Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(config): Config resource type upgrade 202208xx #21491

Merged
merged 6 commits into from
Aug 7, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
98 changes: 98 additions & 0 deletions packages/@aws-cdk/aws-config/lib/rule.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1318,6 +1318,8 @@ export class ResourceType {
public static readonly EC2_EIP = new ResourceType('AWS::EC2::EIP');
/** EC2 instance */
public static readonly EC2_INSTANCE = new ResourceType('AWS::EC2::Instance');
/** EC2 Network Interface */
public static readonly EC2_NETWORK_INTERFACE = new ResourceType('AWS::EC2::NetworkInterface');
/** EC2 security group */
public static readonly EC2_SECURITY_GROUP = new ResourceType('AWS::EC2::SecurityGroup');
/** EC2 NAT gateway */
Expand All @@ -1326,18 +1328,54 @@ export class ResourceType {
public static readonly EC2_EGRESS_ONLY_INTERNET_GATEWAY = new ResourceType('AWS::EC2::EgressOnlyInternetGateway');
/** EC2 flow log */
public static readonly EC2_FLOW_LOG = new ResourceType('AWS::EC2::FlowLog');
/** EC2 transit gateway */
public static readonly EC2_TRANSIT_GATEWAY = new ResourceType('AWS::EC2::TransitGateway');
/** EC2 transit gateway attachment */
public static readonly EC2_TRANSIT_GATEWAY_ATTACHMENT = new ResourceType('AWS::EC2::TransitGatewayAttachment');
/** EC2 transit gateway route table */
public static readonly EC2_TRANSIT_GATEWAY_ROUTE_TABLE = new ResourceType('AWS::EC2::TransitGatewayRouteTable');
/** EC2 VPC endpoint */
public static readonly EC2_VPC_ENDPOINT = new ResourceType('AWS::EC2::VPCEndpoint');
/** EC2 VPC endpoint service */
public static readonly EC2_VPC_ENDPOINT_SERVICE = new ResourceType('AWS::EC2::VPCEndpointService');
/** EC2 VPC peering connection */
public static readonly EC2_VPC_PEERING_CONNECTION = new ResourceType('AWS::EC2::VPCPeeringConnection');
/** EC2 registered HA instance */
public static readonly EC2_REGISTERED_HA_INSTANCE = new ResourceType('AWS::EC2::RegisteredHAInstance');
/** EC2 launch template */
public static readonly EC2_LAUNCH_TEMPLATE = new ResourceType('AWS::EC2::LaunchTemplate');
/** Amazon ECR repository */
public static readonly ECR_REPOSITORY = new ResourceType('AWS::ECR::Repository');
/** Amazon ECR public repository */
public static readonly ECR_PUBLIC_REPOSITORY = new ResourceType('AWS::ECR::PublicRepository');
/** Amazon ECS cluster */
public static readonly ECS_CLUSTER = new ResourceType('AWS::ECS::Cluster');
/** Amazon ECS task definition */
public static readonly ECS_TASK_DEFINITION = new ResourceType('AWS::ECS::TaskDefinition');
/** Amazon ECS service */
public static readonly ECS_SERVICE = new ResourceType('AWS::ECS::Service');
/** Amazon EFS file system */
public static readonly EFS_FILE_SYSTEM = new ResourceType('AWS::EFS::FileSystem');
/** Amazon EFS access point */
public static readonly EFS_ACCESS_POINT = new ResourceType('AWS::EFS::AccessPoint');
/** Amazon Elastic Kubernetes Service cluster */
public static readonly EKS_CLUSTER = new ResourceType('AWS::EKS::Cluster');
/** Amazon EMR security configuration */
public static readonly EMR_SECURITY_CONFIGURATION = new ResourceType('AWS::EMR::SecurityConfiguration');
/** Amazon GuardDuty detector */
public static readonly GUARDDUTY_DETECTOR = new ResourceType('AWS::GuardDuty::Detector');
/** Amazon ElasticSearch domain */
public static readonly ELASTICSEARCH_DOMAIN = new ResourceType('AWS::Elasticsearch::Domain');
/** Amazon OpenSearch domain */
public static readonly OPENSEARCH_DOMAIN = new ResourceType('AWS::OpenSearch::Domain');
/** Amazon QLDB ledger */
public static readonly QLDB_LEDGER = new ResourceType('AWS::QLDB::Ledger');
/** Amazon Kinesis stream */
public static readonly KINESIS_STREAM = new ResourceType('AWS::Kinesis::Stream');
/** Amazon Kinesis stream consumer */
public static readonly KINESIS_STREAM_CONSUMER = new ResourceType('AWS::Kinesis::StreamConsumer');
/** Amazon MSK cluster */
public static readonly MSK_CLUSTER = new ResourceType('AWS::MSK::Cluster');
/** Amazon Redshift cluster */
public static readonly REDSHIFT_CLUSTER = new ResourceType('AWS::Redshift::Cluster');
/** Amazon Redshift cluster parameter group */
Expand All @@ -1364,12 +1402,24 @@ export class ResourceType {
public static readonly RDS_DB_CLUSTER = new ResourceType('AWS::RDS::DBCluster');
/** Amazon RDS database cluster snapshot */
public static readonly RDS_DB_CLUSTER_SNAPSHOT = new ResourceType('AWS::RDS::DBClusterSnapshot');
/** Amazon Route53 resolver resolver endpoint */
public static readonly ROUTE53_RESOLVER_RESOLVER_ENDPOINT = new ResourceType('AWS::Route53Resolver::ResolverEndpoint');
/** Amazon Route53 resolver resolver rule */
public static readonly ROUTE53_RESOLVER_RESOLVER_RULE = new ResourceType('AWS::Route53Resolver::ResolverRule');
/** Amazon Route53 resolver resolver rule association */
public static readonly ROUTE53_RESOLVER_RESOLVER_RULE_ASSOCIATION = new ResourceType('AWS::Route53Resolver::ResolverRuleAssociation');
/** Amazon SQS queue */
public static readonly SQS_QUEUE = new ResourceType('AWS::SQS::Queue');
/** Amazon SNS topic */
public static readonly SNS_TOPIC = new ResourceType('AWS::SNS::Topic');
/** Amazon S3 bucket */
public static readonly S3_BUCKET = new ResourceType('AWS::S3::Bucket');
/** Amazon SageMaker code repository */
public static readonly SAGEMAKER_CODE_REPOSITORY = new ResourceType('AWS::SageMaker::CodeRepository');
/** Amazon SageMaker model */
public static readonly SAGEMAKER_MODEL = new ResourceType('AWS::SageMaker::Model');
/** Amazon SageMaker notebook instance */
public static readonly SAGEMAKER_NOTEBOOK_INSTANCE = new ResourceType('AWS::SageMaker::NotebookInstance');
/** Amazon S3 account public access block */
public static readonly S3_ACCOUNT_PUBLIC_ACCESS_BLOCK = new ResourceType('AWS::S3::AccountPublicAccessBlock');
/** Amazon EC2 customer gateway */
Expand All @@ -1396,6 +1446,22 @@ export class ResourceType {
public static readonly AUTO_SCALING_POLICY = new ResourceType('AWS::AutoScaling::ScalingPolicy');
/** AWS Auto Scaling scheduled action */
public static readonly AUTO_SCALING_SCHEDULED_ACTION = new ResourceType('AWS::AutoScaling::ScheduledAction');
/** Amazon WorkSpaces connection alias */
public static readonly WORKSPACES_CONNECTION_ALIAS = new ResourceType('AWS::WorkSpaces::ConnectionAlias');
/** Amazon WorkSpaces workSpace */
public static readonly WORKSPACES_WORKSPACE = new ResourceType('AWS::WorkSpaces::Workspace');
/** AWS Backup backup plan */
public static readonly BACKUP_BACKUP_PLAN = new ResourceType('AWS::Backup::BackupPlan');
/** AWS Backup backup selection */
public static readonly BACKUP_BACKUP_SELECTION = new ResourceType('AWS::Backup::BackupSelection');
/** AWS Backup backup vault */
public static readonly BACKUP_BACKUP_VAULT = new ResourceType('AWS::Backup::BackupVault');
/** AWS Backup backup recovery point */
public static readonly BACKUP_RECOVERY_POINT = new ResourceType('AWS::Backup::RecoveryPoint');
/** AWS Batch job queue */
public static readonly BATCH_JOB_QUEUE = new ResourceType('AWS::Batch::JobQueue');
/** AWS Batch compute environment */
public static readonly BATCH_COMPUTE_ENVIRONMENT = new ResourceType('AWS::Batch::ComputeEnvironment');
/** AWS Certificate manager certificate */
public static readonly ACM_CERTIFICATE = new ResourceType('AWS::ACM::Certificate');
/** AWS CloudFormation stack */
Expand All @@ -1404,14 +1470,34 @@ export class ResourceType {
public static readonly CLOUDTRAIL_TRAIL = new ResourceType('AWS::CloudTrail::Trail');
/** AWS CodeBuild project */
public static readonly CODEBUILD_PROJECT = new ResourceType('AWS::CodeBuild::Project');
/** AWS CodeDeploy application */
public static readonly CODEDEPLOY_APPLICATION = new ResourceType('AWS::CodeDeploy::Application');
/** AWS CodeDeploy deployment config */
public static readonly CODEDEPLOY_DEPLOYMENT_CONFIG = new ResourceType('AWS::CodeDeploy::DeploymentConfig');
/** AWS CodeDeploy deployment group */
public static readonly CODEDEPLOY_DEPLOYMENT_GROUP = new ResourceType('AWS::CodeDeploy::DeploymentGroup');
/** AWS CodePipeline pipeline */
public static readonly CODEPIPELINE_PIPELINE = new ResourceType('AWS::CodePipeline::Pipeline');
/** AWS Config resource compliance */
public static readonly CONFIG_RESOURCE_COMPLIANCE = new ResourceType('AWS::Config::ResourceCompliance');
/** AWS Config conformance pack compliance */
public static readonly CONFIG_CONFORMANCE_PACK_COMPLIANCE = new ResourceType('AWS::Config::ConformancePackCompliance');
/** AWS DMS event subscription */
public static readonly DMS_EVENT_SUBSCRIPTION = new ResourceType('AWS::DMS::EventSubscription');
/** AWS DMS replication subnet group */
public static readonly DMS_REPLICATION_SUBNET_GROUP = new ResourceType('AWS::DMS::ReplicationSubnetGroup');
/** AWS Elastic Beanstalk (EB) application */
public static readonly ELASTIC_BEANSTALK_APPLICATION = new ResourceType('AWS::ElasticBeanstalk::Application');
/** AWS Elastic Beanstalk (EB) application version */
public static readonly ELASTIC_BEANSTALK_APPLICATION_VERSION = new ResourceType('AWS::ElasticBeanstalk::ApplicationVersion');
/** AWS Elastic Beanstalk (EB) environment */
public static readonly ELASTIC_BEANSTALK_ENVIRONMENT = new ResourceType('AWS::ElasticBeanstalk::Environment');
/** AWS GlobalAccelerator listener */
public static readonly GLOBALACCELERATOR_LISTENER = new ResourceType('AWS::GlobalAccelerator::Listener');
/** AWS GlobalAccelerator endpoint group */
public static readonly GLOBALACCELERATOR_ENDPOINT_GROUP = new ResourceType('AWS::GlobalAccelerator::EndpointGroup');
/** AWS GlobalAccelerator accelerator */
public static readonly GLOBALACCELERATOR_ACCELERATOR = new ResourceType('AWS::GlobalAccelerator::Accelerator');
/** AWS IAM user */
public static readonly IAM_USER = new ResourceType('AWS::IAM::User');
/** AWS IAM group */
Expand All @@ -1420,6 +1506,8 @@ export class ResourceType {
public static readonly IAM_ROLE = new ResourceType('AWS::IAM::Role');
/** AWS IAM policy */
public static readonly IAM_POLICY = new ResourceType('AWS::IAM::Policy');
/** AWS IAM AccessAnalyzer analyzer */
public static readonly IAM_ACCESSANALYZER_ANALYZER = new ResourceType('AWS::AccessAnalyzer::Analyzer');
/** AWS KMS Key */
public static readonly KMS_KEY = new ResourceType('AWS::KMS::Key');
/** AWS Lambda function */
Expand All @@ -1437,6 +1525,10 @@ export class ResourceType {
public static readonly SHIELD_PROTECTION = new ResourceType('AWS::Shield::Protection');
/** AWS Shield regional protection */
public static readonly SHIELD_REGIONAL_PROTECTION = new ResourceType('AWS::ShieldRegional::Protection');
/** AWS StepFunctions activity */
public static readonly STEPFUNCTIONS_ACTIVITY = new ResourceType('AWS::StepFunctions::Activity');
/** AWS StepFunctions state machine */
public static readonly STEPFUNCTIONS_STATE_MACHINE = new ResourceType('AWS::StepFunctions::StateMachine');
/** AWS Systems Manager managed instance inventory */
public static readonly SYSTEMS_MANAGER_MANAGED_INSTANCE_INVENTORY = new ResourceType('AWS::SSM::ManagedInstanceInventory');
/** AWS Systems Manager patch compliance */
Expand Down Expand Up @@ -1467,12 +1559,18 @@ export class ResourceType {
public static readonly WAFV2_RULE_GROUP = new ResourceType('AWS::WAFv2::RuleGroup');
/** AWS WAFv2 managed rule set */
public static readonly WAFV2_MANAGED_RULE_SET = new ResourceType('AWS::WAFv2::ManagedRuleSet');
/** AWS WAFv2 ip set */
public static readonly WAFV2_IP_SET = new ResourceType('AWS::WAFv2::IPSet');
/** AWS WAFv2 regex pattern set */
public static readonly WAFV2_REGEX_PATTERN_SET = new ResourceType('AWS::WAFv2::RegexPatternSet');
/** AWS X-Ray encryption configuration */
public static readonly XRAY_ENCRYPTION_CONFIGURATION = new ResourceType('AWS::XRay::EncryptionConfig');
/** AWS ELB classic load balancer */
public static readonly ELB_LOAD_BALANCER = new ResourceType('AWS::ElasticLoadBalancing::LoadBalancer');
/** AWS ELBv2 network load balancer or AWS ELBv2 application load balancer */
public static readonly ELBV2_LOAD_BALANCER = new ResourceType('AWS::ElasticLoadBalancingV2::LoadBalancer');
/** AWS ELBv2 application load balancer listener */
public static readonly ELBV2_LISTENER = new ResourceType('AWS::ElasticLoadBalancingV2::Listener');

/** A custom resource type to support future cases. */
public static of(type: string): ResourceType {
Expand Down
119 changes: 119 additions & 0 deletions packages/@aws-cdk/aws-config/test/rule.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -298,4 +298,123 @@ describe('rule', () => {
},
});
});

test('scope to resource', () => {
// GIVEN
const stack = new cdk.Stack();

// WHEN
new config.ManagedRule(stack, 'Rule', {
identifier: 'AWS_SUPER_COOL',
ruleScope: config.RuleScope.fromResources([
config.ResourceType.EC2_NETWORK_INTERFACE,
config.ResourceType.EC2_TRANSIT_GATEWAY,
config.ResourceType.EC2_TRANSIT_GATEWAY_ATTACHMENT,
config.ResourceType.EC2_TRANSIT_GATEWAY_ROUTE_TABLE,
config.ResourceType.EC2_REGISTERED_HA_INSTANCE,
config.ResourceType.EC2_LAUNCH_TEMPLATE,
config.ResourceType.ECR_REPOSITORY,
config.ResourceType.ECR_PUBLIC_REPOSITORY,
config.ResourceType.ECS_CLUSTER,
config.ResourceType.ECS_TASK_DEFINITION,
config.ResourceType.ECS_SERVICE,
config.ResourceType.EFS_FILE_SYSTEM,
config.ResourceType.EFS_ACCESS_POINT,
config.ResourceType.EMR_SECURITY_CONFIGURATION,
config.ResourceType.GUARDDUTY_DETECTOR,
config.ResourceType.OPENSEARCH_DOMAIN,
config.ResourceType.KINESIS_STREAM,
config.ResourceType.KINESIS_STREAM_CONSUMER,
config.ResourceType.MSK_CLUSTER,
config.ResourceType.ROUTE53_RESOLVER_RESOLVER_ENDPOINT,
config.ResourceType.ROUTE53_RESOLVER_RESOLVER_RULE,
config.ResourceType.ROUTE53_RESOLVER_RESOLVER_RULE_ASSOCIATION,
config.ResourceType.SAGEMAKER_CODE_REPOSITORY,
config.ResourceType.SAGEMAKER_MODEL,
config.ResourceType.SAGEMAKER_NOTEBOOK_INSTANCE,
config.ResourceType.WORKSPACES_CONNECTION_ALIAS,
config.ResourceType.WORKSPACES_WORKSPACE,
config.ResourceType.BACKUP_BACKUP_PLAN,
config.ResourceType.BACKUP_BACKUP_SELECTION,
config.ResourceType.BACKUP_BACKUP_VAULT,
config.ResourceType.BACKUP_RECOVERY_POINT,
config.ResourceType.BATCH_JOB_QUEUE,
config.ResourceType.BATCH_COMPUTE_ENVIRONMENT,
config.ResourceType.CODEDEPLOY_APPLICATION,
config.ResourceType.CODEDEPLOY_DEPLOYMENT_CONFIG,
config.ResourceType.CODEDEPLOY_DEPLOYMENT_GROUP,
config.ResourceType.CONFIG_RESOURCE_COMPLIANCE,
config.ResourceType.CONFIG_CONFORMANCE_PACK_COMPLIANCE,
config.ResourceType.DMS_EVENT_SUBSCRIPTION,
config.ResourceType.DMS_REPLICATION_SUBNET_GROUP,
config.ResourceType.GLOBALACCELERATOR_LISTENER,
config.ResourceType.GLOBALACCELERATOR_ENDPOINT_GROUP,
config.ResourceType.GLOBALACCELERATOR_ACCELERATOR,
config.ResourceType.IAM_ACCESSANALYZER_ANALYZER,
config.ResourceType.STEPFUNCTIONS_ACTIVITY,
config.ResourceType.STEPFUNCTIONS_STATE_MACHINE,
config.ResourceType.WAFV2_IP_SET,
config.ResourceType.WAFV2_REGEX_PATTERN_SET,
config.ResourceType.ELBV2_LISTENER,
]),
});

// THEN
Template.fromStack(stack).hasResourceProperties('AWS::Config::ConfigRule', {
Scope: {
ComplianceResourceTypes: [
'AWS::EC2::NetworkInterface',
'AWS::EC2::TransitGateway',
'AWS::EC2::TransitGatewayAttachment',
'AWS::EC2::TransitGatewayRouteTable',
'AWS::EC2::RegisteredHAInstance',
'AWS::EC2::LaunchTemplate',
'AWS::ECR::Repository',
'AWS::ECR::PublicRepository',
'AWS::ECS::Cluster',
'AWS::ECS::TaskDefinition',
'AWS::ECS::Service',
'AWS::EFS::FileSystem',
'AWS::EFS::AccessPoint',
'AWS::EMR::SecurityConfiguration',
'AWS::GuardDuty::Detector',
'AWS::OpenSearch::Domain',
'AWS::Kinesis::Stream',
'AWS::Kinesis::StreamConsumer',
'AWS::MSK::Cluster',
'AWS::Route53Resolver::ResolverEndpoint',
'AWS::Route53Resolver::ResolverRule',
'AWS::Route53Resolver::ResolverRuleAssociation',
'AWS::SageMaker::CodeRepository',
'AWS::SageMaker::Model',
'AWS::SageMaker::NotebookInstance',
'AWS::WorkSpaces::ConnectionAlias',
'AWS::WorkSpaces::Workspace',
'AWS::Backup::BackupPlan',
'AWS::Backup::BackupSelection',
'AWS::Backup::BackupVault',
'AWS::Backup::RecoveryPoint',
'AWS::Batch::JobQueue',
'AWS::Batch::ComputeEnvironment',
'AWS::CodeDeploy::Application',
'AWS::CodeDeploy::DeploymentConfig',
'AWS::CodeDeploy::DeploymentGroup',
'AWS::Config::ResourceCompliance',
'AWS::Config::ConformancePackCompliance',
'AWS::DMS::EventSubscription',
'AWS::DMS::ReplicationSubnetGroup',
'AWS::GlobalAccelerator::Listener',
'AWS::GlobalAccelerator::EndpointGroup',
'AWS::GlobalAccelerator::Accelerator',
'AWS::AccessAnalyzer::Analyzer',
'AWS::StepFunctions::Activity',
'AWS::StepFunctions::StateMachine',
'AWS::WAFv2::IPSet',
'AWS::WAFv2::RegexPatternSet',
'AWS::ElasticLoadBalancingV2::Listener',
],
},
});
});

});