Skip to content

Commit

Permalink
AccessGraph: Expose ResourceID property for IAM analysis
Browse files Browse the repository at this point in the history 
This PR exposes and sends RDS database and cluster region unique and
immutable resource id field.

Signed-off-by: Tiago Silva <[email protected]>
  • Loading branch information
@tigrato
tigrato authored and github-actions committed May 1, 2024
1 parent 93d78a5 commit 981cff1
Show file tree
Hide file tree
Showing 4 changed files with 55 additions and 36 deletions.
67 changes: 39 additions & 28 deletions gen/proto/go/accessgraph/v1alpha/aws.pb.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 4 additions & 2 deletions lib/srv/discovery/fetchers/aws-sync/rds.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,8 @@ func awsRDSInstanceToRDS(instance *rds.DBInstance, region, accountID string) *ac
Engine: aws.StringValue(instance.Engine),
Version: aws.StringValue(instance.EngineVersion),
},
IsCluster: false,
IsCluster: false,
ResourceId: aws.StringValue(instance.DbiResourceId),
}
}

Expand All @@ -167,6 +168,7 @@ func awsRDSClusterToRDS(instance *rds.DBCluster, region, accountID string) *acce
Engine: aws.StringValue(instance.Engine),
Version: aws.StringValue(instance.EngineVersion),
},
IsCluster: true,
IsCluster: true,
ResourceId: aws.StringValue(instance.DbClusterResourceId),
}
}
16 changes: 10 additions & 6 deletions lib/srv/discovery/fetchers/aws-sync/rds_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,10 @@ func TestPollAWSRDS(t *testing.T) {
Value: wrapperspb.String("val"),
},
},
Region: "eu-west-1",
IsCluster: false,
AccountId: "12345678",
Region: "eu-west-1",
IsCluster: false,
AccountId: "12345678",
ResourceId: "db1",
},
{
Arn: "arn:us-west1:rds:cluster1",
Expand All @@ -86,9 +87,10 @@ func TestPollAWSRDS(t *testing.T) {
Value: wrapperspb.String("val"),
},
},
Region: "eu-west-1",
IsCluster: true,
AccountId: "12345678",
Region: "eu-west-1",
IsCluster: true,
AccountId: "12345678",
ResourceId: "cluster1",
},
},
},
Expand Down Expand Up @@ -156,6 +158,7 @@ func dbInstances() []*rds.DBInstance {
Value: aws.String("val"),
},
},
DbiResourceId: aws.String("db1"),
},
}
}
Expand All @@ -175,6 +178,7 @@ func dbClusters() []*rds.DBCluster {
Value: aws.String("val"),
},
},
DbClusterResourceId: aws.String("cluster1"),
},
}
}
2 changes: 2 additions & 0 deletions proto/accessgraph/v1alpha/aws.proto
View file
Original file line number Diff line number Diff line change
Expand Up @@ -489,6 +489,8 @@ message AWSRDSDatabaseV1 {
// account_id is the ID of the AWS account that the instance profile belongs
// to.
string account_id = 9;
// resource_id is the RDS unique resource id.
string resource_id = 10;
}

// AWSRDSEngineV1 defines the database engine details
Expand Down

0 comments on commit 981cff1

Please sign in to comment.