Merge branch 'main' into add_github_branch_protection

doc/cmd/scan/supported_resources/aws.md

@@ -105,8 +105,10 @@ As AWS documentation recommends, the below policy is granting only the permissio
                 "kms:ListAliases",
                 "kms:ListKeys",
                 "kms:ListResourceTags",
+                "lambda:GetEventSourceMapping",
                 "lambda:GetFunction",
                 "lambda:GetFunctionCodeSigningConfig",
+                "lambda:ListEventSourceMappings",
                 "lambda:ListFunctions",
                 "lambda:ListVersionsByFunction",
                 "rds:DescribeDBInstances",
@@ -187,7 +189,7 @@ As AWS documentation recommends, the below policy is granting only the permissio
 
 - [x] aws_lambda_function
 - [ ] aws_lambda_alias
-- [ ] aws_lambda_event_source_mapping
+- [x] aws_lambda_event_source_mapping
 - [ ] aws_lambda_function_event_invoke_config
 - [ ] aws_lambda_layer_version
 - [ ] aws_lambda_permission

pkg/iac/deserializers.go

@@ -58,6 +58,7 @@ func Deserializers() []deserializer.CTYDeserializer {
 		awsdeserializer.NewCloudfrontDistributionDeserializer(),
 		awsdeserializer.NewKMSKeyDeserializer(),
 		awsdeserializer.NewKMSAliasDeserializer(),
+		awsdeserializer.NewLambdaEventSourceMappingDeserializer(),
 
 		ghdeserializer.NewGithubRepositoryDeserializer(),
 		ghdeserializer.NewGithubTeamDeserializer(),

pkg/iac/terraform/state/terraform_state_reader_test.go

@@ -85,6 +85,7 @@ func TestTerraformStateReader_AWS_Resources(t *testing.T) {
 		{name: "Cloudfront distribution", dirName: "cloudfront_distribution", wantErr: false},
 		{name: "KMS key", dirName: "kms_key", wantErr: false},
 		{name: "KMS alias", dirName: "kms_alias", wantErr: false},
+		{name: "lambda event source mapping", dirName: "aws_lambda_event_source_mapping", wantErr: false},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

pkg/iac/terraform/state/test/aws_lambda_event_source_mapping/result.golden.json

@@ -0,0 +1,44 @@
+[
+ {
+  "BatchSize": 1,
+  "BisectBatchOnFunctionError": false,
+  "Enabled": true,
+  "EventSourceArn": "arn:aws:sqs:us-east-1:526954929923:queue1",
+  "FunctionArn": "arn:aws:lambda:us-east-1:526954929923:function:lambda_function_name",
+  "FunctionName": "arn:aws:lambda:us-east-1:526954929923:function:lambda_function_name",
+  "Id": "13ff66f8-37eb-4ad6-a0a8-594fea72df4f",
+  "LastModified": "2021-03-01T14:09:25Z",
+  "LastProcessingResult": "",
+  "MaximumBatchingWindowInSeconds": 0,
+  "MaximumRecordAgeInSeconds": 0,
+  "MaximumRetryAttempts": 0,
+  "ParallelizationFactor": 0,
+  "StartingPosition": null,
+  "StartingPositionTimestamp": null,
+  "State": "Enabled",
+  "StateTransitionReason": "USER_INITIATED",
+  "Uuid": "13ff66f8-37eb-4ad6-a0a8-594fea72df4f",
+  "DestinationConfig": []
+ },
+ {
+  "BatchSize": 1,
+  "BisectBatchOnFunctionError": false,
+  "Enabled": true,
+  "EventSourceArn": "arn:aws:sqs:us-east-1:526954929923:queue2",
+  "FunctionArn": "arn:aws:lambda:us-east-1:526954929923:function:lambda_function_name",
+  "FunctionName": "arn:aws:lambda:us-east-1:526954929923:function:lambda_function_name",
+  "Id": "4ad7e2b3-79e9-4713-9d9d-5af2c01d9058",
+  "LastModified": "2021-03-01T14:09:25Z",
+  "LastProcessingResult": "",
+  "MaximumBatchingWindowInSeconds": 0,
+  "MaximumRecordAgeInSeconds": 0,
+  "MaximumRetryAttempts": 0,
+  "ParallelizationFactor": 0,
+  "StartingPosition": null,
+  "StartingPositionTimestamp": null,
+  "State": "Enabled",
+  "StateTransitionReason": "USER_INITIATED",
+  "Uuid": "4ad7e2b3-79e9-4713-9d9d-5af2c01d9058",
+  "DestinationConfig": []
+ }
+]