aws

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 22, 2020 License: AGPL-3.0 Imports: 61 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	DynamoDBClientFunc               = setupDynamoDBClient
	ApplicationAutoScalingClientFunc = setupApplicationAutoScalingClient
)

Set as variables to be overridden in testing

View Source 
var (

	// IndividualARNResourcePollers maps resource types to their corresponding individual polling
	// functions for resources whose ID is their ARN.
	IndividualARNResourcePollers = map[string]func(
		input *awsmodels.ResourcePollerInput, arn arn.ARN, entry *pollermodels.ScanEntry) (interface{}, error){
		awsmodels.AcmCertificateSchema:      PollACMCertificate,
		awsmodels.CloudFormationStackSchema: PollCloudFormationStack,
		awsmodels.CloudTrailSchema:          PollCloudTrailTrail,
		awsmodels.CloudWatchLogGroupSchema:  PollCloudWatchLogsLogGroup,
		awsmodels.DynamoDBTableSchema:       PollDynamoDBTable,
		awsmodels.Ec2AmiSchema:              PollEC2Image,
		awsmodels.Ec2InstanceSchema:         PollEC2Instance,
		awsmodels.Ec2NetworkAclSchema:       PollEC2NetworkACL,
		awsmodels.Ec2SecurityGroupSchema:    PollEC2SecurityGroup,
		awsmodels.Ec2VolumeSchema:           PollEC2Volume,
		awsmodels.Ec2VpcSchema:              PollEC2VPC,
		awsmodels.EcsClusterSchema:          PollECSCluster,
		awsmodels.Elbv2LoadBalancerSchema:   PollELBV2LoadBalancer,
		awsmodels.IAMGroupSchema:            PollIAMGroup,
		awsmodels.IAMPolicySchema:           PollIAMPolicy,
		awsmodels.IAMRoleSchema:             PollIAMRole,
		awsmodels.IAMUserSchema:             PollIAMUser,
		awsmodels.IAMRootUserSchema:         PollIAMRootUser,
		awsmodels.KmsKeySchema:              PollKMSKey,
		awsmodels.LambdaFunctionSchema:      PollLambdaFunction,
		awsmodels.RDSInstanceSchema:         PollRDSInstance,
		awsmodels.RedshiftClusterSchema:     PollRedshiftCluster,
		awsmodels.S3BucketSchema:            PollS3Bucket,
		awsmodels.WafWebAclSchema:           PollWAFWebACL,
		awsmodels.WafRegionalWebAclSchema:   PollWAFRegionalWebACL,
	}

	// IndividualResourcePollers maps resource types to their corresponding individual polling
	// functions for resources whose ID is not their ARN.
	IndividualResourcePollers = map[string]func(
		input *awsmodels.ResourcePollerInput, id *utils.ParsedResourceID, entry *pollermodels.ScanEntry) (interface{}, error){
		awsmodels.ConfigServiceSchema:  PollConfigService,
		awsmodels.GuardDutySchema:      PollGuardDutyDetector,
		awsmodels.PasswordPolicySchema: PollPasswordPolicyResource,
	}

	// ServicePollers maps a resource type to its Poll function
	ServicePollers = map[string]resourcePoller{
		awsmodels.AcmCertificateSchema:      {"ACMCertificate", PollAcmCertificates},
		awsmodels.CloudTrailSchema:          {"CloudTrail", PollCloudTrails},
		awsmodels.Ec2AmiSchema:              {"EC2AMI", PollEc2Amis},
		awsmodels.Ec2InstanceSchema:         {"EC2Instance", PollEc2Instances},
		awsmodels.Ec2NetworkAclSchema:       {"EC2NetworkACL", PollEc2NetworkAcls},
		awsmodels.Ec2SecurityGroupSchema:    {"EC2SecurityGroup", PollEc2SecurityGroups},
		awsmodels.Ec2VolumeSchema:           {"EC2Volume", PollEc2Volumes},
		awsmodels.Ec2VpcSchema:              {"EC2VPC", PollEc2Vpcs},
		awsmodels.EcsClusterSchema:          {"ECSCluster", PollEcsClusters},
		awsmodels.Elbv2LoadBalancerSchema:   {"ELBV2LoadBalancer", PollElbv2ApplicationLoadBalancers},
		awsmodels.KmsKeySchema:              {"KMSKey", PollKmsKeys},
		awsmodels.S3BucketSchema:            {"S3Bucket", PollS3Buckets},
		awsmodels.WafWebAclSchema:           {"WAFWebAcl", PollWafWebAcls},
		awsmodels.WafRegionalWebAclSchema:   {"WAFRegionalWebAcl", PollWafRegionalWebAcls},
		awsmodels.CloudFormationStackSchema: {"CloudFormationStack", PollCloudFormationStacks},
		awsmodels.CloudWatchLogGroupSchema:  {"CloudWatchLogGroup", PollCloudWatchLogsLogGroups},
		awsmodels.ConfigServiceSchema:       {"ConfigService", PollConfigServices},
		awsmodels.DynamoDBTableSchema:       {"DynamoDBTable", PollDynamoDBTables},
		awsmodels.GuardDutySchema:           {"GuardDutyDetector", PollGuardDutyDetectors},
		awsmodels.IAMUserSchema:             {"IAMUser", PollIAMUsers},

		awsmodels.IAMRoleSchema:         {"IAMRoles", PollIAMRoles},
		awsmodels.IAMGroupSchema:        {"IAMGroups", PollIamGroups},
		awsmodels.IAMPolicySchema:       {"IAMPolicies", PollIamPolicies},
		awsmodels.LambdaFunctionSchema:  {"LambdaFunctions", PollLambdaFunctions},
		awsmodels.PasswordPolicySchema:  {"PasswordPolicy", PollPasswordPolicy},
		awsmodels.RDSInstanceSchema:     {"RDSInstance", PollRDSInstances},
		awsmodels.RedshiftClusterSchema: {"RedshiftCluster", PollRedshiftClusters},
	}
)
View Source 
var (
	// S3BucketSnapshots is a mapping between bucket name and its snapshot.
	S3BucketSnapshots map[string]*awsmodels.S3Bucket
	// S3ClientFunc is the function to initialize the S3 Client.
	S3ClientFunc = setupS3Client
)
View Source 
var (
	// Functions to initialize the WAF and WAF Regional client functions
	WafRegionalClientFunc = setupWafRegionalClient
	WafClientFunc         = setupWafClient
)

Set as variables to be overridden in testing

View Source 
var (
	AcmClientFunc = setupAcmClient
)

Set as variables to be overridden in testing

View Source 
var (
	// Set as variables to be overridden in testing
	CloudFormationClientFunc = setupCloudFormationClient
)
View Source 
var (
	// CloudTrailClientFunc is the function it setup the CloudTrail client.
	CloudTrailClientFunc = setupCloudTrailClient
)
View Source 
var (
	CloudWatchLogsClientFunc = setupCloudWatchLogsClient
)

Set as variables to be overridden in testing

View Source 
var (
	ConfigServiceClientFunc = setupConfigServiceClient
)

Set as variables to be overridden in testing

View Source 
var EC2ClientFunc = setupEC2Client
View Source 
var EcsClientFunc = setupEcsClient

Set as variables to be overridden in testing

View Source 
var (
	Elbv2ClientFunc = setupElbv2Client
)

Set as variables to be overridden in testing

View Source 
var (
	GuardDutyClientFunc = setupGuardDutyClient
)

Set as variables to be overridden in testing

View Source 
var (
	IAMClientFunc = setupIAMClient
)

Set as variables to be overridden in testing

View Source 
var (
	KmsClientFunc = setupKmsClient
)

Set as variables to be overridden in testing

View Source 
var (
	LambdaClientFunc = setupLambdaClient
)

Set as variables to be overridden in testing

View Source 
var (
	RDSClientFunc = setupRDSClient
)

Set as variables to be overridden in testing

View Source 
var (
	RedshiftClientFunc = setupRedshiftClient
)

Set as variables to be overridden in testing

Functions

func BuildIAMRoleSnapshot 

func BuildIAMRoleSnapshot(iamSvc iamiface.IAMAPI, role *iam.Role) *awsmodels.IAMRole

buildIAMRoleSnapshot builds an IAMRoleSnapshot for a given IAM Role

func Poll 

func Poll(scanRequest *pollermodels.ScanEntry) (
	generatedEvents []*resourcesapimodels.AddResourceEntry, err error)

Poll coordinates AWS generatedEvents gathering across all relevant resources for compliance monitoring.

func PollACMCertificate 

func PollACMCertificate(
	pollerInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollACMCertificate a single ACM certificate resource

func PollAcmCertificates 

func PollAcmCertificates(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollAcmCertificates gathers information on each ACM Certificate for an AWS account.

func PollCloudFormationStack 

func PollCloudFormationStack(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollCloudFormationStack polls a single CloudFormation stack resource

func PollCloudFormationStacks 

func PollCloudFormationStacks(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollCloudFormationStacks gathers information on each CloudFormation Stack for an AWS account.

func PollCloudTrailTrail 

func PollCloudTrailTrail(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollCloudTrailTrail polls a single CloudTrail trail resource

func PollCloudTrails 

func PollCloudTrails(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollCloudTrails gathers information on all CloudTrails in an AWS account.

func PollCloudWatchLogsLogGroup 

func PollCloudWatchLogsLogGroup(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry) (resource interface{}, err error)

PollCloudWatchLogsLogGroup polls a single CloudWatchLogs LogGroup resource

func PollCloudWatchLogsLogGroups 

func PollCloudWatchLogsLogGroups(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollCloudWatchLogsLogGroups gathers information on each CloudWatchLogs LogGroup for an AWS account

func PollConfigService 

func PollConfigService(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	parsedResourceID *utils.ParsedResourceID,
	scanRequest *pollermodels.ScanEntry) (interface{}, error)

PollConfigService polls a single AWS Config resource

func PollConfigServices 

func PollConfigServices(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollConfigServices gathers information on each config service for an AWS account.

func PollDynamoDBTable 

func PollDynamoDBTable(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	_ *pollermodels.ScanEntry,
) (interface{}, error)

PollDynamoDBTable polls a single DynamoDB Table resource

func PollDynamoDBTables 

func PollDynamoDBTables(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollDynamoDBTables gathers information on each Dynamo DB Table for an AWS account.

func PollEC2Image 

func PollEC2Image(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollEC2Image polls a single EC2 Image resource

func PollEC2Instance 

func PollEC2Instance(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollEC2Instance polls a single EC2 Instance resource

func PollEC2NetworkACL 

func PollEC2NetworkACL(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollEC2NetworkACL polls a single EC2 Network ACL resource

func PollEC2SecurityGroup 

func PollEC2SecurityGroup(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollEC2SecurityGroup polls a single EC2 Security Group resource

func PollEC2VPC 

func PollEC2VPC(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollEC2VPC polls a single EC2 VPC resource

func PollEC2Volume 

func PollEC2Volume(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry) (interface{}, error)

PollEC2Volume polls a single EC2 Volume resource

func PollECSCluster added in v0.3.0 

func PollECSCluster(
	pollerInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollECSCluster polls a single ECS cluster resource

func PollELBV2LoadBalancer 

func PollELBV2LoadBalancer(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollELBV2 LoadBalancer polls a single ELBV2 Application Load Balancer resource

func PollEc2Amis 

func PollEc2Amis(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollEc2Amis gathers information on each EC2 AMI in an AWS account.

func PollEc2Instances 

func PollEc2Instances(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollEc2Instances gathers information on each EC2 instance in an AWS account.

func PollEc2NetworkAcls 

func PollEc2NetworkAcls(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollEc2NetworkAcls gathers information on each Network ACL in an AWS account.

func PollEc2SecurityGroups 

func PollEc2SecurityGroups(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollEc2SecurityGroups gathers information on each Security Group in an AWS account.

func PollEc2Volumes 

func PollEc2Volumes(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollEc2Volumes gathers information on each EC2 Volume for an AWS account.

func PollEc2Vpcs 

func PollEc2Vpcs(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollEc2Vpcs gathers information on each VPC in an AWS account.

func PollEcsClusters added in v0.3.0 

func PollEcsClusters(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollEcsCluster gathers information on each ECS Cluster for an AWS account.

func PollElbv2ApplicationLoadBalancers 

func PollElbv2ApplicationLoadBalancers(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollElbv2ApplicationLoadBalancers gathers information on each application load balancer for an AWS account.

func PollGuardDutyDetector 

func PollGuardDutyDetector(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	parsedResourceID *utils.ParsedResourceID,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollGuardDutyDetector polls a single AWS Config resource

func PollGuardDutyDetectors 

func PollGuardDutyDetectors(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollGuardDutyDetectors gathers information on each GuardDuty detector for an AWS account.

func PollIAMGroup 

func PollIAMGroup(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollIAMGroup polls a single IAM Group resource

func PollIAMPolicy 

func PollIAMPolicy(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollIAMPolicy polls a single IAM Policy resource

func PollIAMRole 

func PollIAMRole(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollIAMRole polls a single IAM Role resource

func PollIAMRoles 

func PollIAMRoles(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollIAMRoles generates a snapshot for each IAM Role.

func PollIAMRootUser 

func PollIAMRootUser(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	_ arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollIAMUser polls a single IAM User resource

func PollIAMUser 

func PollIAMUser(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollIAMUser polls a single IAM User resource

func PollIAMUsers 

func PollIAMUsers(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollIAMUsers generates a snapshot for each IAM User.

This function returns a slice of Events.

func PollIamGroups 

func PollIamGroups(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollIamGroups gathers information on each IAM Group for an AWS account.

func PollIamPolicies 

func PollIamPolicies(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollIamPolicies gathers information on each IAM policy for an AWS account.

func PollKMSKey 

func PollKMSKey(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollKMSKey polls a single KMS Key resource

func PollKmsKeys 

func PollKmsKeys(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollKmsKeys gathers information on each KMS key for an AWS account.

func PollLambdaFunction 

func PollLambdaFunction(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollLambdaFunction polls a single Lambda Function resource

func PollLambdaFunctions 

func PollLambdaFunctions(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollLambdaFunctions gathers information on each Lambda Function for an AWS account.

func PollPasswordPolicy 

func PollPasswordPolicy(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollPasswordPolicy gathers information on all PasswordPolicy in an AWS account.

func PollPasswordPolicyResource 

func PollPasswordPolicyResource(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	_ *utils.ParsedResourceID,
	_ *pollermodels.ScanEntry,
) (interface{}, error)

PollPasswordPolicyResource polls a password policy and returns it as a resource

func PollRDSInstance 

func PollRDSInstance(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollRDSInstance polls a single RDS DB Instance resource

func PollRDSInstances 

func PollRDSInstances(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollRDSInstances gathers information on each RDS DB Instance for an AWS account.

func PollRedshiftCluster 

func PollRedshiftCluster(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollRedshiftCluster polls a single Redshift Cluster resource

func PollRedshiftClusters 

func PollRedshiftClusters(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollRedshiftClusters gathers information on each Redshift Cluster for an AWS account.

func PollS3Bucket 

func PollS3Bucket(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	scanRequest *pollermodels.ScanEntry,
) (interface{}, error)

PollS3Bucket polls a single S3 Bucket resource

func PollS3Buckets 

func PollS3Buckets(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollS3Buckets gathers information on each S3 bucket for an AWS account.

func PollWAFRegionalWebACL 

func PollWAFRegionalWebACL(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	_ *pollermodels.ScanEntry,
) (interface{}, error)

PollWAFRegionalWebACL polls a single WAF Regional WebACL resource

func PollWAFWebACL 

func PollWAFWebACL(
	pollerResourceInput *awsmodels.ResourcePollerInput,
	resourceARN arn.ARN,
	_ *pollermodels.ScanEntry,
) (interface{}, error)

PollWAFWebACL polls a single WAF WebACL resource

func PollWafRegionalWebAcls 

func PollWafRegionalWebAcls(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

func PollWafWebAcls 

func PollWafWebAcls(pollerInput *awsmodels.ResourcePollerInput) ([]*apimodels.AddResourceEntry, error)

PollWafWebAcls gathers information on each Web ACL for an AWS account.

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.