diff --git a/policy.json b/policy.json index b390c818a..57fc32120 100644 --- a/policy.json +++ b/policy.json @@ -95,7 +95,10 @@ "lambda:ListTags", "es:ListDomainNames", "es:DescribeDomains", - "s3:ListAllMyBuckets" + "s3:ListAllMyBuckets", + "secretsmanager:ListSecrets", + "datasync:ListAgents", + "cloudtrail:ListTrails" ], "Resource": "*" } diff --git a/providers/aws/aws.go b/providers/aws/aws.go index 2e7764858..23bd96b2a 100644 --- a/providers/aws/aws.go +++ b/providers/aws/aws.go @@ -13,10 +13,12 @@ import ( "github.com/tailwarden/komiser/providers" "github.com/tailwarden/komiser/providers/aws/apigateway" "github.com/tailwarden/komiser/providers/aws/cloudfront" + "github.com/tailwarden/komiser/providers/aws/cloudtrail" "github.com/tailwarden/komiser/providers/aws/cloudwatch" "github.com/tailwarden/komiser/providers/aws/codebuild" "github.com/tailwarden/komiser/providers/aws/codecommit" "github.com/tailwarden/komiser/providers/aws/codedeploy" + "github.com/tailwarden/komiser/providers/aws/datasync" "github.com/tailwarden/komiser/providers/aws/dynamodb" "github.com/tailwarden/komiser/providers/aws/ec2" "github.com/tailwarden/komiser/providers/aws/ecr" @@ -36,6 +38,7 @@ import ( "github.com/tailwarden/komiser/providers/aws/redshift" "github.com/tailwarden/komiser/providers/aws/route53" "github.com/tailwarden/komiser/providers/aws/s3" + "github.com/tailwarden/komiser/providers/aws/secretsmanager" "github.com/tailwarden/komiser/providers/aws/servicecatalog" "github.com/tailwarden/komiser/providers/aws/sns" "github.com/tailwarden/komiser/providers/aws/sqs" @@ -117,6 +120,9 @@ func listOfSupportedServices() []providers.FetchDataFunction { lightsail.VPS, neptune.Clusters, route53.HostedZones, + cloudtrail.Trails, + datasync.Agents, + secretsmanager.Secrets, } } diff --git a/providers/aws/secretsmanager/secrets.go b/providers/aws/secretsmanager/secrets.go new file mode 100644 index 000000000..8fb736a0d --- /dev/null +++ b/providers/aws/secretsmanager/secrets.go @@ -0,0 +1,48 @@ +package secretsmanager + +import ( + "context" + "fmt" + "time" + + "github.com/aws/aws-sdk-go-v2/service/secretsmanager" + log "github.com/sirupsen/logrus" + "github.com/tailwarden/komiser/models" + "github.com/tailwarden/komiser/providers" +) + +func Secrets(ctx context.Context, client providers.ProviderClient) ([]models.Resource, error) { + var config secretsmanager.ListSecretsInput + resources := make([]models.Resource, 0) + neptuneClient := secretsmanager.NewFromConfig(*client.AWSClient) + + output, err := neptuneClient.ListSecrets(ctx, &config) + if err != nil { + return resources, err + } + + for _, secret := range output.SecretList { + secretName := "" + if secret.Name != nil { + secretName = *secret.Name + } + resources = append(resources, models.Resource{ + Provider: "AWS", + Account: client.Name, + Service: "Secret", + Region: client.AWSClient.Region, + ResourceId: *secret.ARN, + Name: secretName, + FetchedAt: time.Now(), + Link: fmt.Sprintf("https://%s.console.aws.amazon.com/secretsmanager/secret?name=%s®ion=%s", client.AWSClient.Region, secretName, client.AWSClient.Region), + }) + } + log.WithFields(log.Fields{ + "provider": "AWS", + "account": client.Name, + "region": client.AWSClient.Region, + "service": "Secret", + "resources": len(resources), + }).Info("Fetched resources") + return resources, nil +}