aws#21477 add config resourcetype in 202208XX Latest

watany-dev · Aug 6, 2022 · ced58bc · ced58bc
1 parent 1124cbf
commit ced58bc
Show file tree

Hide file tree

Showing 2 changed files with 126 additions and 0 deletions.
diff --git a/packages/@aws-cdk/aws-config/lib/rule.ts b/packages/@aws-cdk/aws-config/lib/rule.ts
@@ -1318,6 +1318,8 @@ export class ResourceType {
   public static readonly EC2_EIP = new ResourceType('AWS::EC2::EIP');
   /** EC2 instance */
   public static readonly EC2_INSTANCE = new ResourceType('AWS::EC2::Instance');
+  /** EC2 Network Interface */
+  public static readonly EC2_NETWORK_INTERFACE = new ResourceType('AWS::EC2::NetworkInterface');
   /** EC2 security group */
   public static readonly EC2_SECURITY_GROUP = new ResourceType('AWS::EC2::SecurityGroup');
   /** EC2 NAT gateway */
@@ -1326,18 +1328,54 @@ export class ResourceType {
   public static readonly EC2_EGRESS_ONLY_INTERNET_GATEWAY = new ResourceType('AWS::EC2::EgressOnlyInternetGateway');
   /** EC2 flow log */
   public static readonly EC2_FLOW_LOG = new ResourceType('AWS::EC2::FlowLog');
+  /** EC2 transit gateway */
+  public static readonly EC2_TRANSIT_GATEWAY = new ResourceType('AWS::EC2::TransitGateway');
+  /** EC2 transit gateway attachment */
+  public static readonly EC2_TRANSIT_GATEWAY_ATTACHMENT = new ResourceType('AWS::EC2::TransitGatewayAttachment');
+  /** EC2 transit gateway route table */
+  public static readonly EC2_TRANSIT_GATEWAY_ROUTE_TABLE = new ResourceType('AWS::EC2::TransitGatewayRouteTable');
   /** EC2 VPC endpoint */
   public static readonly EC2_VPC_ENDPOINT = new ResourceType('AWS::EC2::VPCEndpoint');
   /** EC2 VPC endpoint service */
   public static readonly EC2_VPC_ENDPOINT_SERVICE = new ResourceType('AWS::EC2::VPCEndpointService');
   /** EC2 VPC peering connection */
   public static readonly EC2_VPC_PEERING_CONNECTION = new ResourceType('AWS::EC2::VPCPeeringConnection');
+  /** EC2 registered HA instance */
+  public static readonly EC2_REGISTERED_HA_INSTANCE = new ResourceType('AWS::EC2::RegisteredHAInstance');
+  /** EC2 launch template */
+  public static readonly EC2_LAUNCH_TEMPLATE = new ResourceType('AWS::EC2::LaunchTemplate');
+  /** Amazon ECR repository */
+  public static readonly ECR_REPOSITORY = new ResourceType('AWS::ECR::Repository');
+  /** Amazon ECR public repository */
+  public static readonly ECR_PUBLIC_REPOSITORY = new ResourceType('AWS::ECR::PublicRepository');
+  /** Amazon ECS cluster */
+  public static readonly ECS_CLUSTER = new ResourceType('AWS::ECS::Cluster');
+  /** Amazon ECS task definition */
+  public static readonly ECS_TASK_DEFINITION = new ResourceType('AWS::ECS::TaskDefinition');
+  /** Amazon ECS service */
+  public static readonly ECS_SERVICE = new ResourceType('AWS::ECS::Service');
+  /** Amazon EFS file system */
+  public static readonly EFS_FILE_SYSTEM = new ResourceType('AWS::EFS::FileSystem');
+  /** Amazon EFS access point */
+  public static readonly EFS_ACCESS_POINT = new ResourceType('AWS::EFS::AccessPoint');
   /** Amazon Elastic Kubernetes Service cluster */
   public static readonly EKS_CLUSTER = new ResourceType('AWS::EKS::Cluster');
+  /** Amazon EMR security configuration */
+  public static readonly EMR_SECURITY_CONFIGURATION = new ResourceType('AWS::EMR::SecurityConfiguration');
+  /** Amazon GuardDuty detector */
+  public static readonly GUARDDUTY_DETECTOR = new ResourceType('AWS::GuardDuty::Detector');
   /** Amazon ElasticSearch domain */
   public static readonly ELASTICSEARCH_DOMAIN = new ResourceType('AWS::Elasticsearch::Domain');
+  /** Amazon OpenSearch domain */
+  public static readonly OPENSEARCH_DOMAIN = new ResourceType('AWS::OpenSearch::Domain');
   /** Amazon QLDB ledger */
   public static readonly QLDB_LEDGER = new ResourceType('AWS::QLDB::Ledger');
+  /** Amazon Kinesis stream */
+  public static readonly KINESIS_STREAM = new ResourceType('AWS::Kinesis::Stream');
+  /** Amazon Kinesis stream consumer */
+  public static readonly KINESIS_STREAM_CONSUMER = new ResourceType('AWS::Kinesis::StreamConsumer');
+  /** Amazon MSK cluster */
+  public static readonly MSK_CLUSTER = new ResourceType('AWS::MSK::Cluster');
   /** Amazon Redshift cluster */
   public static readonly REDSHIFT_CLUSTER = new ResourceType('AWS::Redshift::Cluster');
   /** Amazon Redshift cluster parameter group */
@@ -1364,12 +1402,24 @@ export class ResourceType {
   public static readonly RDS_DB_CLUSTER = new ResourceType('AWS::RDS::DBCluster');
   /** Amazon RDS database cluster snapshot */
   public static readonly RDS_DB_CLUSTER_SNAPSHOT = new ResourceType('AWS::RDS::DBClusterSnapshot');
+  /** Amazon Route53 resolver resolver endpoint */
+  public static readonly ROUTE53_RESOLVER_RESOLVER_ENDPOINT = new ResourceType('AWS::Route53Resolver::ResolverEndpoint');
+  /** Amazon Route53 resolver resolver rule */
+  public static readonly ROUTE53_RESOLVER_RESOLVER_RULE = new ResourceType('AWS::Route53Resolver::ResolverRule');
+  /** Amazon Route53 resolver resolver rule association */
+  public static readonly ROUTE53_RESOLVER_RESOLVER_RULE_ASSOCIATION = new ResourceType('AWS::Route53Resolver::ResolverRuleAssociation');
   /** Amazon SQS queue */
   public static readonly SQS_QUEUE = new ResourceType('AWS::SQS::Queue');
   /** Amazon SNS topic */
   public static readonly SNS_TOPIC = new ResourceType('AWS::SNS::Topic');
   /** Amazon S3 bucket */
   public static readonly S3_BUCKET = new ResourceType('AWS::S3::Bucket');
+  /** Amazon SageMaker code repository */
+  public static readonly SAGEMAKER_CODE_REPOSITORY = new ResourceType('AWS::SageMaker::CodeRepository');
+  /** Amazon SageMaker model */
+  public static readonly SAGEMAKER_MODEL = new ResourceType('AWS::SageMaker::Model');
+  /** Amazon SageMaker notebook instance */
+  public static readonly SAGEMAKER_NOTEBOOK_INSTANCE = new ResourceType('AWS::SageMaker::NotebookInstance');
   /** Amazon S3 account public access block */
   public static readonly S3_ACCOUNT_PUBLIC_ACCESS_BLOCK = new ResourceType('AWS::S3::AccountPublicAccessBlock');
   /** Amazon EC2 customer gateway */
@@ -1396,6 +1446,7 @@ export class ResourceType {
   public static readonly AUTO_SCALING_POLICY = new ResourceType('AWS::AutoScaling::ScalingPolicy');
   /** AWS Auto Scaling scheduled action */
   public static readonly AUTO_SCALING_SCHEDULED_ACTION = new ResourceType('AWS::AutoScaling::ScheduledAction');
+C
   /** AWS Certificate manager certificate */
   public static readonly ACM_CERTIFICATE = new ResourceType('AWS::ACM::Certificate');
   /** AWS CloudFormation stack */

diff --git a/packages/@aws-cdk/aws-config/test/rule.test.ts b/packages/@aws-cdk/aws-config/test/rule.test.ts
@@ -298,4 +298,79 @@ describe('rule', () => {
       },
     });
   });
+
+  test('scope to resource', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+
+    // WHEN
+    new config.ManagedRule(stack, 'Rule', {
+      identifier: 'AWS_SUPER_COOL',
+      ruleScope: config.RuleScope.fromResources([
+        config.ResourceType.EC2_NETWORK_INTERFACE,
+        config.ResourceType.EC2_TRANSIT_GATEWAY,
+        config.ResourceType.EC2_TRANSIT_GATEWAY_ATTACHMENT,
+        config.ResourceType.EC2_TRANSIT_GATEWAY_ROUTE_TABLE,
+        config.ResourceType.EC2_REGISTERED_HA_INSTANCE,
+        config.ResourceType.EC2_LAUNCH_TEMPLATE,
+        config.ResourceType.ECR_REPOSITORY,
+        config.ResourceType.ECR_PUBLIC_REPOSITORY,
+        config.ResourceType.ECS_CLUSTER,
+        config.ResourceType.ECS_TASK_DEFINITION,
+        config.ResourceType.ECS_SERVICE,
+        config.ResourceType.EFS_FILE_SYSTEM,
+        config.ResourceType.EFS_ACCESS_POINT,
+        config.ResourceType.EMR_SECURITY_CONFIGURATION,
+        config.ResourceType.GUARDDUTY_DETECTOR,
+        config.ResourceType.OPENSEARCH_DOMAIN,
+        config.ResourceType.KINESIS_STREAM,
+        config.ResourceType.KINESIS_STREAM_CONSUMER,
+        config.ResourceType.MSK_CLUSTER,
+        config.ResourceType.ROUTE53_RESOLVER_RESOLVER_ENDPOINT,
+        config.ResourceType.ROUTE53_RESOLVER_RESOLVER_RULE,
+        config.ResourceType.ROUTE53_RESOLVER_RESOLVER_RULE_ASSOCIATION,
+        config.ResourceType.SAGEMAKER_CODE_REPOSITORY,
+        config.ResourceType.SAGEMAKER_MODEL,
+        config.ResourceType.SAGEMAKER_NOTEBOOK_INSTANCE,
+        config.ResourceType.WORKSPACES_CONNECTION_ALIAS,
+        config.ResourceType.WORKSPACES_WORKSPACE,
+      ]),
+    });
+
+    // THEN
+    Template.fromStack(stack).hasResourceProperties('AWS::Config::ConfigRule', {
+      Scope: {
+        ComplianceResourceTypes: [
+          'AWS::EC2::NetworkInterface',
+          'AWS::EC2::TransitGateway',
+          'AWS::EC2::TransitGatewayAttachment',
+          'AWS::EC2::TransitGatewayRouteTable',
+          'AWS::EC2::RegisteredHAInstance',
+          'AWS::EC2::LaunchTemplate',
+          'AWS::ECR::Repository',
+          'AWS::ECR::PublicRepository',
+          'AWS::ECS::Cluster',
+          'AWS::ECS::TaskDefinition',
+          'AWS::ECS::Service',
+          'AWS::EFS::FileSystem',
+          'AWS::EFS::AccessPoint',
+          'AWS::EMR::SecurityConfiguration',
+          'AWS::GuardDuty::Detector',
+          'AWS::OpenSearch::Domain',
+          'AWS::Kinesis::Stream',
+          'AWS::Kinesis::StreamConsumer',
+          'AWS::MSK::Cluster',
+          'AWS::Route53Resolver::ResolverEndpoint',
+          'AWS::Route53Resolver::ResolverRule',
+          'AWS::Route53Resolver::ResolverRuleAssociation',
+          'AWS::SageMaker::CodeRepository',
+          'AWS::SageMaker::Model',
+          'AWS::SageMaker::NotebookInstance',
+          'AWS::WorkSpaces::ConnectionAlias',
+          'AWS::WorkSpaces::Workspace',
+        ],
+      },
+    });
+  });
+
 });