git a/src/services/elasticBeanstalkApplication/schema.graphql b/src/services/elasticBeanstalkApplication/schema.graphql
@@ -8,3 +8,5 @@ type awsElasticBeanstalkApp @key(fields: "arn") {
   elasticBeanstalkEnv: [awsElasticBeanstalkEnv] #change to plural
   tags: [awsRawTag]
 }
+
+#TODO: get iam role data and connection in format from ResourceLifecycleConfig
diff --git a/src/services/elasticBeanstalkEnvironment/schema.graphql b/src/services/elasticBeanstalkEnvironment/schema.graphql
@@ -30,3 +30,6 @@ type awsElasticBeanstalkEnvResource {
   name: String @search(by: [hash, regexp])
   value: [String] @search(by: [hash, regexp])
 }
+
+
+# TODO: add iam role based on OperationsRole field
diff --git a/src/services/elasticSearchDomain/schema.graphql b/src/services/elasticSearchDomain/schema.graphql
@@ -1,3 +1,4 @@
+#TODO add connection for userPool, identityPool, iamRole, cloudwatchLogs
 type awsElasticSearchDomain @key(fields: "arn") {
   id: String! @id @search(by: [hash])
   arn: String! @id @search(by: [hash, regexp])
diff --git a/src/services/emrCluster/schema.graphql b/src/services/emrCluster/schema.graphql
@@ -1,3 +1,4 @@
+#TODO: add iamRole connection here
 type awsEmrCluster @key(fields: "arn") {
   id: String! @id @search(by: [hash])
   arn: String! @id @search(by: [hash, regexp])
diff --git a/src/services/emrInstance/schema.graphql b/src/services/emrInstance/schema.graphql
@@ -16,6 +16,8 @@ type awsEmrInstance @key(fields: "id") {
   ec2Instance: [awsEc2] @hasInverse(field: emrInstance)
 }
 
+# TODO: add arn if possible
+
 type awsEmrInstanceStatus
   @generate(
     query: { get: false, query: false, aggregate: false }
diff --git a/src/services/emrStep/schema.graphql b/src/services/emrStep/schema.graphql
@@ -8,6 +8,8 @@ type awsEmrStep @key(fields: "id") {
   status: awsEmrStepStatus
 }
 
+# TODO: add arn if possible (or maybe deconvert from a service to a sub-object)
+
 type awsEmrHadoopStepConfig
   @generate(
     query: { get: false, query: false, aggregate: false }
diff --git a/src/services/flowLogs/schema.graphql b/src/services/flowLogs/schema.graphql
@@ -22,6 +22,8 @@ type awsFlowLog @key(fields: "id") {
   # destinationOptions: awsDestinationOptions Cant find in the aws SDK flow log type but is in docs, investigate later
 }
 
+# TODO: add arn like so arn:aws:ec2:region:account_id:vpc-flow-log/flow-log-id
+
 # type awsDestinationOptions {
 #   fileFormat: String
 #   hiveCompatiblePartitions: Boolean
diff --git a/src/services/guardDutyDetector/schema.graphql b/src/services/guardDutyDetector/schema.graphql
@@ -13,6 +13,8 @@ type awsGuardDutyDetector @key(fields: "id") {
   iamRole: awsIamRole @hasInverse(field: guardDutyDetectors)
 }
 
+# TODO: add arn here. see: https://github.com/cloudquery/cq-provider-aws/blob/main/resources/services/guardduty/detectors.go
+
 type awsGuardDutyMember {
   id: String! @id @search(by: [hash])
   accountId: String! @search(by: [hash])
diff --git a/src/services/kinesisFirehose/schema.graphql b/src/services/kinesisFirehose/schema.graphql
@@ -1,3 +1,4 @@
+#TODO: add iam role connection
 type awsKinesisFirehose @key(fields: "arn") {
     id: String! @id @search(by: [hash])
     accountId: String! @search(by: [hash])
diff --git a/src/services/lambda/schema.graphql b/src/services/lambda/schema.graphql
@@ -9,7 +9,7 @@ type awsLambda @key(fields: "arn") {
   lastModified: String @search(by: [hash, regexp])
   memorySize: Int @search
   reservedConcurrentExecutions: Int @search
-  role: String @search(by: [hash, regexp])
+  role: String @search(by: [hash, regexp]) # TODO: add iamRole connection here
   runtime: String @search(by: [hash, regexp])
   sourceCodeSize: String @search(by: [hash, regexp])
   timeout: Int @search
diff --git a/src/services/rdsCluster/schema.graphql b/src/services/rdsCluster/schema.graphql
@@ -38,4 +38,7 @@ type awsRdsCluster @key(fields: "arn") {
   securityGroups: [awsSecurityGroup] @hasInverse(field: rdsCluster)
   appSync: [awsAppSync] @hasInverse(field: rdsCluster)
 }
+
+# TODO: create connection to iam roles using AssociatedRoles property AND DomainMemberships AND MonitoringRole
+# TODO: create connection to kms using all kms related fields
  
diff --git a/src/services/rdsDbInstance/schema.graphql b/src/services/rdsDbInstance/schema.graphql
@@ -39,3 +39,9 @@ type awsRdsDbInstance @key(fields: "arn") {
   subnet: [awsSubnet] @hasInverse(field: rdsDbInstance)
   vpc: [awsVpc] @hasInverse(field: rdsDbInstance)
 }
+
+#TODO: add connection to route53HostedZone using hostedZoneId in Endpoint
+# TODO: add connection to kms using kmsKeyId AND PerformanceInsightsKMSKeyId AND ActivityStreamKmsKeyId
+# TODO: add connection to IAM role using DomainMembership AND MonitoringRoleArn AND AssociatedRoles
+# TODO: add connection to cloudwatchLog using EnhancedMonitoringResourceArn
+
diff --git a/src/services/s3/schema.graphql b/src/services/s3/schema.graphql
@@ -29,6 +29,8 @@ type awsS3 @key(fields: "arn") {
   managedAirflows: [awsManagedAirflow] @hasInverse(field: s3)
 }
 
+# TODO: use getBucketReplication and getBucketNotificationConfiguration to make connections to lambda, sns, iamRole, SQS
+
 type awsBucketPolicy
   @generate(
     query: { get: false, query: true, aggregate: false }
diff --git a/src/services/secretsManager/schema.graphql b/src/services/secretsManager/schema.graphql
@@ -27,3 +27,7 @@ type awsSecretsManager @key(fields: "arn") {
   createdDate: DateTime @search(by: [day])
   owningService: String @search(by: [hash, regexp])
 }
+
+# TODO: add connection to kms (also use ReplicationStatus.KmsKeyId)
+# TODO: add connection to lambda
+

Original file line number	Diff line number	Diff line change
`@@ -93,6 +93,7 @@ type awsLaunchConfiguration`
`93`	`93`	`metadataOptHttpEndpoint: String @search(by: [hash, regexp])`
`94`	`94`	`}`
`95`	`95`
	`96`	`+#TODO: add iam role connection here`
`96`	`97`	`type awsAsg @key(fields: "arn") {`
`97`	`98`	`id: String! @search(by: [hash])`
`98`	`99`	`accountId: String! @search(by: [hash])`
Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ type awsCloudFormationStackAutoDeploymentConfig {`
`40`	`40`	`enabled: String @search(by: [hash, regexp])`
`41`	`41`	`retainStacksOnAccountRemoval: String @search(by: [hash, regexp])`
`42`	`42`	`}`
`43`		`-# add accountId to cloudFormationStackSet`
	`43`	`+# TODO: add accountId to cloudFormationStackSet`
`44`	`44`	`type awsCloudFormationStackSet @key(fields: "arn") {`
`45`	`45`	`id: String! @search(by: [hash])`
`46`	`46`	`arn: String! @id @search(by: [hash, regexp])`
`@@ -59,3 +59,5 @@ type awsCloudFormationStackSet @key(fields: "arn") {`
`59`	`59`	`permissionModel: String @search(by: [hash, regexp])`
`60`	`60`	`organizationalUnitIds: [String] @search`
`61`	`61`	`}`
	`62`	`+`
	`63`	`+# TODO: add iam role connection using AdministrationRoleARN (also see if a connection can be made using ExecutionRoleName)`
Original file line number	Diff line number	Diff line change
`@@ -34,3 +34,7 @@ type awsCognitoIdentityPool @key(fields: "id") {`
`34`	`34`	`samlProviderARNs: [String] @search`
`35`	`35`	`tags: [awsRawTag]`
`36`	`36`	`}`
	`37`	`+`
	`38`	`+# TODO: add an arn for identity pool see here: https://docs.aws.amazon.com/cognito/latest/developerguide/security_iam_service-with-iam.html`
	`39`	`+#TODO: add connections to iamSamlProvider and iamOpenIdConnectProvider`
	`40`	`+#TODO: try to add connection to iam role using getIdentityPoolRoles`
Original file line number	Diff line number	Diff line change
`@@ -118,3 +118,6 @@ type awsCognitoUserPool @key(fields: "id") {`
`118`	`118`	`lambda: [awsLambda] @hasInverse(field: cognitoUserPool) #change to plural`
`119`	`119`	`appSync: [awsAppSync] @hasInverse(field: cognitoUserPool)`
`120`	`120`	`}`
	`121`	`+`
	`122`	`+# TODO: add connetion to kms`
	`123`	`+# TODO: add connection to iamRole using SmsConfiguration.SnsCallerArn`
Original file line number	Diff line number	Diff line change
`@@ -174,3 +174,5 @@ type awsDynamoDbTable @key(fields: "arn") {`
`174`	`174`	`ttlEnabled: Boolean @search`
`175`	`175`	`appSync: [awsAppSync] @hasInverse(field: dynamodb)`
`176`	`176`	`}`
	`177`	`+`
	`178`	`+#TODO: create conenction to iam roles using autoscalingRoleArn, also connect to KMS`
Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,8 @@ type awsEcsCluster @key(fields: "arn") {`
`21`	`21`	`ecsTaskSet: [awsEcsTaskSet] @hasInverse(field: ecsCluster)`
`22`	`22`	`}`
`23`	`23`
	`24`	`+#TODO: add connections to cloudwatchLog, s3,`
	`25`	`+`
`24`	`26`	`type AwsEcsExecuteCommandLogConfiguration`
`25`	`27`	`@generate(`
`26`	`28`	`query: { get: false, query: true, aggregate: false }`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+#TODO: add iam role connection`
`1`	`2`	`type awsEcsTask @key(fields: "arn") {`
`2`	`3`	`id: String! @id @search(by: [hash])`
`3`	`4`	`arn: String! @id @search(by: [hash, regexp])`