Skip to content

Commit

Permalink
chore(config): Config resource type upgrade 202208xx (#21491)
Browse files Browse the repository at this point in the history
fixes #21477

The original problem was that [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html) currently does not support resource types.

To solve this problem, type information had to be defined in L2 Constructs. Details are listed in the issue list. (Too many to list again)

----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
watany-dev authored Aug 7, 2022
1 parent a913d60 commit 618c5bc
Show file tree
Hide file tree
Showing 2 changed files with 217 additions and 0 deletions.
98 changes: 98 additions & 0 deletions packages/@aws-cdk/aws-config/lib/rule.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1318,6 +1318,8 @@ export class ResourceType {
public static readonly EC2_EIP = new ResourceType('AWS::EC2::EIP');
/** EC2 instance */
public static readonly EC2_INSTANCE = new ResourceType('AWS::EC2::Instance');
/** EC2 Network Interface */
public static readonly EC2_NETWORK_INTERFACE = new ResourceType('AWS::EC2::NetworkInterface');
/** EC2 security group */
public static readonly EC2_SECURITY_GROUP = new ResourceType('AWS::EC2::SecurityGroup');
/** EC2 NAT gateway */
Expand All @@ -1326,18 +1328,54 @@ export class ResourceType {
public static readonly EC2_EGRESS_ONLY_INTERNET_GATEWAY = new ResourceType('AWS::EC2::EgressOnlyInternetGateway');
/** EC2 flow log */
public static readonly EC2_FLOW_LOG = new ResourceType('AWS::EC2::FlowLog');
/** EC2 transit gateway */
public static readonly EC2_TRANSIT_GATEWAY = new ResourceType('AWS::EC2::TransitGateway');
/** EC2 transit gateway attachment */
public static readonly EC2_TRANSIT_GATEWAY_ATTACHMENT = new ResourceType('AWS::EC2::TransitGatewayAttachment');
/** EC2 transit gateway route table */
public static readonly EC2_TRANSIT_GATEWAY_ROUTE_TABLE = new ResourceType('AWS::EC2::TransitGatewayRouteTable');
/** EC2 VPC endpoint */
public static readonly EC2_VPC_ENDPOINT = new ResourceType('AWS::EC2::VPCEndpoint');
/** EC2 VPC endpoint service */
public static readonly EC2_VPC_ENDPOINT_SERVICE = new ResourceType('AWS::EC2::VPCEndpointService');
/** EC2 VPC peering connection */
public static readonly EC2_VPC_PEERING_CONNECTION = new ResourceType('AWS::EC2::VPCPeeringConnection');
/** EC2 registered HA instance */
public static readonly EC2_REGISTERED_HA_INSTANCE = new ResourceType('AWS::EC2::RegisteredHAInstance');
/** EC2 launch template */
public static readonly EC2_LAUNCH_TEMPLATE = new ResourceType('AWS::EC2::LaunchTemplate');
/** Amazon ECR repository */
public static readonly ECR_REPOSITORY = new ResourceType('AWS::ECR::Repository');
/** Amazon ECR public repository */
public static readonly ECR_PUBLIC_REPOSITORY = new ResourceType('AWS::ECR::PublicRepository');
/** Amazon ECS cluster */
public static readonly ECS_CLUSTER = new ResourceType('AWS::ECS::Cluster');
/** Amazon ECS task definition */
public static readonly ECS_TASK_DEFINITION = new ResourceType('AWS::ECS::TaskDefinition');
/** Amazon ECS service */
public static readonly ECS_SERVICE = new ResourceType('AWS::ECS::Service');
/** Amazon EFS file system */
public static readonly EFS_FILE_SYSTEM = new ResourceType('AWS::EFS::FileSystem');
/** Amazon EFS access point */
public static readonly EFS_ACCESS_POINT = new ResourceType('AWS::EFS::AccessPoint');
/** Amazon Elastic Kubernetes Service cluster */
public static readonly EKS_CLUSTER = new ResourceType('AWS::EKS::Cluster');
/** Amazon EMR security configuration */
public static readonly EMR_SECURITY_CONFIGURATION = new ResourceType('AWS::EMR::SecurityConfiguration');
/** Amazon GuardDuty detector */
public static readonly GUARDDUTY_DETECTOR = new ResourceType('AWS::GuardDuty::Detector');
/** Amazon ElasticSearch domain */
public static readonly ELASTICSEARCH_DOMAIN = new ResourceType('AWS::Elasticsearch::Domain');
/** Amazon OpenSearch domain */
public static readonly OPENSEARCH_DOMAIN = new ResourceType('AWS::OpenSearch::Domain');
/** Amazon QLDB ledger */
public static readonly QLDB_LEDGER = new ResourceType('AWS::QLDB::Ledger');
/** Amazon Kinesis stream */
public static readonly KINESIS_STREAM = new ResourceType('AWS::Kinesis::Stream');
/** Amazon Kinesis stream consumer */
public static readonly KINESIS_STREAM_CONSUMER = new ResourceType('AWS::Kinesis::StreamConsumer');
/** Amazon MSK cluster */
public static readonly MSK_CLUSTER = new ResourceType('AWS::MSK::Cluster');
/** Amazon Redshift cluster */
public static readonly REDSHIFT_CLUSTER = new ResourceType('AWS::Redshift::Cluster');
/** Amazon Redshift cluster parameter group */
Expand All @@ -1364,12 +1402,24 @@ export class ResourceType {
public static readonly RDS_DB_CLUSTER = new ResourceType('AWS::RDS::DBCluster');
/** Amazon RDS database cluster snapshot */
public static readonly RDS_DB_CLUSTER_SNAPSHOT = new ResourceType('AWS::RDS::DBClusterSnapshot');
/** Amazon Route53 resolver resolver endpoint */
public static readonly ROUTE53_RESOLVER_RESOLVER_ENDPOINT = new ResourceType('AWS::Route53Resolver::ResolverEndpoint');
/** Amazon Route53 resolver resolver rule */
public static readonly ROUTE53_RESOLVER_RESOLVER_RULE = new ResourceType('AWS::Route53Resolver::ResolverRule');
/** Amazon Route53 resolver resolver rule association */
public static readonly ROUTE53_RESOLVER_RESOLVER_RULE_ASSOCIATION = new ResourceType('AWS::Route53Resolver::ResolverRuleAssociation');
/** Amazon SQS queue */
public static readonly SQS_QUEUE = new ResourceType('AWS::SQS::Queue');
/** Amazon SNS topic */
public static readonly SNS_TOPIC = new ResourceType('AWS::SNS::Topic');
/** Amazon S3 bucket */
public static readonly S3_BUCKET = new ResourceType('AWS::S3::Bucket');
/** Amazon SageMaker code repository */
public static readonly SAGEMAKER_CODE_REPOSITORY = new ResourceType('AWS::SageMaker::CodeRepository');
/** Amazon SageMaker model */
public static readonly SAGEMAKER_MODEL = new ResourceType('AWS::SageMaker::Model');
/** Amazon SageMaker notebook instance */
public static readonly SAGEMAKER_NOTEBOOK_INSTANCE = new ResourceType('AWS::SageMaker::NotebookInstance');
/** Amazon S3 account public access block */
public static readonly S3_ACCOUNT_PUBLIC_ACCESS_BLOCK = new ResourceType('AWS::S3::AccountPublicAccessBlock');
/** Amazon EC2 customer gateway */
Expand All @@ -1396,6 +1446,22 @@ export class ResourceType {
public static readonly AUTO_SCALING_POLICY = new ResourceType('AWS::AutoScaling::ScalingPolicy');
/** AWS Auto Scaling scheduled action */
public static readonly AUTO_SCALING_SCHEDULED_ACTION = new ResourceType('AWS::AutoScaling::ScheduledAction');
/** Amazon WorkSpaces connection alias */
public static readonly WORKSPACES_CONNECTION_ALIAS = new ResourceType('AWS::WorkSpaces::ConnectionAlias');
/** Amazon WorkSpaces workSpace */
public static readonly WORKSPACES_WORKSPACE = new ResourceType('AWS::WorkSpaces::Workspace');
/** AWS Backup backup plan */
public static readonly BACKUP_BACKUP_PLAN = new ResourceType('AWS::Backup::BackupPlan');
/** AWS Backup backup selection */
public static readonly BACKUP_BACKUP_SELECTION = new ResourceType('AWS::Backup::BackupSelection');
/** AWS Backup backup vault */
public static readonly BACKUP_BACKUP_VAULT = new ResourceType('AWS::Backup::BackupVault');
/** AWS Backup backup recovery point */
public static readonly BACKUP_RECOVERY_POINT = new ResourceType('AWS::Backup::RecoveryPoint');
/** AWS Batch job queue */
public static readonly BATCH_JOB_QUEUE = new ResourceType('AWS::Batch::JobQueue');
/** AWS Batch compute environment */
public static readonly BATCH_COMPUTE_ENVIRONMENT = new ResourceType('AWS::Batch::ComputeEnvironment');
/** AWS Certificate manager certificate */
public static readonly ACM_CERTIFICATE = new ResourceType('AWS::ACM::Certificate');
/** AWS CloudFormation stack */
Expand All @@ -1404,14 +1470,34 @@ export class ResourceType {
public static readonly CLOUDTRAIL_TRAIL = new ResourceType('AWS::CloudTrail::Trail');
/** AWS CodeBuild project */
public static readonly CODEBUILD_PROJECT = new ResourceType('AWS::CodeBuild::Project');
/** AWS CodeDeploy application */
public static readonly CODEDEPLOY_APPLICATION = new ResourceType('AWS::CodeDeploy::Application');
/** AWS CodeDeploy deployment config */
public static readonly CODEDEPLOY_DEPLOYMENT_CONFIG = new ResourceType('AWS::CodeDeploy::DeploymentConfig');
/** AWS CodeDeploy deployment group */
public static readonly CODEDEPLOY_DEPLOYMENT_GROUP = new ResourceType('AWS::CodeDeploy::DeploymentGroup');
/** AWS CodePipeline pipeline */
public static readonly CODEPIPELINE_PIPELINE = new ResourceType('AWS::CodePipeline::Pipeline');
/** AWS Config resource compliance */
public static readonly CONFIG_RESOURCE_COMPLIANCE = new ResourceType('AWS::Config::ResourceCompliance');
/** AWS Config conformance pack compliance */
public static readonly CONFIG_CONFORMANCE_PACK_COMPLIANCE = new ResourceType('AWS::Config::ConformancePackCompliance');
/** AWS DMS event subscription */
public static readonly DMS_EVENT_SUBSCRIPTION = new ResourceType('AWS::DMS::EventSubscription');
/** AWS DMS replication subnet group */
public static readonly DMS_REPLICATION_SUBNET_GROUP = new ResourceType('AWS::DMS::ReplicationSubnetGroup');
/** AWS Elastic Beanstalk (EB) application */
public static readonly ELASTIC_BEANSTALK_APPLICATION = new ResourceType('AWS::ElasticBeanstalk::Application');
/** AWS Elastic Beanstalk (EB) application version */
public static readonly ELASTIC_BEANSTALK_APPLICATION_VERSION = new ResourceType('AWS::ElasticBeanstalk::ApplicationVersion');
/** AWS Elastic Beanstalk (EB) environment */
public static readonly ELASTIC_BEANSTALK_ENVIRONMENT = new ResourceType('AWS::ElasticBeanstalk::Environment');
/** AWS GlobalAccelerator listener */
public static readonly GLOBALACCELERATOR_LISTENER = new ResourceType('AWS::GlobalAccelerator::Listener');
/** AWS GlobalAccelerator endpoint group */
public static readonly GLOBALACCELERATOR_ENDPOINT_GROUP = new ResourceType('AWS::GlobalAccelerator::EndpointGroup');
/** AWS GlobalAccelerator accelerator */
public static readonly GLOBALACCELERATOR_ACCELERATOR = new ResourceType('AWS::GlobalAccelerator::Accelerator');
/** AWS IAM user */
public static readonly IAM_USER = new ResourceType('AWS::IAM::User');
/** AWS IAM group */
Expand All @@ -1420,6 +1506,8 @@ export class ResourceType {
public static readonly IAM_ROLE = new ResourceType('AWS::IAM::Role');
/** AWS IAM policy */
public static readonly IAM_POLICY = new ResourceType('AWS::IAM::Policy');
/** AWS IAM AccessAnalyzer analyzer */
public static readonly IAM_ACCESSANALYZER_ANALYZER = new ResourceType('AWS::AccessAnalyzer::Analyzer');
/** AWS KMS Key */
public static readonly KMS_KEY = new ResourceType('AWS::KMS::Key');
/** AWS Lambda function */
Expand All @@ -1437,6 +1525,10 @@ export class ResourceType {
public static readonly SHIELD_PROTECTION = new ResourceType('AWS::Shield::Protection');
/** AWS Shield regional protection */
public static readonly SHIELD_REGIONAL_PROTECTION = new ResourceType('AWS::ShieldRegional::Protection');
/** AWS StepFunctions activity */
public static readonly STEPFUNCTIONS_ACTIVITY = new ResourceType('AWS::StepFunctions::Activity');
/** AWS StepFunctions state machine */
public static readonly STEPFUNCTIONS_STATE_MACHINE = new ResourceType('AWS::StepFunctions::StateMachine');
/** AWS Systems Manager managed instance inventory */
public static readonly SYSTEMS_MANAGER_MANAGED_INSTANCE_INVENTORY = new ResourceType('AWS::SSM::ManagedInstanceInventory');
/** AWS Systems Manager patch compliance */
Expand Down Expand Up @@ -1467,12 +1559,18 @@ export class ResourceType {
public static readonly WAFV2_RULE_GROUP = new ResourceType('AWS::WAFv2::RuleGroup');
/** AWS WAFv2 managed rule set */
public static readonly WAFV2_MANAGED_RULE_SET = new ResourceType('AWS::WAFv2::ManagedRuleSet');
/** AWS WAFv2 ip set */
public static readonly WAFV2_IP_SET = new ResourceType('AWS::WAFv2::IPSet');
/** AWS WAFv2 regex pattern set */
public static readonly WAFV2_REGEX_PATTERN_SET = new ResourceType('AWS::WAFv2::RegexPatternSet');
/** AWS X-Ray encryption configuration */
public static readonly XRAY_ENCRYPTION_CONFIGURATION = new ResourceType('AWS::XRay::EncryptionConfig');
/** AWS ELB classic load balancer */
public static readonly ELB_LOAD_BALANCER = new ResourceType('AWS::ElasticLoadBalancing::LoadBalancer');
/** AWS ELBv2 network load balancer or AWS ELBv2 application load balancer */
public static readonly ELBV2_LOAD_BALANCER = new ResourceType('AWS::ElasticLoadBalancingV2::LoadBalancer');
/** AWS ELBv2 application load balancer listener */
public static readonly ELBV2_LISTENER = new ResourceType('AWS::ElasticLoadBalancingV2::Listener');

/** A custom resource type to support future cases. */
public static of(type: string): ResourceType {
Expand Down
119 changes: 119 additions & 0 deletions packages/@aws-cdk/aws-config/test/rule.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -298,4 +298,123 @@ describe('rule', () => {
},
});
});

test('scope to resource', () => {
// GIVEN
const stack = new cdk.Stack();

// WHEN
new config.ManagedRule(stack, 'Rule', {
identifier: 'AWS_SUPER_COOL',
ruleScope: config.RuleScope.fromResources([
config.ResourceType.EC2_NETWORK_INTERFACE,
config.ResourceType.EC2_TRANSIT_GATEWAY,
config.ResourceType.EC2_TRANSIT_GATEWAY_ATTACHMENT,
config.ResourceType.EC2_TRANSIT_GATEWAY_ROUTE_TABLE,
config.ResourceType.EC2_REGISTERED_HA_INSTANCE,
config.ResourceType.EC2_LAUNCH_TEMPLATE,
config.ResourceType.ECR_REPOSITORY,
config.ResourceType.ECR_PUBLIC_REPOSITORY,
config.ResourceType.ECS_CLUSTER,
config.ResourceType.ECS_TASK_DEFINITION,
config.ResourceType.ECS_SERVICE,
config.ResourceType.EFS_FILE_SYSTEM,
config.ResourceType.EFS_ACCESS_POINT,
config.ResourceType.EMR_SECURITY_CONFIGURATION,
config.ResourceType.GUARDDUTY_DETECTOR,
config.ResourceType.OPENSEARCH_DOMAIN,
config.ResourceType.KINESIS_STREAM,
config.ResourceType.KINESIS_STREAM_CONSUMER,
config.ResourceType.MSK_CLUSTER,
config.ResourceType.ROUTE53_RESOLVER_RESOLVER_ENDPOINT,
config.ResourceType.ROUTE53_RESOLVER_RESOLVER_RULE,
config.ResourceType.ROUTE53_RESOLVER_RESOLVER_RULE_ASSOCIATION,
config.ResourceType.SAGEMAKER_CODE_REPOSITORY,
config.ResourceType.SAGEMAKER_MODEL,
config.ResourceType.SAGEMAKER_NOTEBOOK_INSTANCE,
config.ResourceType.WORKSPACES_CONNECTION_ALIAS,
config.ResourceType.WORKSPACES_WORKSPACE,
config.ResourceType.BACKUP_BACKUP_PLAN,
config.ResourceType.BACKUP_BACKUP_SELECTION,
config.ResourceType.BACKUP_BACKUP_VAULT,
config.ResourceType.BACKUP_RECOVERY_POINT,
config.ResourceType.BATCH_JOB_QUEUE,
config.ResourceType.BATCH_COMPUTE_ENVIRONMENT,
config.ResourceType.CODEDEPLOY_APPLICATION,
config.ResourceType.CODEDEPLOY_DEPLOYMENT_CONFIG,
config.ResourceType.CODEDEPLOY_DEPLOYMENT_GROUP,
config.ResourceType.CONFIG_RESOURCE_COMPLIANCE,
config.ResourceType.CONFIG_CONFORMANCE_PACK_COMPLIANCE,
config.ResourceType.DMS_EVENT_SUBSCRIPTION,
config.ResourceType.DMS_REPLICATION_SUBNET_GROUP,
config.ResourceType.GLOBALACCELERATOR_LISTENER,
config.ResourceType.GLOBALACCELERATOR_ENDPOINT_GROUP,
config.ResourceType.GLOBALACCELERATOR_ACCELERATOR,
config.ResourceType.IAM_ACCESSANALYZER_ANALYZER,
config.ResourceType.STEPFUNCTIONS_ACTIVITY,
config.ResourceType.STEPFUNCTIONS_STATE_MACHINE,
config.ResourceType.WAFV2_IP_SET,
config.ResourceType.WAFV2_REGEX_PATTERN_SET,
config.ResourceType.ELBV2_LISTENER,
]),
});

// THEN
Template.fromStack(stack).hasResourceProperties('AWS::Config::ConfigRule', {
Scope: {
ComplianceResourceTypes: [
'AWS::EC2::NetworkInterface',
'AWS::EC2::TransitGateway',
'AWS::EC2::TransitGatewayAttachment',
'AWS::EC2::TransitGatewayRouteTable',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::LaunchTemplate',
'AWS::ECR::Repository',
'AWS::ECR::PublicRepository',
'AWS::ECS::Cluster',
'AWS::ECS::TaskDefinition',
'AWS::ECS::Service',
'AWS::EFS::FileSystem',
'AWS::EFS::AccessPoint',
'AWS::EMR::SecurityConfiguration',
'AWS::GuardDuty::Detector',
'AWS::OpenSearch::Domain',
'AWS::Kinesis::Stream',
'AWS::Kinesis::StreamConsumer',
'AWS::MSK::Cluster',
'AWS::Route53Resolver::ResolverEndpoint',
'AWS::Route53Resolver::ResolverRule',
'AWS::Route53Resolver::ResolverRuleAssociation',
'AWS::SageMaker::CodeRepository',
'AWS::SageMaker::Model',
'AWS::SageMaker::NotebookInstance',
'AWS::WorkSpaces::ConnectionAlias',
'AWS::WorkSpaces::Workspace',
'AWS::Backup::BackupPlan',
'AWS::Backup::BackupSelection',
'AWS::Backup::BackupVault',
'AWS::Backup::RecoveryPoint',
'AWS::Batch::JobQueue',
'AWS::Batch::ComputeEnvironment',
'AWS::CodeDeploy::Application',
'AWS::CodeDeploy::DeploymentConfig',
'AWS::CodeDeploy::DeploymentGroup',
'AWS::Config::ResourceCompliance',
'AWS::Config::ConformancePackCompliance',
'AWS::DMS::EventSubscription',
'AWS::DMS::ReplicationSubnetGroup',
'AWS::GlobalAccelerator::Listener',
'AWS::GlobalAccelerator::EndpointGroup',
'AWS::GlobalAccelerator::Accelerator',
'AWS::AccessAnalyzer::Analyzer',
'AWS::StepFunctions::Activity',
'AWS::StepFunctions::StateMachine',
'AWS::WAFv2::IPSet',
'AWS::WAFv2::RegexPatternSet',
'AWS::ElasticLoadBalancingV2::Listener',
],
},
});
});

});

0 comments on commit 618c5bc

Please sign in to comment.