fugue / terraform-provider-fugue Goto Github PK
View Code? Open in Web Editor NEWTerraform Provider for Fugue
License: Mozilla Public License 2.0
Terraform Provider for Fugue
License: Mozilla Public License 2.0
AWS types dataprovider doesn't return all AWS resource types.
I'm running Terraform 1.1.3
in production, but I'm also seeing the issue in 1.1.7
.
I'm using version v0.0.9
of the Fugue Provider
Terraform v1.1.7
on darwin_amd64
+ provider registry.terraform.io/fugue/fugue v0.0.9
data "fugue_aws_types" "all" {
region = "us-east-1"
}
resource "fugue_aws_environment" "test" {
name = "test-env"
role_arn = "arn:aws:iam::xxxxxxxxx"
scan_interval = local.scan_schedule
scan_schedule_enabled = true
regions = ["*"]
compliance_families = ["NIST"]
resource_types = data.fugue_aws_types.all.types
}
A new environment should be created that scans all AWS resources.
A new environment is created with most AWS resources.
The environment is created with the following resource list.
+ resource_types = [
+ "AWS.ACM.Certificate",
+ "AWS.ACMPCA.CertificateAuthority",
+ "AWS.ApiGateway.Authorizer",
+ "AWS.ApiGateway.ClientCertificate",
+ "AWS.ApiGateway.Deployment",
+ "AWS.ApiGateway.DomainName",
+ "AWS.ApiGateway.RequestValidator",
+ "AWS.ApiGateway.Resource",
+ "AWS.ApiGateway.RestApi",
+ "AWS.ApiGateway.Stage",
+ "AWS.ApiGateway.UsagePlan",
+ "AWS.ApiGateway.VpcLink",
+ "AWS.AutoScaling.AutoScalingGroup",
+ "AWS.AutoScaling.LaunchConfiguration",
+ "AWS.AutoScaling.LaunchTemplate",
+ "AWS.AutoScaling.LifecycleHook",
+ "AWS.AutoScaling.Policy",
+ "AWS.AutoScaling.Schedule",
+ "AWS.CloudFront.Distribution",
+ "AWS.CloudTrail.Trail",
+ "AWS.CloudWatch.Dashboard",
+ "AWS.CloudWatch.MetricAlarm",
+ "AWS.CloudWatchEvents.Rule",
+ "AWS.CloudWatchEvents.Target",
+ "AWS.CloudWatchLogs.Destination",
+ "AWS.CloudWatchLogs.DestinationPolicy",
+ "AWS.CloudWatchLogs.LogGroup",
+ "AWS.CloudWatchLogs.MetricFilter",
+ "AWS.CloudWatchLogs.ResourcePolicy",
+ "AWS.CloudWatchLogs.SubscriptionFilter",
+ "AWS.Cognito.IdentityProvider",
+ "AWS.Cognito.ResourceServer",
+ "AWS.Cognito.UserGroup",
+ "AWS.Cognito.UserPool",
+ "AWS.Cognito.UserPoolClient",
+ "AWS.Cognito.UserPoolDomain",
+ "AWS.Config.AggregationAuthorization",
+ "AWS.Config.ConfigurationAggregator",
+ "AWS.Config.ConfigurationRecorder",
+ "AWS.Config.ConfigurationRecorderStatus",
+ "AWS.Config.DeliveryChannel",
+ "AWS.Config.Rule",
+ "AWS.DirectoryService.ConditionalForwarder",
+ "AWS.DirectoryService.Directory",
+ "AWS.DynamoDB.Table",
+ "AWS.EC2.CustomerGateway",
+ "AWS.EC2.DhcpOptions",
+ "AWS.EC2.DhcpOptionsAssociation",
+ "AWS.EC2.EgressOnlyInternetGateway",
+ "AWS.EC2.ElasticIP",
+ "AWS.EC2.FlowLog",
+ "AWS.EC2.Image",
+ "AWS.EC2.Instance",
+ "AWS.EC2.InternetGateway",
+ "AWS.EC2.KeyPair",
+ "AWS.EC2.NATGateway",
+ "AWS.EC2.NetworkACL",
+ "AWS.EC2.NetworkInterface",
+ "AWS.EC2.PlacementGroup",
+ "AWS.EC2.RouteTable",
+ "AWS.EC2.RouteTableAssociation",
+ "AWS.EC2.SecurityGroup",
+ "AWS.EC2.SpotFleetRequest",
+ "AWS.EC2.Subnet",
+ "AWS.EC2.Volume",
+ "AWS.EC2.Vpc",
+ "AWS.EC2.VpcEndpoint",
+ "AWS.EC2.VpcEndpointConnectionNotification",
+ "AWS.EC2.VpcEndpointService",
+ "AWS.EC2.VpcIpv4CidrBlockAssociation",
+ "AWS.EC2.VpcPeeringConnection",
+ "AWS.EC2.VpnConnection",
+ "AWS.EC2.VpnConnectionRoute",
+ "AWS.EC2.VpnGateway",
+ "AWS.ECR.Repository",
+ "AWS.ECS.Cluster",
+ "AWS.ECS.Service",
+ "AWS.ECS.Task",
+ "AWS.ECS.TaskDefinition",
+ "AWS.EFS.FileSystem",
+ "AWS.EFS.MountTarget",
+ "AWS.EKS.Cluster",
+ "AWS.ELB.BackendServerPolicy",
+ "AWS.ELB.ListenerPolicy",
+ "AWS.ELB.LoadBalancer",
+ "AWS.ELB.Policy",
+ "AWS.ELBv2.Listener",
+ "AWS.ELBv2.ListenerRule",
+ "AWS.ELBv2.LoadBalancer",
+ "AWS.ELBv2.TargetGroup",
+ "AWS.ElastiCache.Cluster",
+ "AWS.ElastiCache.ParameterGroup",
+ "AWS.ElastiCache.ReplicationGroup",
+ "AWS.Glacier.Vault",
+ "AWS.GuardDuty.Detector",
+ "AWS.GuardDuty.Member",
+ "AWS.IAM.AccessKey",
+ "AWS.IAM.AccountPasswordPolicy",
+ "AWS.IAM.CredentialReport",
+ "AWS.IAM.Group",
+ "AWS.IAM.GroupMembership",
+ "AWS.IAM.GroupPolicy",
+ "AWS.IAM.GroupPolicyAttachment",
+ "AWS.IAM.InstanceProfile",
+ "AWS.IAM.OpenIDConnectProvider",
+ "AWS.IAM.Policy",
+ "AWS.IAM.Role",
+ "AWS.IAM.RolePolicy",
+ "AWS.IAM.RolePolicyAttachment",
+ "AWS.IAM.SAMLProvider",
+ "AWS.IAM.User",
+ "AWS.IAM.UserPolicy",
+ "AWS.IAM.UserPolicyAttachment",
+ "AWS.Inspector.AssessmentTarget",
+ "AWS.Inspector.AssessmentTemplate",
+ "AWS.KMS.Alias",
+ "AWS.KMS.Grant",
+ "AWS.KMS.Key",
+ "AWS.Kinesis.Stream",
+ "AWS.KinesisFirehose.DeliveryStream",
+ "AWS.Lambda.Alias",
+ "AWS.Lambda.EventSourceMapping",
+ "AWS.Lambda.Function",
+ "AWS.Macie.MemberAccountAssociation",
+ "AWS.Macie.S3BucketAssociation",
+ "AWS.MediaStore.Container",
+ "AWS.MediaStore.ContainerPolicy",
+ "AWS.Organizations.Organization",
+ "AWS.RDS.Cluster",
+ "AWS.RDS.ClusterParameterGroup",
+ "AWS.RDS.EventSubscription",
+ "AWS.RDS.Instance",
+ "AWS.RDS.OptionGroup",
+ "AWS.RDS.ParameterGroup",
+ "AWS.RDS.SubnetGroup",
+ "AWS.Redshift.Cluster",
+ "AWS.Redshift.ParameterGroup",
+ "AWS.Redshift.SubnetGroup",
+ "AWS.Route53.DelegationSet",
+ "AWS.Route53.HealthCheck",
+ "AWS.Route53.QueryLog",
+ "AWS.Route53.Record",
+ "AWS.Route53.Zone",
+ "AWS.Route53.ZoneAssociation",
+ "AWS.S3.Bucket",
+ "AWS.S3.BucketInventory",
+ "AWS.S3.BucketMetric",
+ "AWS.S3.BucketNotification",
+ "AWS.S3.BucketPolicy",
+ "AWS.S3.BucketPublicAccessBlock",
+ "AWS.SFN.StateMachine",
+ "AWS.SNS.Subscription",
+ "AWS.SNS.Topic",
+ "AWS.SQS.Queue",
+ "AWS.SSM.Activation",
+ "AWS.SSM.Association",
+ "AWS.SSM.Document",
+ "AWS.SSM.MaintenanceWindow",
+ "AWS.SSM.MaintenanceWindowTarget",
+ "AWS.SSM.MaintenanceWindowTask",
+ "AWS.SSM.Parameter",
+ "AWS.SSM.PatchBaseline",
+ "AWS.SSM.PatchGroup",
+ "AWS.SSM.ResourceDataSync",
+ "AWS.SecretsManager.Secret",
+ "AWS.WAF.ByteMatchSet",
+ "AWS.WAF.GeoMatchSet",
+ "AWS.WAF.RateBasedRule",
+ "AWS.WAF.RegexMatchSet",
+ "AWS.WAF.RegexPatternSet",
+ "AWS.WAF.Rule",
+ "AWS.WAF.RuleGroup",
+ "AWS.WAF.SQLInjectionMatchSet",
+ "AWS.WAF.SizeConstraintSet",
+ "AWS.WAF.WebACL",
+ "AWS.WAF.XSSMatchSet",
+ "AWS.WAFRegional.ByteMatchSet",
+ "AWS.WAFRegional.GeoMatchSet",
+ "AWS.WAFRegional.RateBasedRule",
+ "AWS.WAFRegional.RegexMatchSet",
+ "AWS.WAFRegional.RegexPatternSet",
+ "AWS.WAFRegional.Rule",
+ "AWS.WAFRegional.RuleGroup",
+ "AWS.WAFRegional.SQLInjectionMatchSet",
+ "AWS.WAFRegional.SizeConstraintSet",
+ "AWS.WAFRegional.WebACL",
+ "AWS.WAFRegional.XSSMatchSet",
+ "AWS.WAFv2.LoggingConfiguration",
+ "AWS.WAFv2.RegexPatternSet",
+ "AWS.WAFv2.RuleGroup",
+ "AWS.WAFv2.WebACL",
+ "AWS.WAFv2.WebACLAssociation",
]
Missing from the above list are things like ApiGatewayV2 and ElasticSearch.
If I manually check those resources in the Fugue console, Terraform will attempt to remove them on the next apply.
It would be useful to be able to import existing Fugue resources, e.g.
$ fugue import fugue_aws_environment.dev <environment-uid>
Which currently returns:
fugue_aws_environment.dev: Importing from ID "<environment-uid>"...
Error: resource fugue_aws_environment doesn't support import
Is that something in your roadmap?
It would be great if we could configure Rule Waivers as a resource.
We have a lot of common ones we will want to add to all new environments.
It'd be great if we could use this provider to manage users and/or groups (with an ability to import existing user/groups)
I'm assuming this would be beneficial to others too wanting to audit users for compliance
We set up or rules and custom family in one terraform project. Then set up new AWS environments through a set of terraform projects when vend or update core services in the AWS account. We need a way to look up the family id from the custom name to add it to the environment.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.