Updates a number of AWS resource docs and snippets examples and new text

Signed-off-by: Scott Ford <scott@scottford.io>

lumi/resources/core.lr

@@ -1498,19 +1498,21 @@ arista.eos.spt.mstInterface {
   features() dict
 }
 
+// AWS Resource
 aws {
-  // list of vpcs in the account (across all regions)
+  // list of `aws.vpc` objects representing all VPCs in the account across all enabled regions
   vpcs() []aws.vpc
-  // list of regions for the account
+  // list of all enabled regions in the account
   regions() []string
 }
 
-// AWS Access Analyzer helps identify resources that are shared with an external entity
+// AWS Access Analyzer resource for assessing the configuration of AWS IAM Access Analyzer
 aws.accessAnalyzer {
-  // list of AWS IAM access analyzers
+  // list of `aws.accessanalyzer.analyzer` objects for all AWS Access Analyzers configured within the account 
   analyzers() []aws.accessanalyzer.analyzer
 }
 
+// AWS Access Analyzer resource provides an object representing an individual AWS IAM Access Analyzer configuration
 aws.accessanalyzer.analyzer {
   // ARN for the analyzer
   arn string
@@ -1520,7 +1522,7 @@ aws.accessanalyzer.analyzer {
   status string
 }
 
-// AWS account information
+// AWS account resource
 aws.account {
   // Account Id
   id() string
@@ -1830,12 +1832,13 @@ aws.es.domain {
   region string
 }
 
-// AWS Certificate Manager for managing public and private SSL/TLS certificates
+// AWS Certificate Manager resource for assessing the configuration of AWS Certificate Manager
 aws.acm {
+  // list of `aws.acm.certificate` objects representing ACM certificates configured within the account
   certificates() []aws.acm.certificate
 }
 
-// AWS Certificate Manager Certificate
+// AWS Certificate Manager Certificate resource provides an object representing an individual ACM certificate
 aws.acm.certificate {
   // ARN for the certificate
   arn string
@@ -2383,13 +2386,13 @@ aws.dms {
   replicationInstances() []dict
 }
 
-// Amazon API Gateway for creating, maintaining, and securing APIs at scale
+// Amazon API Gateway resource for assessing the configuration of the AWS API Gateway service
 aws.apigateway {
-  // list of rest APIs across all regions in the account
+  // list of `aws.apigateway.restapi` objects representing all rest APIs across all enabled regions in the account
   restApis() []aws.apigateway.restapi
 }
 
-// Amazon API Gateway REST API
+// Amazon API Gateway REST API resource provides an object representing an individual configured API Gateway REST API
 aws.apigateway.restapi {
   // ARN for the rest api
   arn string
@@ -2407,7 +2410,7 @@ aws.apigateway.restapi {
   region string
 }
 
-// Amazon API Gateway REST API unique identifier for a version of a deployed RestApi that is callable by users
+// Amazon API Gateway REST API resource provides an object representing an individual stage configured on an API Gateway 
 aws.apigateway.stage {
   // ARN for the rest api stage
   arn string
@@ -2631,7 +2634,7 @@ aws.ec2.instance.device {
   deviceName string
 }
 
-// Amazon Virtual Private Cloud
+// AWS VPC resource
 aws.vpc {
   // arn of the vpc
   arn string

lumi/resources/core.lr.docs.yaml

@@ -82,41 +82,166 @@ resources:
   authorizedkeys: null
   authorizedkeys.entry: null
   aws:
+    docs:
+      desc: |
+        The AWS Resource is used to query AWS accounts and the services and resources within them. The `aws` resource returns a list of enabled regions within the AWS account, as well as a list of `aws.vpc` objects representing all VPCs configured across all enabled regions.
     platform:
       name:
       - aws
+    snippets:
+      - query: aws.regions
+        title: List all enabled regions within the AWS account
+      - query: aws.vpcs
+        title: List of `aws.vpc` objects for all VPCs across all enabled regions
+      - query: |
+          aws.vpcs {
+            arn 
+            id 
+            state 
+            isDefault 
+            region 
+            flowLogs
+            routeTables
+          }
+        title: List of `aws.vpc` objects for all VPCs across all enabled regions and the values for specified fields
+      - query: |
+          aws.vpcs
+            .all(
+              flowLogs.any(status == "ACTIVE")
+            )
+        title: Ensure VPC flow logging is enabled in all VPCs
+    refs:
+    - title: 'AWS Documentation: Managing AWS Regions'
+      url: https://docs.aws.amazon.com/general/latest/gr/rande-manage.html
+    - title: 'AWS Documentation: Security in Amazon Virtual Private Cloud'
+      url: https://docs.aws.amazon.com/vpc/latest/userguide/security.html
   aws.accessAnalyzer:
+    docs:
+      desc: |
+        The `aws.accessAnalyzer` resource returns a list of `aws.accessAnalyzer.analyzer` objects representing all of the AWS IAM Access Analyzers configured across the AWS account.
     platform:
       name:
       - aws
+    snippets:
+      - query: aws.accessAnalyzer.analyzers 
+        title: "Return a list of `aws.accessAnalyzer.analyzer` objects representing all of the AWS IAM Access Analyzers configured across the AWS account"
+    refs:
+    - title: "Using AWS IAM Access Analyzer"
+      url: https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html
   aws.accessanalyzer.analyzer:
     platform:
+      docs:
+        desc: |
+          AWS Access Analyzer resource provides an object representing an individual AWS IAM Access Analyzer configuration. See `aws.accessAnalyzer` resource documentation for more information and usage. 
       name:
       - aws
   aws.account:
+    docs:
+      desc: |
+        The `aws.account` resource provides configuration for AWS accounts including the account number, and configured aliases.
     platform:
       name:
       - aws
+    snippets:
+      - query: aws.account { id aliases }
+        title: "Return the account id (number) and any configured account aliases"
   aws.acm:
+    docs:
+      desc:
+        The `aws.acm` resource can be used to assess the configuration of the AWS Certificates Manager service within the account. This resource returns a list of `aws.acm.certificate` objects for all ACM certificates found within the account.
     platform:
       name:
       - aws
+    snippets:
+      - query: aws.acm.certificates
+        title: Return a list of `aws.acm.certificates` within the AWS account
+      - query: |
+          aws.acm.certificates {
+          arn
+          notBefore
+          notAfter 
+          createdAt
+          domainName
+          status
+          subject
+          certificate() 
+          }
+        title: Return a list of `aws.acm.certificates` within the AWS account along with values for specified fields
+      - query: |
+          aws.acm.certificates.
+            where( status != /PENDING_VALIDATION/ ).
+            all (notAfter - notBefore <= 90 * time.day)
+        title: "Checks whether ACM Certificates in your account are marked for expiration within 90 days"
+    refs:
+      - title: What Is AWS Certificate Manager?
+        url: https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html
+      - title: Security in AWS Certificate Manager
+        url: https://docs.aws.amazon.com/acm/latest/userguide/security.html
   aws.acm.certificate:
+    docs:
+      desc: |
+        The `aws.acm.certificate` resource provides an object representing an individual AWS ACM certificate. For usage see the `aws.acm` documentation.
     platform:
       name:
       - aws
   aws.apigateway:
+    docs:
+      desc:
+        The `aws.apigateway` resource can be used to assess the configuration of the AWS API Gateway service.
     platform:
       name:
       - aws
+    snippets:
+      - query: aws.apigateway.restApis
+        title: Return a list of `aws.apigateway.restapi` objects for all REST APIs configured with the account across all enabled regions
+      - query: |
+          aws.apigateway.restApis {
+            createdDate
+            description
+            stages
+            region
+            arn
+            id
+            name
+          }
+        title: Return a list of `aws.apigateway.restapi` objects for all REST APIs configured with the account across all enabled regions and the value for specified fields
+      - query: |
+          aws.apigateway.restApis.all(stages.all(
+            methodSettings['CachingEnabled'] == true && 
+              methodSettings['CacheDataEncrypted'] == true
+          ))
+        title: Checks that all methods in Amazon API Gateway have caching enabled and encrypted
+      - query: |
+          aws.apigateway.restApis.all(stages.all(
+          methodSettings['LoggingLevel'] == "ERROR" || methodSettings['LoggingLevel'] == "INFO"
+          ))
+        title: Checks that all methods in Amazon API Gateway have logging enabled
+    refs:
+      - title: What is Amazon API Gateway?
+        url: https://docs.aws.amazon.com/apigateway/latest/developerguide/welcome.html
+      - title: Security in Amazon API Gateway
+        url: https://docs.aws.amazon.com/apigateway/latest/developerguide/security.html
   aws.apigateway.restapi:
+    docs:
+      desc: |
+        The `aws.apigateway.restapi` resource provides an object representing an individual REST API configured within the AWS account. For usage see the `aws.apigateway` resource documentation.
     platform:
       name:
       - aws
   aws.apigateway.stage:
+    docs:
+      desc: |
+        The `aws.apigateway.stage` resource provides an object representing an individual stage configured on a REST API. For usage see the `aws.apigateway` resource documentation.
     platform:
       name:
       - aws
+    snippets:
+      - query: |
+          aws.apigateway.restApis { 
+            arn 
+            stages 
+          }
+        title: Return a list of AWS API Gateway REST APIs configured across all enabled regions in the AWS account and the values for the arn and stages
   aws.autoscaling:
     platform:
       name: