add more ec2 resources

Author: Jeff Carter

lister/ec2_customergateway.go

@@ -0,0 +1,36 @@
+package lister
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	"github.com/trek10inc/awsets/option"
+	"github.com/trek10inc/awsets/resource"
+)
+
+type AWSEc2CustomerGateway struct {
+}
+
+func init() {
+	i := AWSEc2CustomerGateway{}
+	listers = append(listers, i)
+}
+
+func (l AWSEc2CustomerGateway) Types() []resource.ResourceType {
+	return []resource.ResourceType{resource.Ec2CustomerGateway}
+}
+
+func (l AWSEc2CustomerGateway) List(cfg option.AWSetsConfig) (*resource.Group, error) {
+	svc := ec2.NewFromConfig(cfg.AWSCfg)
+
+	rg := resource.NewGroup()
+	res, err := svc.DescribeCustomerGateways(cfg.Context, &ec2.DescribeCustomerGatewaysInput{})
+	if err != nil {
+		return nil, fmt.Errorf("failed to get customer gateways: %w", err)
+	}
+	for _, v := range res.CustomerGateways {
+		r := resource.New(cfg, resource.Ec2CustomerGateway, v.CustomerGatewayId, v.CustomerGatewayId, v)
+		rg.AddResource(r)
+	}
+	return rg, err
+}

lister/ec2_dhcpoption.go

@@ -0,0 +1,42 @@
+package lister
+
+import (
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	"github.com/trek10inc/awsets/option"
+	"github.com/trek10inc/awsets/resource"
+)
+
+type AWSEc2DHCPOption struct {
+}
+
+func init() {
+	i := AWSEc2DHCPOption{}
+	listers = append(listers, i)
+}
+
+func (l AWSEc2DHCPOption) Types() []resource.ResourceType {
+	return []resource.ResourceType{
+		resource.Ec2DHCPOption,
+	}
+}
+
+func (l AWSEc2DHCPOption) List(cfg option.AWSetsConfig) (*resource.Group, error) {
+	svc := ec2.NewFromConfig(cfg.AWSCfg)
+	rg := resource.NewGroup()
+	err := Paginator(func(nt *string) (*string, error) {
+		res, err := svc.DescribeDhcpOptions(cfg.Context, &ec2.DescribeDhcpOptionsInput{
+			MaxResults: aws.Int32(100),
+			NextToken:  nt,
+		})
+		if err != nil {
+			return nil, err
+		}
+		for _, v := range res.DhcpOptions {
+			r := resource.New(cfg, resource.Ec2DHCPOption, v.DhcpOptionsId, v.DhcpOptionsId, v)
+			rg.AddResource(r)
+		}
+		return res.NextToken, nil
+	})
+	return rg, err
+}

lister/ec2_transitgateway.go

@@ -40,6 +40,7 @@ func (l AWSEc2TransitGateway) List(cfg option.AWSetsConfig) (*resource.Group, er
 		for _, v := range res.TransitGateways {
 			r := resource.New(cfg, resource.Ec2TransitGateway, v.TransitGatewayId, v.TransitGatewayId, v)
 			// TODO lots of additional info to query here
+
 			rg.AddResource(r)
 		}
 		return res.NextToken, nil

lister/ec2_vpc.go

@@ -1,11 +1,10 @@
 package lister
 
 import (
-	"github.com/trek10inc/awsets/option"
-	"github.com/trek10inc/awsets/resource"
-
 	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	"github.com/trek10inc/awsets/option"
+	"github.com/trek10inc/awsets/resource"
 )
 
 type AWSEc2Vpc struct {
@@ -34,6 +33,7 @@ func (l AWSEc2Vpc) List(cfg option.AWSetsConfig) (*resource.Group, error) {
 		}
 		for _, v := range res.Vpcs {
 			r := resource.New(cfg, resource.Ec2Vpc, v.VpcId, v.VpcId, v)
+			r.AddRelation(resource.Ec2DHCPOption, v.DhcpOptionsId, "")
 			rg.AddResource(r)
 		}
 		return res.NextToken, nil

lister/ec2_vpcendpoint.go

@@ -0,0 +1,92 @@
+package lister
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
+	"github.com/trek10inc/awsets/option"
+	"github.com/trek10inc/awsets/resource"
+)
+
+type AWSEc2VpcEndpoint struct {
+}
+
+func init() {
+	i := AWSEc2VpcEndpoint{}
+	listers = append(listers, i)
+}
+
+func (l AWSEc2VpcEndpoint) Types() []resource.ResourceType {
+	return []resource.ResourceType{
+		resource.Ec2VpcEndpoint,
+		resource.Ec2VpcEndpointConnectionNotification,
+	}
+}
+
+func (l AWSEc2VpcEndpoint) List(cfg option.AWSetsConfig) (*resource.Group, error) {
+	svc := ec2.NewFromConfig(cfg.AWSCfg)
+
+	rg := resource.NewGroup()
+	err := Paginator(func(nt *string) (*string, error) {
+		res, err := svc.DescribeVpcEndpoints(cfg.Context, &ec2.DescribeVpcEndpointsInput{
+			MaxResults: aws.Int32(100),
+			NextToken:  nt,
+		})
+		if err != nil {
+			return nil, err
+		}
+		for _, v := range res.VpcEndpoints {
+			r := resource.New(cfg, resource.Ec2VpcEndpoint, v.VpcEndpointId, v.VpcEndpointId, v)
+			r.AddRelation(resource.Ec2Vpc, v.VpcId, "")
+			for _, dns := range v.DnsEntries {
+				r.AddRelation(resource.Route53HostedZone, dns.HostedZoneId, "")
+			}
+			for _, rt := range v.RouteTableIds {
+				r.AddRelation(resource.Ec2RouteTable, rt, "")
+			}
+			for _, eni := range v.NetworkInterfaceIds {
+				r.AddRelation(resource.Ec2NetworkInterface, eni, "")
+			}
+			for _, sg := range v.Groups {
+				r.AddRelation(resource.Ec2SecurityGroup, sg.GroupId, "")
+			}
+			for _, sn := range v.SubnetIds {
+				r.AddRelation(resource.Ec2Subnet, sn, "")
+			}
+
+			err = Paginator(func(nt2 *string) (*string, error) {
+				ecns, err := svc.DescribeVpcEndpointConnectionNotifications(cfg.Context, &ec2.DescribeVpcEndpointConnectionNotificationsInput{
+					ConnectionNotificationId: nil,
+					DryRun:                   nil,
+					Filters: []*types.Filter{{
+						Name:   aws.String("vpc-endpoint-id"),
+						Values: []*string{v.VpcEndpointId},
+					}},
+					MaxResults: aws.Int32(100),
+					NextToken:  nt2,
+				})
+				if err != nil {
+					return nil, fmt.Errorf("failed to get vpc endpoint connection notifications for %s: %w", *v.VpcEndpointId, err)
+				}
+
+				for _, ecn := range ecns.ConnectionNotificationSet {
+					cnR := resource.New(cfg, resource.Ec2VpcEndpointConnectionNotification, ecn.ConnectionNotificationId, ecn.ConnectionNotificationId, ecn)
+					cnR.AddRelation(resource.Ec2VpcEndpoint, ecn.VpcEndpointId, "")
+					cnR.AddRelation(resource.Ec2VpcEndpointService, ecn.ServiceId, "")
+					rg.AddResource(cnR)
+				}
+
+				return ecns.NextToken, nil
+			})
+			if err != nil {
+				return nil, err
+			}
+
+			rg.AddResource(r)
+		}
+		return res.NextToken, nil
+	})
+	return rg, err
+}

lister/ec2_vpcendpointservice.go

@@ -0,0 +1,90 @@
+package lister
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	"github.com/trek10inc/awsets/option"
+	"github.com/trek10inc/awsets/resource"
+)
+
+type AWSEc2VpcEndpointService struct {
+}
+
+func init() {
+	i := AWSEc2VpcEndpointService{}
+	listers = append(listers, i)
+}
+
+func (l AWSEc2VpcEndpointService) Types() []resource.ResourceType {
+	return []resource.ResourceType{
+		resource.Ec2VpcEndpointService,
+	}
+}
+
+func (l AWSEc2VpcEndpointService) List(cfg option.AWSetsConfig) (*resource.Group, error) {
+	svc := ec2.NewFromConfig(cfg.AWSCfg)
+
+	rg := resource.NewGroup()
+	err := Paginator(func(nt *string) (*string, error) {
+		res, err := svc.DescribeVpcEndpointServices(cfg.Context, &ec2.DescribeVpcEndpointServicesInput{
+			MaxResults: aws.Int32(100),
+			NextToken:  nt,
+		})
+		if err != nil {
+			return nil, err
+		}
+		for _, v := range res.ServiceDetails {
+			r := resource.New(cfg, resource.Ec2VpcEndpointService, v.ServiceId, v.ServiceName, v)
+
+			configs := make([]*types.ServiceConfiguration, 0)
+			err = Paginator(func(nt2 *string) (*string, error) {
+				scs, err := svc.DescribeVpcEndpointServiceConfigurations(cfg.Context, &ec2.DescribeVpcEndpointServiceConfigurationsInput{
+					MaxResults: aws.Int32(100),
+					NextToken:  nt2,
+					ServiceIds: []*string{v.ServiceId},
+				})
+				if err != nil {
+					return nil, fmt.Errorf("failed to get vpc endpoint service configs for %s: %w", *v.ServiceId, err)
+				}
+				configs = append(configs, scs.ServiceConfigurations...)
+
+				return scs.NextToken, nil
+			})
+			if err != nil {
+				return nil, err
+			}
+			if len(configs) > 0 {
+				r.AddAttribute("Configurations", configs)
+			}
+
+			principals := make([]*types.AllowedPrincipal, 0)
+			err = Paginator(func(nt2 *string) (*string, error) {
+				perms, err := svc.DescribeVpcEndpointServicePermissions(cfg.Context, &ec2.DescribeVpcEndpointServicePermissionsInput{
+					MaxResults: aws.Int32(100),
+					NextToken:  nt2,
+					ServiceId:  v.ServiceId,
+				})
+				if err != nil {
+					return nil, fmt.Errorf("failed to get vpc endpoint service permissions for %s: %w", *v.ServiceId, err)
+				}
+				principals = append(principals, perms.AllowedPrincipals...)
+
+				return perms.NextToken, nil
+			})
+			if err != nil {
+				return nil, err
+			}
+			if len(principals) > 0 {
+				r.AddAttribute("Permissions", principals)
+			}
+
+			rg.AddResource(r)
+		}
+		return res.NextToken, nil
+	})
+	return rg, err
+}

lister/ec2_vpnconnection.go

@@ -0,0 +1,44 @@
+package lister
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	"github.com/trek10inc/awsets/option"
+	"github.com/trek10inc/awsets/resource"
+)
+
+type AWSEc2VpnConnection struct {
+}
+
+func init() {
+	i := AWSEc2VpnConnection{}
+	listers = append(listers, i)
+}
+
+func (l AWSEc2VpnConnection) Types() []resource.ResourceType {
+	return []resource.ResourceType{
+		resource.Ec2VpnConnection,
+	}
+}
+
+func (l AWSEc2VpnConnection) List(cfg option.AWSetsConfig) (*resource.Group, error) {
+	svc := ec2.NewFromConfig(cfg.AWSCfg)
+
+	rg := resource.NewGroup()
+	res, err := svc.DescribeVpnConnections(cfg.Context, &ec2.DescribeVpnConnectionsInput{
+		//VpnConnectionIds: nil,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to get vpn connections: %w, err")
+	}
+	for _, v := range res.VpnConnections {
+		r := resource.New(cfg, resource.Ec2VpnConnection, v.VpnConnectionId, v.VpnConnectionId, v)
+		r.AddRelation(resource.Ec2CustomerGateway, v.CustomerGatewayId, "")
+		r.AddRelation(resource.Ec2TransitGateway, v.TransitGatewayId, "")
+		r.AddRelation(resource.Ec2VpnGateway, v.VpnGatewayId, "")
+		rg.AddResource(r)
+	}
+
+	return rg, err
+}

resource/cfn.go

@@ -179,8 +179,8 @@ var mapping = map[string]ResourceType{
 	"AWS::EC2::ClientVpnEndpoint":                                 Unmapped,
 	"AWS::EC2::ClientVpnRoute":                                    Unmapped,
 	"AWS::EC2::ClientVpnTargetNetworkAssociation":                 Unmapped,
-	"AWS::EC2::CustomerGateway":                                   Unmapped,
-	"AWS::EC2::DHCPOptions":                                       Unmapped,
+	"AWS::EC2::CustomerGateway":                                   Ec2CustomerGateway,
+	"AWS::EC2::DHCPOptions":                                       Ec2DHCPOption,
 	"AWS::EC2::EC2Fleet":                                          Unmapped,
 	"AWS::EC2::EIP":                                               Ec2Eip,
 	"AWS::EC2::EIPAssociation":                                    Ec2Eip,
@@ -222,16 +222,16 @@ var mapping = map[string]ResourceType{
 	"AWS::EC2::TransitGatewayRouteTableAssociation":               Unmapped,
 	"AWS::EC2::TransitGatewayRouteTablePropagation":               Unmapped,
 	"AWS::EC2::VPC":                                               Ec2Vpc,
-	"AWS::EC2::VPCCidrBlock":                                      Unmapped,
-	"AWS::EC2::VPCDHCPOptionsAssociation":                         Unmapped,
-	"AWS::EC2::VPCEndpoint":                                       Unmapped,
-	"AWS::EC2::VPCEndpointConnectionNotification":                 Unmapped,
-	"AWS::EC2::VPCEndpointService":                                Unmapped,
-	"AWS::EC2::VPCEndpointServicePermissions":                     Unmapped,
+	"AWS::EC2::VPCCidrBlock":                                      Ec2Vpc,
+	"AWS::EC2::VPCDHCPOptionsAssociation":                         Ec2Vpc,
+	"AWS::EC2::VPCEndpoint":                                       Ec2VpcEndpoint,
+	"AWS::EC2::VPCEndpointConnectionNotification":                 Ec2VpcEndpointConnectionNotification,
+	"AWS::EC2::VPCEndpointService":                                Ec2VpcEndpointService,
+	"AWS::EC2::VPCEndpointServicePermissions":                     Ec2VpcEndpointService,
 	"AWS::EC2::VPCGatewayAttachment":                              Ec2VpnGateway,
 	"AWS::EC2::VPCPeeringConnection":                              Ec2VpcPeering,
-	"AWS::EC2::VPNConnection":                                     Unmapped,
-	"AWS::EC2::VPNConnectionRoute":                                Unmapped,
+	"AWS::EC2::VPNConnection":                                     Ec2VpnConnection,
+	"AWS::EC2::VPNConnectionRoute":                                Ec2VpnConnection,
 	"AWS::EC2::VPNGateway":                                        Ec2VpnGateway,
 	"AWS::EC2::VPNGatewayRoutePropagation":                        Unmapped,
 	"AWS::EC2::Volume":                                            Ec2Volume,

resource/types.go

@@ -111,6 +111,8 @@ const (
 	DynamoDbBackup                           ResourceType = "ddb/backup"
 	DynamoDbTable                            ResourceType = "ddb/table"
 	DynamoDbStreamStream                     ResourceType = "ddbstream/stream"
+	Ec2CustomerGateway                       ResourceType = "ec2/customergateway"
+	Ec2DHCPOption                            ResourceType = "ec2/dhcpoption"
 	Ec2Eip                                   ResourceType = "ec2/eip"
 	Ec2FlowLog                               ResourceType = "ec2/flowlog"
 	Ec2Image                                 ResourceType = "ec2/image"
@@ -129,7 +131,11 @@ const (
 	Ec2TransitGateway                        ResourceType = "ec2/transitgateway"
 	Ec2Volume                                ResourceType = "ec2/volume"
 	Ec2Vpc                                   ResourceType = "ec2/vpc"
+	Ec2VpcEndpoint                           ResourceType = "ec2/vpcendpoint"
+	Ec2VpcEndpointService                    ResourceType = "ec2/vpcendpointservice"
+	Ec2VpcEndpointConnectionNotification     ResourceType = "ec2/vpcendpointconnectionnotification"
 	Ec2VpcPeering                            ResourceType = "ec2/vpcpeering"
+	Ec2VpnConnection                         ResourceType = "ec2/vpnconnection"
 	Ec2VpnGateway                            ResourceType = "ec2/vpngateway"
 	EcrRepository                            ResourceType = "ecr/repository"
 	EcsCapacityProvider                      ResourceType = "ecs/capacityprovider"