diff --git a/.github/get_config_supported_resources.py b/.github/get_config_supported_resources.py new file mode 100644 index 0000000..ed8bcd9 --- /dev/null +++ b/.github/get_config_supported_resources.py @@ -0,0 +1,78 @@ +import argparse +from selenium import webdriver +from selenium.webdriver.common.keys import Keys +from selenium.webdriver.common.by import By +from selenium.webdriver.chrome.options import Options +from selenium.common.exceptions import NoSuchElementException +import json +import logging +from concurrent import futures +from collections import Counter +import os +import time +import re +import yaml + +""" +Summary +This is a simple web scraper to list the resource types supported by AWS Config. + +It will write its output to supported_resource_types.yaml -- this should be moved to the rdk subfolder after validating. +""" + +all_resources = ["ALL"] # Special string to support all resource types"] + +undocumented_but_supported = [ + "AWS::EventSchemas::Registry", + "AWS::IoTTwinMaker::ComponentType", +] + +all_resources += undocumented_but_supported + +url = "https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html" +# Start the browser +chrome_options = Options() +chrome_options.add_argument("--headless=new") +chrome_options.add_argument("--no-sandbox") +chrome_options.add_experimental_option("excludeSwitches", ["enable-logging"]) +driver = webdriver.Chrome( + options=chrome_options, +) + +# Open the login page +driver.get(url) +driver.implicitly_wait(2) + +# Iterate through every h2 header +services = driver.find_elements(By.CLASS_NAME, "table-contents") + +# Walk through the table items +for service in services: + if service.text == "": + continue + navigator = service + try: + # Find everything with a class of code and get its text + resources = navigator.find_elements(By.CLASS_NAME, "code") + except NoSuchElementException: + logging.info(f"No resources found for {service.text}") + continue + if len(resources) == 0: + logging.info(f"No resources found for {service.text}") + continue + # Assert that it matches "AWS::*" + for resource in resources: + if re.match(r"AWS::.*", resource.text): + # Remove any asterisks + resource_type = resource.text.replace("*", "") + # Add it to the output list + all_resources.append(resource_type) + logging.info(resource_type) + +driver.quit() + +# Return the output list, sorted +yaml_output = {"supported_resources": sorted(list(set((all_resources))))} +yaml_output_string = yaml.dump(yaml_output) +with open("supported_resource_types.yaml", "w") as f: + f.write(yaml_output_string) diff --git a/pyproject.toml b/pyproject.toml index d8451ca..f6d14fa 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -7,7 +7,7 @@ # or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. [tool.poetry] name = "rdk" -version = "0.17.6" +version = "0.17.7" description = "Rule Development Kit CLI for AWS Config" authors = [ "AWS RDK Maintainers ", diff --git a/rdk/__init__.py b/rdk/__init__.py index 17cbcdb..f341059 100644 --- a/rdk/__init__.py +++ b/rdk/__init__.py @@ -6,4 +6,4 @@ # # or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -MY_VERSION = "0.17.6" +MY_VERSION = "0.17.7" diff --git a/rdk/rdklib_versions.yaml b/rdk/rdklib_versions.yaml index 20d7fc4..2166596 100644 --- a/rdk/rdklib_versions.yaml +++ b/rdk/rdklib_versions.yaml @@ -3,19 +3,19 @@ # Layers are published to each region, which is why some have more versions than others. # This file was automatically generated by update_rdklib_versions.py; check for accuracy before deploying. rdklib_layer_versions: - ap-northeast-1: 23 - ap-northeast-2: 23 - ap-south-1: 23 - ap-southeast-1: 82 - ap-southeast-2: 21 - ca-central-1: 23 - eu-central-1: 22 - eu-north-1: 22 - eu-west-1: 23 - eu-west-2: 19 - eu-west-3: 23 - sa-east-1: 23 - us-east-1: 24 - us-east-2: 85 - us-west-1: 21 - us-west-2: 22 + ap-northeast-1: 28 + ap-northeast-2: 28 + ap-south-1: 28 + ap-southeast-1: 87 + ap-southeast-2: 26 + ca-central-1: 28 + eu-central-1: 27 + eu-north-1: 27 + eu-west-1: 28 + eu-west-2: 24 + eu-west-3: 28 + sa-east-1: 28 + us-east-1: 29 + us-east-2: 90 + us-west-1: 26 + us-west-2: 27 diff --git a/rdk/supported_resource_types.yaml b/rdk/supported_resource_types.yaml index c64df5d..60bcc62 100644 --- a/rdk/supported_resource_types.yaml +++ b/rdk/supported_resource_types.yaml @@ -1,6 +1,8 @@ supported_resources: - - ALL # Special string to support all resource types + - ALL - AWS::ACM::Certificate + - AWS::ACMPCA::CertificateAuthority + - AWS::ACMPCA::CertificateAuthorityActivation - AWS::APS::RuleGroupsNamespace - AWS::AccessAnalyzer::Analyzer - AWS::AmazonMQ::Broker @@ -14,14 +16,21 @@ supported_resources: - AWS::AppConfig::ConfigurationProfile - AWS::AppConfig::DeploymentStrategy - AWS::AppConfig::Environment + - AWS::AppConfig::HostedConfigurationVersion - AWS::AppFlow::Flow - AWS::AppIntegrations::EventIntegration + - AWS::AppMesh::GatewayRoute + - AWS::AppMesh::Mesh - AWS::AppMesh::Route + - AWS::AppMesh::VirtualGateway - AWS::AppMesh::VirtualNode + - AWS::AppMesh::VirtualRouter - AWS::AppMesh::VirtualService + - AWS::AppRunner::Service - AWS::AppRunner::VpcConnector - AWS::AppStream::Application - AWS::AppStream::DirectoryConfig + - AWS::AppStream::Fleet - AWS::AppStream::Stack - AWS::AppSync::GraphQLApi - AWS::Athena::DataCatalog @@ -59,12 +68,19 @@ supported_resources: - AWS::CodeGuruProfiler::ProfilingGroup - AWS::CodeGuruReviewer::RepositoryAssociation - AWS::CodePipeline::Pipeline + - AWS::Cognito::UserPool + - AWS::Cognito::UserPoolClient + - AWS::Cognito::UserPoolGroup - AWS::Config::ConfigurationRecorder - AWS::Config::ConformancePackCompliance - AWS::Config::ResourceCompliance + - AWS::Connect::Instance - AWS::Connect::PhoneNumber + - AWS::Connect::QuickConnect - AWS::CustomerProfiles::Domain + - AWS::CustomerProfiles::ObjectType - AWS::DMS::Certificate + - AWS::DMS::Endpoint - AWS::DMS::EventSubscription - AWS::DMS::ReplicationInstance - AWS::DMS::ReplicationSubnetGroup @@ -83,6 +99,9 @@ supported_resources: - AWS::DeviceFarm::Project - AWS::DeviceFarm::TestGridProject - AWS::DynamoDB::Table + - AWS::EC2::CapacityReservation + - AWS::EC2::CarrierGateway + - AWS::EC2::ClientVpnEndpoint - AWS::EC2::CustomerGateway - AWS::EC2::DHCPOptions - AWS::EC2::EC2Fleet @@ -91,13 +110,16 @@ supported_resources: - AWS::EC2::FlowLog - AWS::EC2::Host - AWS::EC2::IPAM + - AWS::EC2::IPAMPool - AWS::EC2::IPAMScope - AWS::EC2::Instance - AWS::EC2::InternetGateway - AWS::EC2::LaunchTemplate - AWS::EC2::NatGateway - AWS::EC2::NetworkAcl + - AWS::EC2::NetworkInsightsAccessScope - AWS::EC2::NetworkInsightsAccessScopeAnalysis + - AWS::EC2::NetworkInsightsAnalysis - AWS::EC2::NetworkInsightsPath - AWS::EC2::NetworkInterface - AWS::EC2::PrefixList @@ -112,6 +134,8 @@ supported_resources: - AWS::EC2::TrafficMirrorTarget - AWS::EC2::TransitGateway - AWS::EC2::TransitGatewayAttachment + - AWS::EC2::TransitGatewayConnect + - AWS::EC2::TransitGatewayMulticastDomain - AWS::EC2::TransitGatewayRouteTable - AWS::EC2::VPC - AWS::EC2::VPCEndpoint @@ -124,6 +148,7 @@ supported_resources: - AWS::ECR::PullThroughCacheRule - AWS::ECR::RegistryPolicy - AWS::ECR::Repository + - AWS::ECS::CapacityProvider - AWS::ECS::Cluster - AWS::ECS::Service - AWS::ECS::TaskDefinition @@ -141,7 +166,7 @@ supported_resources: - AWS::ElasticLoadBalancing::LoadBalancer - AWS::ElasticLoadBalancingV2::Listener - AWS::ElasticLoadBalancingV2::LoadBalancer - - AWS::ElasticSearch::Domain + - AWS::Elasticsearch::Domain - AWS::EventSchemas::Discoverer - AWS::EventSchemas::Registry - AWS::EventSchemas::RegistryPolicy @@ -167,8 +192,10 @@ supported_resources: - AWS::Glue::Classifier - AWS::Glue::Job - AWS::Glue::MLTransform + - AWS::Grafana::Workspace - AWS::GreengrassV2::ComponentVersion - AWS::GroundStation::Config + - AWS::GroundStation::DataflowEndpointGroup - AWS::GroundStation::MissionProfile - AWS::GuardDuty::Detector - AWS::GuardDuty::Filter @@ -176,6 +203,7 @@ supported_resources: - AWS::GuardDuty::ThreatIntelSet - AWS::HealthLake::FHIRDatastore - AWS::IAM::Group + - AWS::IAM::InstanceProfile - AWS::IAM::Policy - AWS::IAM::Role - AWS::IAM::SAMLProvider @@ -187,10 +215,12 @@ supported_resources: - AWS::ImageBuilder::ContainerRecipe - AWS::ImageBuilder::DistributionConfiguration - AWS::ImageBuilder::ImagePipeline + - AWS::ImageBuilder::ImageRecipe - AWS::ImageBuilder::InfrastructureConfiguration - AWS::InspectorV2::Filter - AWS::IoT::AccountAuditConfiguration - AWS::IoT::Authorizer + - AWS::IoT::CACertificate - AWS::IoT::CustomMetric - AWS::IoT::Dimension - AWS::IoT::FleetMetric @@ -216,17 +246,23 @@ supported_resources: - AWS::IoTTwinMaker::ComponentType - AWS::IoTTwinMaker::Entity - AWS::IoTTwinMaker::Scene + - AWS::IoTTwinMaker::SyncJob - AWS::IoTTwinMaker::Workspace - AWS::IoTWireless::FuotaTask - AWS::IoTWireless::MulticastGroup - AWS::IoTWireless::ServiceProfile - AWS::KMS::Alias - AWS::KMS::Key + - AWS::KafkaConnect::Connector + - AWS::Kendra::Index - AWS::Kinesis::Stream - AWS::Kinesis::StreamConsumer - AWS::KinesisAnalyticsV2::Application - AWS::KinesisFirehose::DeliveryStream - AWS::KinesisVideo::SignalingChannel + - AWS::KinesisVideo::Stream + - AWS::Lambda::Alias + - AWS::Lambda::CodeSigningConfig - AWS::Lambda::Function - AWS::Lex::Bot - AWS::Lex::BotAlias @@ -234,8 +270,10 @@ supported_resources: - AWS::Lightsail::Certificate - AWS::Lightsail::Disk - AWS::Lightsail::StaticIp + - AWS::Logs::Destination - AWS::LookoutMetrics::Alert - AWS::LookoutVision::Project + - AWS::M2::Environment - AWS::MSK::BatchScramSecret - AWS::MSK::Cluster - AWS::MSK::Configuration @@ -249,9 +287,12 @@ supported_resources: - AWS::NetworkFirewall::FirewallPolicy - AWS::NetworkFirewall::RuleGroup - AWS::NetworkFirewall::TLSInspectionConfiguration + - AWS::NetworkManager::ConnectPeer + - AWS::NetworkManager::CustomerGatewayAssociation - AWS::NetworkManager::Device - AWS::NetworkManager::GlobalNetwork - AWS::NetworkManager::Link + - AWS::NetworkManager::LinkAssociation - AWS::NetworkManager::Site - AWS::NetworkManager::TransitGatewayRegistration - AWS::OpenSearch::Domain @@ -263,6 +304,7 @@ supported_resources: - AWS::Pinpoint::App - AWS::Pinpoint::ApplicationSettings - AWS::Pinpoint::Campaign + - AWS::Pinpoint::EmailChannel - AWS::Pinpoint::EmailTemplate - AWS::Pinpoint::EventStream - AWS::Pinpoint::InAppTemplate @@ -276,16 +318,19 @@ supported_resources: - AWS::RDS::DBSubnetGroup - AWS::RDS::EventSubscription - AWS::RDS::GlobalCluster + - AWS::RDS::OptionGroup - AWS::RUM::AppMonitor - AWS::Redshift::Cluster - AWS::Redshift::ClusterParameterGroup - AWS::Redshift::ClusterSecurityGroup - AWS::Redshift::ClusterSnapshot - AWS::Redshift::ClusterSubnetGroup + - AWS::Redshift::EndpointAccess - AWS::Redshift::EventSubscription - AWS::Redshift::ScheduledAction - AWS::ResilienceHub::App - AWS::ResilienceHub::ResiliencyPolicy + - AWS::ResourceExplorer2::Index - AWS::RoboMaker::RobotApplication - AWS::RoboMaker::RobotApplicationVersion - AWS::RoboMaker::SimulationApplication @@ -300,12 +345,14 @@ supported_resources: - AWS::Route53RecoveryReadiness::RecoveryGroup - AWS::Route53RecoveryReadiness::ResourceSet - AWS::Route53Resolver::FirewallDomainList + - AWS::Route53Resolver::FirewallRuleGroup - AWS::Route53Resolver::FirewallRuleGroupAssociation - AWS::Route53Resolver::ResolverEndpoint - AWS::Route53Resolver::ResolverQueryLoggingConfig - AWS::Route53Resolver::ResolverQueryLoggingConfigAssociation - AWS::Route53Resolver::ResolverRule - AWS::Route53Resolver::ResolverRuleAssociation + - AWS::S3::AccessPoint - AWS::S3::AccountPublicAccessBlock - AWS::S3::Bucket - AWS::S3::MultiRegionAccessPoint @@ -318,6 +365,7 @@ supported_resources: - AWS::SNS::Topic - AWS::SQS::Queue - AWS::SSM::AssociationCompliance + - AWS::SSM::Document - AWS::SSM::FileData - AWS::SSM::ManagedInstanceInventory - AWS::SSM::PatchCompliance diff --git a/rdk/template/example_ci/AWS_EC2_CapacityReservation.json b/rdk/template/example_ci/AWS_EC2_CapacityReservation.json new file mode 100644 index 0000000..4dbdb8e --- /dev/null +++ b/rdk/template/example_ci/AWS_EC2_CapacityReservation.json @@ -0,0 +1,41 @@ +{ + "version": "1.3", + "accountId": "111111111111", + "configurationItemCaptureTime": "2024-01-18T17:36:03.851Z", + "configurationItemStatus": "ResourceDiscovered", + "configurationStateId": "1705599363851", + "configurationItemMD5Hash": "", + "arn": "arn:aws:ec2:us-west-2:111111111111:capacity-reservation/cr-0123456789abcdef", + "resourceType": "AWS::EC2::CapacityReservation", + "resourceId": "cr-0123456789abcdef", + "awsRegion": "us-west-2", + "availabilityZone": "us-west-2a", + "resourceCreationTime": "2024-01-18T17:33:54.000Z", + "tags": {}, + "relatedEvents": [], + "relationships": [], + "configuration": { + "Id": "cr-0123456789abcdef", + "Tenancy": "default", + "EndDateType": "limited", + "AvailabilityZone": "us-west-2a", + "TotalInstanceCount": 1, + "EndDate": "2024-01-25T08:05:00Z", + "EbsOptimized": true, + "InstanceCount": 1, + "AvailableInstanceCount": 1, + "InstancePlatform": "Linux/UNIX", + "InstanceType": "m4.large", + "EphemeralStorage": false, + "InstanceMatchCriteria": "open", + "TagSpecifications": [ + { + "ResourceType": "capacity-reservation", + "Tags": [] + } + ] + }, + "supplementaryConfiguration": { + "Arn": "arn:aws:ec2:us-west-2:111111111111:capacity-reservation/cr-0123456789abcdef" + } +}