Merge pull request #11 from gabrielsoltz/improve-service-detection

improve-service-discovery

README.md

@@ -4,7 +4,7 @@ This repository contains a list of almost all (WIP) AWS services and resources w
 
 | AWS Services 	| AWS Resources 	|
 |--------------	|---------------	|
-| 154          	| 474           	|
+| 154          	| 477           	|
 
 # Use Cases
 
@@ -208,6 +208,7 @@ arn:aws:ec2:us-east-1:012345789012:instance/i-1234568901
 | config | config_rule | `arn:{partition}:config:{region}:{account}:config-rule/{resource_id}` | ConfigRuleName | `([a-zA-Z0-9-_]+)` |  | AWS::Config::ConfigRule | aws_config_config_rule |
 | config | organization_config_rule | `arn:{partition}:config:{region}:{account}:organization-config-rule/{resource_id}` | OrganizationConfigRuleName | `([a-zA-Z0-9-_]+)` |  | AWS::Config::OrganizationConfigRule | aws_config_organization_custom_rule |
 | config | remediation_configuration | `arn:{partition}:config:{region}:{account}:remediation-configuration/{resource_id}` | RemediationConfigurationName | `([a-zA-Z0-9-_]+)` |  | AWS::Config::RemediationConfiguration | aws_config_remediation_configuration |
+| config | config_recorder | `arn:{partition}:config:{region}:{account}:config_recorder/{resource_id}` | ConfigRecorderName | `([a-zA-Z0-9-_]+)` |  | AWS::Config::ConfigurationRecorder | aws_config_configuration_recorder |
 | cur | report_definition | `arn:{partition}:cur:{region}:{account}:{ReportName}-{YYYYMM}-{AdditionalArtifact}-{region}-{account}` | ReportName | `([a-zA-Z0-9-_.]+)` |  | AWS::CUR::ReportDefinition | aws_cur_report_definition |
 | dataexchange | asset | `arn:{partition}:dataexchange:{region}:{account}:asset/{resource_id}` | AssetId | `([a-zA-Z0-9-_.]+)` |  | AWS::DataExchange::Asset | aws_dataexchange_asset |
 | dataexchange | data_set | `arn:{partition}:dataexchange:{region}:{account}:data-sets/{resource_id}` | DataSetId | `([a-zA-Z0-9-_.]+)` |  | AWS::DataExchange::DataSet | aws_dataexchange_data_set |
@@ -234,7 +235,7 @@ arn:aws:ec2:us-east-1:012345789012:instance/i-1234568901
 | ec2 | egress_only_internet_gateway | `arn:{partition}:ec2:{region}:{account}:egress-only-internet-gateway/{resource_id}` | EgressOnlyInternetGatewayId | `^egress-only-igw-[a-f0-9]{8,17}$` | AwsEc2EgressOnlyInternetGateway | AWS::EC2::EgressOnlyInternetGateway | aws_egress_only_internet_gateway |
 | ec2 | elastic_gpu | `arn:{partition}:ec2:{region}:{account}:elastic-gpu/{resource_id}` | ElasticGpuId | `^egp-[0-9a-f]{8,17}$` | AwsEc2ElasticGpu | AWS::EC2::ElasticGpu |  |
 | ec2 | elastic_inference_accelerator | `arn:{partition}:elastic-inference:{region}:{account}:accelerator/{resource_id}` | AcceleratorId | `^eia-[0-9a-f]{17}$` | AwsElasticInferenceAccelerator | AWS::ElasticInference::Accelerator | aws_eia_accelerator |
-| ec2 | elastic_ip | `arn:{partition}:ec2:{region}:{account}:elastic-ip/{resource_id}` | AllocationId | `^eipalloc-[0-9a-fA-F]{8,17}$` | AwsEc2Eip | AWS::EC2::EIP | aws_eip |
+| ec2 | eip_allocation | `arn:{partition}:ec2:{region}:{account}:eip-allocation/{resource_id}` | AllocationId | `^eipalloc-[0-9a-fA-F]{8,17}$` | AwsEc2Eip | AWS::EC2::EIP | aws_eip |
 | ec2 | flow_log | `arn:{partition}:ec2:{region}:{account}:flow-log/{resource_id}` | FlowLogId | `^fl-[0-9a-f]{17}$` |  | AWS::EC2::FlowLog | aws_flow_log |
 | ec2 | image | `arn:{partition}:ec2:{region}:{account}:image/{resource_id}` | ImageId | `^ami-[a-f0-9]{8}$|^ami-[a-f0-9]{17}$` |  | AWS::EC2::Image | aws_ami |
 | ec2 | instance | `arn:{partition}:ec2:{region}:{account}:instance/{resource_id}` | InstanceId | `^i-[0-9a-f]{8,17}$` | AwsEc2Instance | AWS::EC2::Instance | aws_instance |
@@ -318,7 +319,7 @@ arn:aws:ec2:us-east-1:012345789012:instance/i-1234568901
 | glue | database | `arn:{partition}:glue:{region}:{account}:database/{resource_id}` | DatabaseName | `[-0-9a-zA-Z]+` |  | AWS::Glue::Database | aws_glue_catalog_database |
 | glue | dev_endpoint | `arn:{partition}:glue:{region}:{account}:devEndpoint/{resource_id}` | DevEndpointName | `[-0-9a-zA-Z]+` |  | AWS::Glue::DevEndpoint | aws_glue_dev_endpoint |
 | glue | job | `arn:{partition}:glue:{region}:{account}:job/{resource_id}` | JobName | `[-0-9a-zA-Z]+` |  | AWS::Glue::Job | aws_glue_job |
-| glue | partition | `arn:{partition}:glue:{region}:{account}:table/{DatabaseName}/{TableName}/partition/{PartitionValues}` | None | `None` |  | AWS::Glue::Partition | aws_glue_catalog_partition |
+| glue | partition | `arn:{partition}:glue:{region}:{account}:table/{database_name}/{resource_id}/partition/{PartitionValues}` | None | `None` |  | AWS::Glue::Partition | aws_glue_catalog_partition |
 | glue | trigger | `arn:{partition}:glue:{region}:{account}:trigger/{resource_id}` | TriggerName | `[-0-9a-zA-Z]+` |  | AWS::Glue::Trigger | aws_glue_trigger |
 | glue | workflow | `arn:{partition}:glue:{region}:{account}:workflow/{resource_id}` | WorkflowName | `[-0-9a-zA-Z]+` |  | AWS::Glue::Workflow | aws_glue_workflow |
 | greengrass | group | `arn:{partition}:greengrass:{region}:{account}:/greengrass/groups/{resource_id}` | GroupId | `^[a-zA-Z0-9-_]{1,128}$` |  | AWS::Greengrass::Group | aws_greengrass_group |
@@ -584,8 +585,10 @@ arn:aws:ec2:us-east-1:012345789012:instance/i-1234568901
 | waf-regional | regional_rule_group | `arn:{partition}:waf-regional:{region}:{account}:rulegroup/{RuleGroupName}/{resource_id}` | RuleGroupId | `^[a-zA-Z0-9-]+$` | AwsWafRegionalRuleGroup | AWS::WAF::RuleGroup | aws_waf_rule_group |
 | waf-regional | regional_rate_based_rule | `arn:{partition}:waf-regional:{region}:{account}:rule/{resource_id}` | RuleId | `^[a-zA-Z0-9-]+$` | AwsWafRegionalRateBasedRule | AWS::WAF::RateBasedRule | aws_waf_rate_based_rule |
 | wafv2 | ip_set | `arn:{partition}:wafv2:{region}:{account}:/ipset/{resource_scope}/{resource_id}` | Id | `^[a-zA-Z0-9-]+$` |  | AWS::WAFv2::IPSet | aws_wafv2_ip_set |
-| wafv2 | rule_group | `arn:{partition}:wafv2:{region}:{account}:/rulegroup/{resource_scope}/{resource_id}` | Id | `^[a-zA-Z0-9-]+$` | AwsWafv2RuleGroup | AWS::WAFv2::RuleGroup | aws_wafv2_rule_group |
-| wafv2 | web_acl | `arn:{partition}:wafv2:{region}:{account}:/webacl/{resource_scope}/{resource_id}` | Id | `^[a-zA-Z0-9-]+$` | AwsWafv2WebAcl | AWS::WAFv2::WebACL | aws_wafv2_web_acl |
+| wafv2 | regional_rule_group | `arn:{partition}:wafv2:{region}:{account}:regional/rulegroup/{resource_scope}/{resource_id}` | Id | `^[a-zA-Z0-9-]+$` | AwsWAFv2RuleGroup | AWS::WAFv2::RuleGroup | aws_wafv2_rule_group |
+| wafv2 | regional_web_acl | `arn:{partition}:wafv2:{region}:{account}:regional/webacl/{resource_scope}/{resource_id}` | Id | `^[a-zA-Z0-9-]+$` | AwsWAFv2WebACL | AWS::WAFv2::WebACL | aws_wafv2_web_acl |
+| wafv2 | rule_group | `arn:{partition}:wafv2:{region}:{account}:global/rulegroup/{resource_scope}/{resource_id}` | Id | `^[a-zA-Z0-9-]+$` | AwsWAFv2RuleGroup | AWS::WAFv2::RuleGroup | aws_wafv2_rule_group |
+| wafv2 | web_acl | `arn:{partition}:wafv2:{region}:{account}:global/webacl/{resource_scope}/{resource_id}` | Id | `^[a-zA-Z0-9-]+$` | AwsWAFv2WebACL | AWS::WAFv2::WebACL | aws_wafv2_web_acl |
 | wellarchitected | workload | `arn:{partition}:wellarchitected:{region}:{account}:workload/{resource_id}` | WorkloadId | `^[a-zA-Z0-9-]+$` |  | AWS::WellArchitected::Workload | aws_wellarchitected_workload |
 | workdocs | document | `arn:{partition}:workdocs:{region}:{account}:{FolderHierarchy}/{resource_id}` | DocumentName | `^[a-zA-Z0-9-_.()]+$` |  | AWS::WorkDocs::Document | aws_workdocs_document |
 | workdocs | folder | `arn:{partition}:workdocs:{region}:{account}:{FolderHierarchy}/{resource_id}` | FolderName | `^[a-zA-Z0-9-_.()]+$` |  | AWS::WorkDocs::Folder | aws_workdocs_folder |

aws_arn/__init__.py

@@ -157,7 +157,20 @@ def parse_arn(arn):
 
 
 def get_service_from_arn(arn):
-    return arn.split(":")[2]
+    service_from_arn = arn.split(":")[2]
+    try:
+        service = aws_arn_data[service_from_arn]
+        return service_from_arn
+    except KeyError:
+        # Let's try finding the service across all ARNs
+        for service in aws_arn_data:
+            for sub_service in aws_arn_data[service]:
+                if (
+                    aws_arn_data[service][sub_service]["arn_format"].split(":")[2]
+                    == arn.split(":")[2]
+                ):
+                    return service
+        raise KeyError("Unknown service in ARN: {}".format(arn))
 
 
 def get_region_from_arn(arn):
@@ -170,14 +183,39 @@ def get_account_from_arn(arn):
 
 def get_sub_service_from_arn(arn):
     arn_part_5 = arn.split(":")[5]
-    if arn_part_5.startswith("/"):
-        return arn.split(":")[5].split("/")[1].replace("-", "_")
-    if get_service_from_arn(arn) == "s3":
+    service = get_service_from_arn(arn)
+    if service == "s3":
         if not "/" in arn_part_5:
             return "bucket"
         else:
             return "object"
-    return arn.split(":")[5].split("/")[0].replace("-", "_")
+    elif service == "sqs":
+        return "queue"
+    elif arn_part_5.startswith("/"):
+        sub_service_from_arn = arn.split(":")[5].split("/")[1].replace("-", "_")
+    else:
+        sub_service_from_arn = arn.split(":")[5].split("/")[0].replace("-", "_")
+    # Let's see if we can find the sub_service in the service
+    try:
+        sub_service = aws_arn_data[service][sub_service_from_arn]
+        return sub_service_from_arn
+    except KeyError:
+        # Let's try finding the sub_service across all ARNs
+        for sub_service in aws_arn_data[service]:
+            sub_service_arn_part_5 = aws_arn_data[service][sub_service][
+                "arn_format"
+            ].split(":")[5]
+            if sub_service_arn_part_5.startswith("/"):
+                sub_service_arn_part_5 = sub_service_arn_part_5.split("/")[1].replace(
+                    "-", "_"
+                )
+            else:
+                sub_service_arn_part_5 = sub_service_arn_part_5.split("/")[0].replace(
+                    "-", "_"
+                )
+            if sub_service_arn_part_5 == sub_service_from_arn:
+                return sub_service
+        raise KeyError("Unknown sub service in ARN: {}".format(arn))
 
 
 def get_resource_id_from_arn(arn):

aws_arn/data.py

@@ -740,6 +740,14 @@
             "cloudformation": "AWS::Config::RemediationConfiguration",
             "terraform": "aws_config_remediation_configuration",
         },
+        "config_recorder": {
+            "arn_format": "arn:{partition}:config:{region}:{account}:config_recorder/{resource_id}",
+            "id_name": "ConfigRecorderName",
+            "id_regexp": "([a-zA-Z0-9-_]+)",
+            "asff_name": "",
+            "cloudformation": "AWS::Config::ConfigurationRecorder",
+            "terraform": "aws_config_configuration_recorder",
+        },
     },
     "cur": {
         "report_definition": {
@@ -964,8 +972,8 @@
             "cloudformation": "AWS::ElasticInference::Accelerator",
             "terraform": "aws_eia_accelerator",
         },
-        "elastic_ip": {
-            "arn_format": "arn:{partition}:ec2:{region}:{account}:elastic-ip/{resource_id}",
+        "eip_allocation": {
+            "arn_format": "arn:{partition}:ec2:{region}:{account}:eip-allocation/{resource_id}",
             "id_name": "AllocationId",
             "id_regexp": "^eipalloc-[0-9a-fA-F]{8,17}$",
             "asff_name": "AwsEc2Eip",
@@ -3988,19 +3996,35 @@
             "cloudformation": "AWS::WAFv2::IPSet",
             "terraform": "aws_wafv2_ip_set",
         },
+        "regional_rule_group": {
+            "arn_format": "arn:{partition}:wafv2:{region}:{account}:regional/rulegroup/{resource_scope}/{resource_id}",
+            "id_name": "Id",
+            "id_regexp": "^[a-zA-Z0-9-]+$",
+            "asff_name": "AwsWAFv2RuleGroup",
+            "cloudformation": "AWS::WAFv2::RuleGroup",
+            "terraform": "aws_wafv2_rule_group",
+        },
+        "regional_web_acl": {
+            "arn_format": "arn:{partition}:wafv2:{region}:{account}:regional/webacl/{resource_scope}/{resource_id}",
+            "id_name": "Id",
+            "id_regexp": "^[a-zA-Z0-9-]+$",
+            "asff_name": "AwsWAFv2WebACL",
+            "cloudformation": "AWS::WAFv2::WebACL",
+            "terraform": "aws_wafv2_web_acl",
+        },
         "rule_group": {
-            "arn_format": "arn:{partition}:wafv2:{region}:{account}:/rulegroup/{resource_scope}/{resource_id}",
+            "arn_format": "arn:{partition}:wafv2:{region}:{account}:global/rulegroup/{resource_scope}/{resource_id}",
             "id_name": "Id",
             "id_regexp": "^[a-zA-Z0-9-]+$",
-            "asff_name": "AwsWafv2RuleGroup",
+            "asff_name": "AwsWAFv2RuleGroup",
             "cloudformation": "AWS::WAFv2::RuleGroup",
             "terraform": "aws_wafv2_rule_group",
         },
         "web_acl": {
-            "arn_format": "arn:{partition}:wafv2:{region}:{account}:/webacl/{resource_scope}/{resource_id}",
+            "arn_format": "arn:{partition}:wafv2:{region}:{account}:global/webacl/{resource_scope}/{resource_id}",
             "id_name": "Id",
             "id_regexp": "^[a-zA-Z0-9-]+$",
-            "asff_name": "AwsWafv2WebAcl",
+            "asff_name": "AwsWAFv2WebACL",
             "cloudformation": "AWS::WAFv2::WebACL",
             "terraform": "aws_wafv2_web_acl",
         },

setup.py

@@ -2,7 +2,7 @@
 
 setup(
     name="aws-arn",
-    version="0.0.15",
+    version="0.0.16",
     description="A library to work with AWS ARNs",
     long_description=open("README.md").read(),
     long_description_content_type="text/markdown",