Skip to content

Commit

Permalink
Add Cloudtrail, SecretsManger and DataSync (#1353)
Browse files Browse the repository at this point in the history 
* feat: cloudtrail trails support

Signed-off-by: Azanul <azanulhaque@gmail.com>

* feat: secretsmanager secret support

Signed-off-by: Azanul <azanulhaque@gmail.com>

* fix: secretsmanager secret support

Signed-off-by: Azanul <azanulhaque@gmail.com>

* feat: datasync agent support

Signed-off-by: Azanul <azanulhaque@gmail.com>

* fix: secretsmanager spelling

Signed-off-by: Azanul <azanulhaque@gmail.com>

* fix: secretsmanager spelling

Signed-off-by: Azanul <azanulhaque@gmail.com>

* feat: add to supported service list

Signed-off-by: Azanul <azanulhaque@gmail.com>

* feat: add service policy

Signed-off-by: Azanul <azanulhaque@gmail.com>

---------

Signed-off-by: Azanul <azanulhaque@gmail.com>
  • Loading branch information
@Azanul
Azanul authored Feb 27, 2024
1 parent 37787bb commit 1db81b3
Show file tree
Hide file tree
Showing 7 changed files with 175 additions and 5 deletions.
11 changes: 7 additions & 4 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ require (
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/sql/armsql v1.0.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.2.0
github.com/BurntSushi/toml v1.2.1
github.com/aws/aws-sdk-go-v2 v1.25.0
github.com/aws/aws-sdk-go-v2 v1.25.1
github.com/aws/aws-sdk-go-v2/config v1.25.3
github.com/aws/aws-sdk-go-v2/service/apigateway v1.20.2
github.com/aws/aws-sdk-go-v2/service/autoscaling v1.35.1
Expand Down Expand Up @@ -86,6 +86,7 @@ require (
require (
cloud.google.com/go/longrunning v0.4.1 // indirect
github.com/apache/arrow/go/v11 v11.0.0 // indirect
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.38.0 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.20.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.2 // indirect
github.com/google/s2a-go v0.1.4 // indirect
Expand All @@ -105,12 +106,13 @@ require (
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.1 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.16.2 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.4 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.0 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.0 // indirect
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.1 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.1 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 // indirect
github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.3 // indirect
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.27.1
github.com/aws/aws-sdk-go-v2/service/codebuild v1.25.2
github.com/aws/aws-sdk-go-v2/service/datasync v1.36.0
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.0 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.2.3 // indirect
github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.8.3 // indirect
Expand All @@ -120,10 +122,11 @@ require (
github.com/aws/aws-sdk-go-v2/service/neptune v1.29.0
github.com/aws/aws-sdk-go-v2/service/opensearch v1.25.2
github.com/aws/aws-sdk-go-v2/service/route53 v1.38.0
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.0
github.com/aws/aws-sdk-go-v2/service/servicecatalog v1.24.2
github.com/aws/aws-sdk-go-v2/service/ssm v1.43.0
github.com/aws/aws-sdk-go-v2/service/sso v1.17.2 // indirect
github.com/aws/smithy-go v1.20.0 // indirect
github.com/aws/smithy-go v1.20.1 // indirect
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
github.com/bytedance/sonic v1.9.1 // indirect
github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
Expand Down
14 changes: 14 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,8 @@ github.com/aws/aws-sdk-go-v2 v1.23.1 h1:qXaFsOOMA+HsZtX8WoCa+gJnbyW7qyFFBlPqvTSz
github.com/aws/aws-sdk-go-v2 v1.23.1/go.mod h1:i1XDttT4rnf6vxc9AuskLc6s7XBee8rlLilKlc03uAA=
github.com/aws/aws-sdk-go-v2 v1.25.0 h1:sv7+1JVJxOu/dD/sz/csHX7jFqmP001TIY7aytBWDSQ=
github.com/aws/aws-sdk-go-v2 v1.25.0/go.mod h1:G104G1Aho5WqF+SR3mDIobTABQzpYV0WxMsKxlMggOA=
github.com/aws/aws-sdk-go-v2 v1.25.1 h1:P7hU6A5qEdmajGwvae/zDkOq+ULLC9tQBTwqqiwFGpI=
github.com/aws/aws-sdk-go-v2 v1.25.1/go.mod h1:Evoc5AsmtveRt1komDwIsjHFyrP5tDuF1D1U+6z6pNo=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.1 h1:ZY3108YtBNq96jNZTICHxN1gSBSbnvIdYwwqnvCV4Mc=
github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.5.1/go.mod h1:t8PYl/6LzdAqsU4/9tz28V/kU+asFePvpOMkdul0gEQ=
github.com/aws/aws-sdk-go-v2/config v1.25.3 h1:E4m9LbwJOoncDNt3e9MPLbz/saxWcGUlZVBydydD6+8=
Expand All @@ -78,10 +80,14 @@ github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.4 h1:LAm3Ycm9HJfbSCd5I+
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.4/go.mod h1:xEhvbJcyUf/31yfGSQBe01fukXwXJ0gxDp7rLfymWE0=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.0 h1:NPs/EqVO+ajwOoq56EfcGKa3L3ruWuazkIw1BqxwOPw=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.0/go.mod h1:D+duLy2ylgatV+yTlQ8JTuLfDD0BnFvnQRc+o6tbZ4M=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.1 h1:evvi7FbTAoFxdP/mixmP7LIYzQWAmzBcwNB/es9XPNc=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.1/go.mod h1:rH61DT6FDdikhPghymripNUCsf+uVF4Cnk4c4DBKH64=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.4 h1:4GV0kKZzUxiWxSVpn/9gwR0g21NF1Jsyduzo9rHgC/Q=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.4/go.mod h1:dYvTNAggxDZy6y1AF7YDwXsPuHFy/VNEpEI/2dWK9IU=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.0 h1:ks7KGMVUMoDzcxNWUlEdI+/lokMFD136EL6DWmUOV80=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.0/go.mod h1:hL6BWM/d/qz113fVitZjbXR0E+RCTU1+x+1Idyn5NgE=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.1 h1:RAnaIrbxPtlXNVI/OIlh1sidTQ3e1qM6LRjs7N0bE0I=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.1/go.mod h1:nbgAGkH5lk0RZRMh6A4K/oG6Xj11eC/1CyDow+DUAFI=
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1 h1:uR9lXYjdPX0xY+NhvaJ4dD8rpSRz5VY81ccIIoNG+lw=
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.1/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY=
github.com/aws/aws-sdk-go-v2/internal/v4a v1.2.3 h1:lMwCXiWJlrtZot0NJTjbC8G9zl+V3i68gBTBBvDeEXA=
Expand All @@ -92,6 +98,8 @@ github.com/aws/aws-sdk-go-v2/service/autoscaling v1.35.1 h1:2awLldJ8gWgB2lW/ywil
github.com/aws/aws-sdk-go-v2/service/autoscaling v1.35.1/go.mod h1:6NGYQhD5ky3wERvkhdhnFk7RKCg3nidKqE6DOEZgGgg=
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.30.2 h1:xlG5GdoesjSp4seJ1utZhhfF7spdP1o5WjViLY9VZzY=
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.30.2/go.mod h1:c66twOpDFT+AYQ8LloFNY+VbwcM9SqwrrdDboMKo6tg=
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.38.0 h1:htNYTHG9P/9dggDA3Q+KfmFcPFhSpt9JPdcfDd3EswQ=
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.38.0/go.mod h1:V6maY4X+Z2wWBllN+OskcnXziUq7FyoACYXGYayY6IQ=
github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.30.2 h1:T2YjSwrDkLg2laNjhIunyTbjy9Qzd/oZ+yQjrAhdIEA=
github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.30.2/go.mod h1:GuVYdn7tWjbyp/YtZSM6VczmceUUQW6v8Yq98wJ9dWY=
github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.27.1 h1:TNRPtVMfBVk24DL3on3aCSVaEbkLJkVewen+ag01Y5E=
Expand All @@ -106,6 +114,8 @@ github.com/aws/aws-sdk-go-v2/service/configservice v1.41.2 h1:WJt83aWld986AxwJpz
github.com/aws/aws-sdk-go-v2/service/configservice v1.41.2/go.mod h1:wIuYBSC8G7HHXK/T6YO0t/m463ssur9aMLnycNvKXqQ=
github.com/aws/aws-sdk-go-v2/service/costexplorer v1.32.4 h1:ojxirFFJN39ar+tHiz84PuaeKA/Z3BiopdhxOGGQD4A=
github.com/aws/aws-sdk-go-v2/service/costexplorer v1.32.4/go.mod h1:1ujrFMokNtwDv3fwb9RBwdeXS+RonpIeV9uh19GJoH8=
github.com/aws/aws-sdk-go-v2/service/datasync v1.36.0 h1:JwB9gD2OZX8MtDNTzZ26Z4371O2Skg/5k31t1bWZtIo=
github.com/aws/aws-sdk-go-v2/service/datasync v1.36.0/go.mod h1:5rP7AljuZSzUKqG0a72xvxALWzqB5OwnpZNO2dY9NlM=
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.25.2 h1:O6ff5PwwgQ7QkL/XA0H+0U0mWwjkYaP9tHvbr0Ptqak=
github.com/aws/aws-sdk-go-v2/service/dynamodb v1.25.2/go.mod h1:kuVxCbsxbP/h6YTT2BfOj4s/bwXYsG3C/8Qn9gO5QJY=
github.com/aws/aws-sdk-go-v2/service/ec2 v1.136.0 h1:nZPVFkGojUUJupKJzaCKE07LaFDO3Tto1U69F8JipsI=
Expand Down Expand Up @@ -160,6 +170,8 @@ github.com/aws/aws-sdk-go-v2/service/route53 v1.38.0 h1:CGCV5Ew5WxGoavl747VjaeCR
github.com/aws/aws-sdk-go-v2/service/route53 v1.38.0/go.mod h1:7yv8DO9ZBVoBYAO7yqq1yHrJS7RLNuUp/ok1fdfKLuY=
github.com/aws/aws-sdk-go-v2/service/s3 v1.43.0 h1:cwTuq73Tv6jtNJIMgTDKsih5O2YsVrKGpg20H98tbmo=
github.com/aws/aws-sdk-go-v2/service/s3 v1.43.0/go.mod h1:NXRKkiRF+erX2hnybnVU660cYT5/KChRD4iUgJ97cI8=
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.0 h1:Xf3s55N9cqKvFK6D70zCXvXXN4ZovTCy7glL+gUhLEc=
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.28.0/go.mod h1:RA3ERghFSivbTf0Sbsxv/grUuLMcyAjm0F/PylJMmEs=
github.com/aws/aws-sdk-go-v2/service/servicecatalog v1.24.2 h1:rJPd7ZUwHSJnUUMwZYYQ5diw2En+8Glx9XAwNSyGyTM=
github.com/aws/aws-sdk-go-v2/service/servicecatalog v1.24.2/go.mod h1:qzLepVh/MNcSxD5o88id3Rt83nBOKDlV6lAMjoSCAHk=
github.com/aws/aws-sdk-go-v2/service/sns v1.25.2 h1:KVWf3qQZxqX0ogLvRfq+uEXfbRexe7Y2JBRQ0TQaxwQ=
Expand All @@ -178,6 +190,8 @@ github.com/aws/smithy-go v1.17.0 h1:wWJD7LX6PBV6etBUwO0zElG0nWN9rUhp0WdYeHSHAaI=
github.com/aws/smithy-go v1.17.0/go.mod h1:NukqUGpCZIILqqiV0NIjeFh24kd/FAa4beRb6nbIUPE=
github.com/aws/smithy-go v1.20.0 h1:6+kZsCXZwKxZS9RfISnPc4EXlHoyAkm2hPuM8X2BrrQ=
github.com/aws/smithy-go v1.20.0/go.mod h1:uo5RKksAl4PzhqaAbjd4rLgFoq5koTsQKYuGe7dklGc=
github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=
github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY=
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
Expand Down
5 changes: 4 additions & 1 deletion policy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,10 @@
"lambda:ListTags",
"es:ListDomainNames",
"es:DescribeDomains",
"s3:ListAllMyBuckets"
"s3:ListAllMyBuckets",
"secretsmanager:ListSecrets",
"datasync:ListAgents",
"cloudtrail:ListTrails"
],
"Resource": "*"
}
Expand Down
6 changes: 6 additions & 0 deletions providers/aws/aws.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,12 @@ import (
"github.com/tailwarden/komiser/providers"
"github.com/tailwarden/komiser/providers/aws/apigateway"
"github.com/tailwarden/komiser/providers/aws/cloudfront"
"github.com/tailwarden/komiser/providers/aws/cloudtrail"
"github.com/tailwarden/komiser/providers/aws/cloudwatch"
"github.com/tailwarden/komiser/providers/aws/codebuild"
"github.com/tailwarden/komiser/providers/aws/codecommit"
"github.com/tailwarden/komiser/providers/aws/codedeploy"
"github.com/tailwarden/komiser/providers/aws/datasync"
"github.com/tailwarden/komiser/providers/aws/dynamodb"
"github.com/tailwarden/komiser/providers/aws/ec2"
"github.com/tailwarden/komiser/providers/aws/ecr"
Expand All @@ -36,6 +38,7 @@ import (
"github.com/tailwarden/komiser/providers/aws/redshift"
"github.com/tailwarden/komiser/providers/aws/route53"
"github.com/tailwarden/komiser/providers/aws/s3"
"github.com/tailwarden/komiser/providers/aws/secretsmanager"
"github.com/tailwarden/komiser/providers/aws/servicecatalog"
"github.com/tailwarden/komiser/providers/aws/sns"
"github.com/tailwarden/komiser/providers/aws/sqs"
Expand Down Expand Up @@ -117,6 +120,9 @@ func listOfSupportedServices() []providers.FetchDataFunction {
lightsail.VPS,
neptune.Clusters,
route53.HostedZones,
cloudtrail.Trails,
datasync.Agents,
secretsmanager.Secrets,
}
}

Expand Down
48 changes: 48 additions & 0 deletions providers/aws/cloudtrail/trail.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
package cloudtrail

import (
"context"
"fmt"
"time"

"github.com/aws/aws-sdk-go-v2/service/cloudtrail"
log "github.com/sirupsen/logrus"
"github.com/tailwarden/komiser/models"
"github.com/tailwarden/komiser/providers"
)

func Trails(ctx context.Context, client providers.ProviderClient) ([]models.Resource, error) {
var config cloudtrail.ListTrailsInput
resources := make([]models.Resource, 0)
neptuneClient := cloudtrail.NewFromConfig(*client.AWSClient)

output, err := neptuneClient.ListTrails(ctx, &config)
if err != nil {
return resources, err
}

for _, trail := range output.Trails {
trailName := ""
if trail.Name != nil {
trailName = *trail.Name
}
resources = append(resources, models.Resource{
Provider: "AWS",
Account: client.Name,
Service: "Cloudtrail Trail",
Region: client.AWSClient.Region,
ResourceId: *trail.TrailARN,
Name: trailName,
FetchedAt: time.Now(),
Link: fmt.Sprintf("https://%s.console.aws.amazon.com/cloudtrailv2/home?region=%s#/trails/%s/%s", client.AWSClient.Region, client.AWSClient.Region, *trail.TrailARN, trailName),
})
}
log.WithFields(log.Fields{
"provider": "AWS",
"account": client.Name,
"region": client.AWSClient.Region,
"service": "Cloudtrail Trail",
"resources": len(resources),
}).Info("Fetched resources")
return resources, nil
}
48 changes: 48 additions & 0 deletions providers/aws/datasync/agents.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
package datasync

import (
"context"
"fmt"
"time"

"github.com/aws/aws-sdk-go-v2/service/datasync"
log "github.com/sirupsen/logrus"
"github.com/tailwarden/komiser/models"
"github.com/tailwarden/komiser/providers"
)

func Agents(ctx context.Context, client providers.ProviderClient) ([]models.Resource, error) {
var config datasync.ListAgentsInput
resources := make([]models.Resource, 0)
neptuneClient := datasync.NewFromConfig(*client.AWSClient)

output, err := neptuneClient.ListAgents(ctx, &config)
if err != nil {
return resources, err
}

for _, agent := range output.Agents {
agentName := ""
if agent.Name != nil {
agentName = *agent.Name
}
resources = append(resources, models.Resource{
Provider: "AWS",
Account: client.Name,
Service: "DataSync Agent",
Region: client.AWSClient.Region,
ResourceId: *agent.AgentArn,
Name: agentName,
FetchedAt: time.Now(),
Link: fmt.Sprintf("https://%s.console.aws.amazon.com/datasync/home?region=%s#/agents", client.AWSClient.Region, client.AWSClient.Region),
})
}
log.WithFields(log.Fields{
"provider": "AWS",
"account": client.Name,
"region": client.AWSClient.Region,
"service": "DataSync Agent",
"resources": len(resources),
}).Info("Fetched resources")
return resources, nil
}
48 changes: 48 additions & 0 deletions providers/aws/secretsmanager/secrets.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
package secretsmanager

import (
"context"
"fmt"
"time"

"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
log "github.com/sirupsen/logrus"
"github.com/tailwarden/komiser/models"
"github.com/tailwarden/komiser/providers"
)

func Secrets(ctx context.Context, client providers.ProviderClient) ([]models.Resource, error) {
var config secretsmanager.ListSecretsInput
resources := make([]models.Resource, 0)
neptuneClient := secretsmanager.NewFromConfig(*client.AWSClient)

output, err := neptuneClient.ListSecrets(ctx, &config)
if err != nil {
return resources, err
}

for _, secret := range output.SecretList {
secretName := ""
if secret.Name != nil {
secretName = *secret.Name
}
resources = append(resources, models.Resource{
Provider: "AWS",
Account: client.Name,
Service: "Secret",
Region: client.AWSClient.Region,
ResourceId: *secret.ARN,
Name: secretName,
FetchedAt: time.Now(),
Link: fmt.Sprintf("https://%s.console.aws.amazon.com/secretsmanager/secret?name=%s&region=%s", client.AWSClient.Region, secretName, client.AWSClient.Region),
})
}
log.WithFields(log.Fields{
"provider": "AWS",
"account": client.Name,
"region": client.AWSClient.Region,
"service": "Secret",
"resources": len(resources),
}).Info("Fetched resources")
return resources, nil
}

0 comments on commit 1db81b3

Please sign in to comment.