🐛 Assign SSM connection if available to ec2 instances. (#4849)

Signed-off-by: Preslav <preslav@mondoo.com>
mondoohq · Nov 13, 2024 · e2511bd · e2511bd
1 parent b8014a3
commit e2511bd
Showing 1 changed file with 15 additions and 14 deletions.
diff --git a/providers/aws/resources/discovery_conversion.go b/providers/aws/resources/discovery_conversion.go
@@ -34,6 +34,7 @@ const (
 	MondooContainerNameLabelKey = "mondoo.com/container-name"
 	MondooClusterNameLabelKey   = "mondoo.com/cluster-name"
 	MondooTaskArnLabelKey       = "mondoo.com/task-arn"
+	MondooSsmConnection         = "mondoo.com/ssm-connection"
 )
 
 type mqlObject struct {
@@ -305,14 +306,13 @@ func addConnectionInfoToEc2Asset(instance *mqlAwsEc2Instance, accountId string,
 		info.image = &instance.GetImage().Data.Id.Data
 	}
 	addMondooLabels(info, asset)
-
+	imageName := ""
+	if instance.GetImage().Data != nil {
+		imageName = instance.GetImage().Data.Name.Data
+	}
+	probableUsername := getProbableUsernameFromImageName(imageName)
 	// if there is a public ip & it is running, we assume ssh is an option
 	if instance.PublicIp.Data != "" && instance.State.Data == string(types.InstanceStateNameRunning) {
-		imageName := ""
-		if instance.GetImage().Data != nil {
-			imageName = instance.GetImage().Data.Name.Data
-		}
-		probableUsername := getProbableUsernameFromImageName(imageName)
 		asset.Connections = []*inventory.Config{{
 			Type:     "ssh",
 			Host:     instance.PublicIp.Data,
@@ -330,14 +330,15 @@ func addConnectionInfoToEc2Asset(instance *mqlAwsEc2Instance, accountId string,
 				"instance": instance.InstanceId.Data,
 			},
 		}}
-		if instance.GetSsm() != nil && instance.GetSsm().Data != nil && len(instance.GetSsm().Data.(map[string]interface{})["InstanceInformationList"].([]interface{})) > 0 {
-			if instance.GetSsm().Data.(map[string]interface{})["InstanceInformationList"].([]interface{})[0].(map[string]interface{})["PingStatus"] == "Online" {
-				asset.Connections[0].Credentials = append(asset.Connections[0].Credentials, &vault.Credential{
-					User: probableUsername,
-					Type: vault.CredentialType_aws_ec2_ssm_session,
-				})
-				asset.Labels["mondoo.com/ssm-connection"] = "Online"
-			}
+	}
+	// if the ssm agent indicates it is online, we assume ssm is an option
+	if instance.GetSsm() != nil && instance.GetSsm().Data != nil && len(instance.GetSsm().Data.(map[string]interface{})["InstanceInformationList"].([]interface{})) > 0 {
+		if instance.GetSsm().Data.(map[string]interface{})["InstanceInformationList"].([]interface{})[0].(map[string]interface{})["PingStatus"] == "Online" {
+			asset.Connections[0].Credentials = append(asset.Connections[0].Credentials, &vault.Credential{
+				User: probableUsername,
+				Type: vault.CredentialType_aws_ec2_ssm_session,
+			})
+			asset.Labels[MondooSsmConnection] = "Online"
 		}
 	}
 	return asset