Merge branch 'develop' into develop

tailwarden · Feb 28, 2024 · 0b2849f · 0b2849f
2 parents 7f81ccb + 1db81b3
commit 0b2849f
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 1 deletion.
diff --git a/policy.json b/policy.json
@@ -95,7 +95,10 @@
 				"lambda:ListTags",
 				"es:ListDomainNames",
 				"es:DescribeDomains",
-				"s3:ListAllMyBuckets"
+				"s3:ListAllMyBuckets",
+				"secretsmanager:ListSecrets",
+				"datasync:ListAgents",
+				"cloudtrail:ListTrails"
 			],
 			"Resource": "*"
 		}

diff --git a/providers/aws/aws.go b/providers/aws/aws.go
@@ -13,10 +13,12 @@ import (
 	"github.com/tailwarden/komiser/providers"
 	"github.com/tailwarden/komiser/providers/aws/apigateway"
 	"github.com/tailwarden/komiser/providers/aws/cloudfront"
+	"github.com/tailwarden/komiser/providers/aws/cloudtrail"
 	"github.com/tailwarden/komiser/providers/aws/cloudwatch"
 	"github.com/tailwarden/komiser/providers/aws/codebuild"
 	"github.com/tailwarden/komiser/providers/aws/codecommit"
 	"github.com/tailwarden/komiser/providers/aws/codedeploy"
+	"github.com/tailwarden/komiser/providers/aws/datasync"
 	"github.com/tailwarden/komiser/providers/aws/dynamodb"
 	"github.com/tailwarden/komiser/providers/aws/ec2"
 	"github.com/tailwarden/komiser/providers/aws/ecr"
@@ -36,6 +38,7 @@ import (
 	"github.com/tailwarden/komiser/providers/aws/redshift"
 	"github.com/tailwarden/komiser/providers/aws/route53"
 	"github.com/tailwarden/komiser/providers/aws/s3"
+	"github.com/tailwarden/komiser/providers/aws/secretsmanager"
 	"github.com/tailwarden/komiser/providers/aws/servicecatalog"
 	"github.com/tailwarden/komiser/providers/aws/sns"
 	"github.com/tailwarden/komiser/providers/aws/sqs"
@@ -117,6 +120,9 @@ func listOfSupportedServices() []providers.FetchDataFunction {
 		lightsail.VPS,
 		neptune.Clusters,
 		route53.HostedZones,
+		cloudtrail.Trails,
+		datasync.Agents,
+		secretsmanager.Secrets,
 	}
 }
 

diff --git a/providers/aws/secretsmanager/secrets.go b/providers/aws/secretsmanager/secrets.go
@@ -0,0 +1,48 @@
+package secretsmanager
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
+	log "github.com/sirupsen/logrus"
+	"github.com/tailwarden/komiser/models"
+	"github.com/tailwarden/komiser/providers"
+)
+
+func Secrets(ctx context.Context, client providers.ProviderClient) ([]models.Resource, error) {
+	var config secretsmanager.ListSecretsInput
+	resources := make([]models.Resource, 0)
+	neptuneClient := secretsmanager.NewFromConfig(*client.AWSClient)
+
+	output, err := neptuneClient.ListSecrets(ctx, &config)
+	if err != nil {
+		return resources, err
+	}
+
+	for _, secret := range output.SecretList {
+		secretName := ""
+		if secret.Name != nil {
+			secretName = *secret.Name
+		}
+		resources = append(resources, models.Resource{
+			Provider:   "AWS",
+			Account:    client.Name,
+			Service:    "Secret",
+			Region:     client.AWSClient.Region,
+			ResourceId: *secret.ARN,
+			Name:       secretName,
+			FetchedAt:  time.Now(),
+			Link:       fmt.Sprintf("https://%s.console.aws.amazon.com/secretsmanager/secret?name=%s&region=%s", client.AWSClient.Region, secretName, client.AWSClient.Region),
+		})
+	}
+	log.WithFields(log.Fields{
+		"provider":  "AWS",
+		"account":   client.Name,
+		"region":    client.AWSClient.Region,
+		"service":   "Secret",
+		"resources": len(resources),
+	}).Info("Fetched resources")
+	return resources, nil
+}