fugue / terraform-provider-fugue Goto Github PK
View Code? Open in Web Editor NEWTerraform Provider for Fugue
License: Mozilla Public License 2.0
terraform-provider-fugue's People
Stargazers
Watchers
terraform-provider-fugue's Issues
AWS Types Dataprovider doesn't list all resources
AWS types dataprovider doesn't return all AWS resource types.
Terraform Version
I'm running Terraform 1.1.3 in production, but I'm also seeing the issue in 1.1.7.
I'm using version v0.0.9 of the Fugue Provider
Terraform v1.1.7
on darwin_amd64
+ provider registry.terraform.io/fugue/fugue v0.0.9
Affected Resource(s)
- fugue_aws_types data provider
Terraform Configuration Files
data "fugue_aws_types" "all" {
region = "us-east-1"
}
resource "fugue_aws_environment" "test" {
name = "test-env"
role_arn = "arn:aws:iam::xxxxxxxxx"
scan_interval = local.scan_schedule
scan_schedule_enabled = true
regions = ["*"]
compliance_families = ["NIST"]
resource_types = data.fugue_aws_types.all.types
}
Expected Behavior
A new environment should be created that scans all AWS resources.
Actual Behavior
A new environment is created with most AWS resources.
The environment is created with the following resource list.
+ resource_types = [
+ "AWS.ACM.Certificate",
+ "AWS.ACMPCA.CertificateAuthority",
+ "AWS.ApiGateway.Authorizer",
+ "AWS.ApiGateway.ClientCertificate",
+ "AWS.ApiGateway.Deployment",
+ "AWS.ApiGateway.DomainName",
+ "AWS.ApiGateway.RequestValidator",
+ "AWS.ApiGateway.Resource",
+ "AWS.ApiGateway.RestApi",
+ "AWS.ApiGateway.Stage",
+ "AWS.ApiGateway.UsagePlan",
+ "AWS.ApiGateway.VpcLink",
+ "AWS.AutoScaling.AutoScalingGroup",
+ "AWS.AutoScaling.LaunchConfiguration",
+ "AWS.AutoScaling.LaunchTemplate",
+ "AWS.AutoScaling.LifecycleHook",
+ "AWS.AutoScaling.Policy",
+ "AWS.AutoScaling.Schedule",
+ "AWS.CloudFront.Distribution",
+ "AWS.CloudTrail.Trail",
+ "AWS.CloudWatch.Dashboard",
+ "AWS.CloudWatch.MetricAlarm",
+ "AWS.CloudWatchEvents.Rule",
+ "AWS.CloudWatchEvents.Target",
+ "AWS.CloudWatchLogs.Destination",
+ "AWS.CloudWatchLogs.DestinationPolicy",
+ "AWS.CloudWatchLogs.LogGroup",
+ "AWS.CloudWatchLogs.MetricFilter",
+ "AWS.CloudWatchLogs.ResourcePolicy",
+ "AWS.CloudWatchLogs.SubscriptionFilter",
+ "AWS.Cognito.IdentityProvider",
+ "AWS.Cognito.ResourceServer",
+ "AWS.Cognito.UserGroup",
+ "AWS.Cognito.UserPool",
+ "AWS.Cognito.UserPoolClient",
+ "AWS.Cognito.UserPoolDomain",
+ "AWS.Config.AggregationAuthorization",
+ "AWS.Config.ConfigurationAggregator",
+ "AWS.Config.ConfigurationRecorder",
+ "AWS.Config.ConfigurationRecorderStatus",
+ "AWS.Config.DeliveryChannel",
+ "AWS.Config.Rule",
+ "AWS.DirectoryService.ConditionalForwarder",
+ "AWS.DirectoryService.Directory",
+ "AWS.DynamoDB.Table",
+ "AWS.EC2.CustomerGateway",
+ "AWS.EC2.DhcpOptions",
+ "AWS.EC2.DhcpOptionsAssociation",
+ "AWS.EC2.EgressOnlyInternetGateway",
+ "AWS.EC2.ElasticIP",
+ "AWS.EC2.FlowLog",
+ "AWS.EC2.Image",
+ "AWS.EC2.Instance",
+ "AWS.EC2.InternetGateway",
+ "AWS.EC2.KeyPair",
+ "AWS.EC2.NATGateway",
+ "AWS.EC2.NetworkACL",
+ "AWS.EC2.NetworkInterface",
+ "AWS.EC2.PlacementGroup",
+ "AWS.EC2.RouteTable",
+ "AWS.EC2.RouteTableAssociation",
+ "AWS.EC2.SecurityGroup",
+ "AWS.EC2.SpotFleetRequest",
+ "AWS.EC2.Subnet",
+ "AWS.EC2.Volume",
+ "AWS.EC2.Vpc",
+ "AWS.EC2.VpcEndpoint",
+ "AWS.EC2.VpcEndpointConnectionNotification",
+ "AWS.EC2.VpcEndpointService",
+ "AWS.EC2.VpcIpv4CidrBlockAssociation",
+ "AWS.EC2.VpcPeeringConnection",
+ "AWS.EC2.VpnConnection",
+ "AWS.EC2.VpnConnectionRoute",
+ "AWS.EC2.VpnGateway",
+ "AWS.ECR.Repository",
+ "AWS.ECS.Cluster",
+ "AWS.ECS.Service",
+ "AWS.ECS.Task",
+ "AWS.ECS.TaskDefinition",
+ "AWS.EFS.FileSystem",
+ "AWS.EFS.MountTarget",
+ "AWS.EKS.Cluster",
+ "AWS.ELB.BackendServerPolicy",
+ "AWS.ELB.ListenerPolicy",
+ "AWS.ELB.LoadBalancer",
+ "AWS.ELB.Policy",
+ "AWS.ELBv2.Listener",
+ "AWS.ELBv2.ListenerRule",
+ "AWS.ELBv2.LoadBalancer",
+ "AWS.ELBv2.TargetGroup",
+ "AWS.ElastiCache.Cluster",
+ "AWS.ElastiCache.ParameterGroup",
+ "AWS.ElastiCache.ReplicationGroup",
+ "AWS.Glacier.Vault",
+ "AWS.GuardDuty.Detector",
+ "AWS.GuardDuty.Member",
+ "AWS.IAM.AccessKey",
+ "AWS.IAM.AccountPasswordPolicy",
+ "AWS.IAM.CredentialReport",
+ "AWS.IAM.Group",
+ "AWS.IAM.GroupMembership",
+ "AWS.IAM.GroupPolicy",
+ "AWS.IAM.GroupPolicyAttachment",
+ "AWS.IAM.InstanceProfile",
+ "AWS.IAM.OpenIDConnectProvider",
+ "AWS.IAM.Policy",
+ "AWS.IAM.Role",
+ "AWS.IAM.RolePolicy",
+ "AWS.IAM.RolePolicyAttachment",
+ "AWS.IAM.SAMLProvider",
+ "AWS.IAM.User",
+ "AWS.IAM.UserPolicy",
+ "AWS.IAM.UserPolicyAttachment",
+ "AWS.Inspector.AssessmentTarget",
+ "AWS.Inspector.AssessmentTemplate",
+ "AWS.KMS.Alias",
+ "AWS.KMS.Grant",
+ "AWS.KMS.Key",
+ "AWS.Kinesis.Stream",
+ "AWS.KinesisFirehose.DeliveryStream",
+ "AWS.Lambda.Alias",
+ "AWS.Lambda.EventSourceMapping",
+ "AWS.Lambda.Function",
+ "AWS.Macie.MemberAccountAssociation",
+ "AWS.Macie.S3BucketAssociation",
+ "AWS.MediaStore.Container",
+ "AWS.MediaStore.ContainerPolicy",
+ "AWS.Organizations.Organization",
+ "AWS.RDS.Cluster",
+ "AWS.RDS.ClusterParameterGroup",
+ "AWS.RDS.EventSubscription",
+ "AWS.RDS.Instance",
+ "AWS.RDS.OptionGroup",
+ "AWS.RDS.ParameterGroup",
+ "AWS.RDS.SubnetGroup",
+ "AWS.Redshift.Cluster",
+ "AWS.Redshift.ParameterGroup",
+ "AWS.Redshift.SubnetGroup",
+ "AWS.Route53.DelegationSet",
+ "AWS.Route53.HealthCheck",
+ "AWS.Route53.QueryLog",
+ "AWS.Route53.Record",
+ "AWS.Route53.Zone",
+ "AWS.Route53.ZoneAssociation",
+ "AWS.S3.Bucket",
+ "AWS.S3.BucketInventory",
+ "AWS.S3.BucketMetric",
+ "AWS.S3.BucketNotification",
+ "AWS.S3.BucketPolicy",
+ "AWS.S3.BucketPublicAccessBlock",
+ "AWS.SFN.StateMachine",
+ "AWS.SNS.Subscription",
+ "AWS.SNS.Topic",
+ "AWS.SQS.Queue",
+ "AWS.SSM.Activation",
+ "AWS.SSM.Association",
+ "AWS.SSM.Document",
+ "AWS.SSM.MaintenanceWindow",
+ "AWS.SSM.MaintenanceWindowTarget",
+ "AWS.SSM.MaintenanceWindowTask",
+ "AWS.SSM.Parameter",
+ "AWS.SSM.PatchBaseline",
+ "AWS.SSM.PatchGroup",
+ "AWS.SSM.ResourceDataSync",
+ "AWS.SecretsManager.Secret",
+ "AWS.WAF.ByteMatchSet",
+ "AWS.WAF.GeoMatchSet",
+ "AWS.WAF.RateBasedRule",
+ "AWS.WAF.RegexMatchSet",
+ "AWS.WAF.RegexPatternSet",
+ "AWS.WAF.Rule",
+ "AWS.WAF.RuleGroup",
+ "AWS.WAF.SQLInjectionMatchSet",
+ "AWS.WAF.SizeConstraintSet",
+ "AWS.WAF.WebACL",
+ "AWS.WAF.XSSMatchSet",
+ "AWS.WAFRegional.ByteMatchSet",
+ "AWS.WAFRegional.GeoMatchSet",
+ "AWS.WAFRegional.RateBasedRule",
+ "AWS.WAFRegional.RegexMatchSet",
+ "AWS.WAFRegional.RegexPatternSet",
+ "AWS.WAFRegional.Rule",
+ "AWS.WAFRegional.RuleGroup",
+ "AWS.WAFRegional.SQLInjectionMatchSet",
+ "AWS.WAFRegional.SizeConstraintSet",
+ "AWS.WAFRegional.WebACL",
+ "AWS.WAFRegional.XSSMatchSet",
+ "AWS.WAFv2.LoggingConfiguration",
+ "AWS.WAFv2.RegexPatternSet",
+ "AWS.WAFv2.RuleGroup",
+ "AWS.WAFv2.WebACL",
+ "AWS.WAFv2.WebACLAssociation",
]
Missing from the above list are things like ApiGatewayV2 and ElasticSearch.
If I manually check those resources in the Fugue console, Terraform will attempt to remove them on the next apply.
Feature request: Support importing resources
It would be useful to be able to import existing Fugue resources, e.g.
$ fugue import fugue_aws_environment.dev <environment-uid>
Which currently returns:
fugue_aws_environment.dev: Importing from ID "<environment-uid>"...
Error: resource fugue_aws_environment doesn't support import
Is that something in your roadmap?
[FEATURE REQUEST] Adding rule waiver
It would be great if we could configure Rule Waivers as a resource.
We have a lot of common ones we will want to add to all new environments.
Feature Request: user + group management
It'd be great if we could use this provider to manage users and/or groups (with an ability to import existing user/groups)
I'm assuming this would be beneficial to others too wanting to audit users for compliance
Need Family Data Source
We set up or rules and custom family in one terraform project. Then set up new AWS environments through a set of terraform projects when vend or update core services in the AWS account. We need a way to look up the family id from the custom name to add it to the environment.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.