🧹 aws fixes; make aws ec2 instance-connect and aws ec2 ssm work (#1707)

mondoohq · Sep 22, 2023 · 0f03f86 · 0f03f86
1 parent eb05b57
commit 0f03f86
Show file tree

Hide file tree

Showing 14 changed files with 1,150 additions and 18 deletions.
diff --git a/providers/aws/config/config.go b/providers/aws/config/config.go
@@ -6,21 +6,22 @@ package config
 import (
 	"go.mondoo.com/cnquery/providers-sdk/v1/plugin"
 	"go.mondoo.com/cnquery/providers/aws/connection"
+	"go.mondoo.com/cnquery/providers/aws/connection/awsec2ebsconn"
 	"go.mondoo.com/cnquery/providers/aws/provider"
 )
 
 var Config = plugin.Provider{
 	Name:            "aws",
 	ID:              "go.mondoo.com/cnquery/providers/aws",
 	Version:         "9.0.0",
-	ConnectionTypes: []string{provider.DefaultConnectionType},
+	ConnectionTypes: []string{provider.DefaultConnectionType, string(awsec2ebsconn.EBSConnectionType)},
 	Connectors: []plugin.Connector{
 		{
 			Name:    "aws",
 			Use:     "aws",
 			Short:   "aws account",
 			MinArgs: 0,
-			MaxArgs: 0,
+			MaxArgs: 4,
 			Discovery: []string{
 				connection.DiscoveryAccounts,
 				connection.DiscoveryAll,
@@ -77,6 +78,12 @@ var Config = plugin.Provider{
 					Default: "",
 					Desc:    "Endpoint URL override for authentication with the API",
 				},
+				{
+					Long:    "no-setup",
+					Type:    plugin.FlagType_String,
+					Default: "",
+					Desc:    "Override option for EBS scanning that tells it to not create the snapshot or volume",
+				},
 			},
 		},
 	},

diff --git a/providers/aws/connection/awsec2ebsconn/destroy.go b/providers/aws/connection/awsec2ebsconn/destroy.go
@@ -0,0 +1,48 @@
+// Copyright (c) Mondoo, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package awsec2ebsconn
+
+import (
+	"context"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/rs/zerolog/log"
+	awsec2ebstypes "go.mondoo.com/cnquery/providers/aws/connection/awsec2ebsconn/types"
+)
+
+func (c *AwsEbsConnection) DetachVolumeFromInstance(ctx context.Context, volume *awsec2ebstypes.VolumeInfo) error {
+	log.Info().Msg("detach volume")
+	res, err := c.scannerRegionEc2svc.DetachVolume(ctx, &ec2.DetachVolumeInput{
+		Device: aws.String(c.volumeMounter.VolumeAttachmentLoc), VolumeId: &volume.Id,
+		InstanceId: &c.scannerInstance.Id,
+	})
+	if err != nil {
+		return err
+	}
+	if res.State != types.VolumeAttachmentStateDetached { // check if it's detached already
+		var volState types.VolumeState
+		for volState != types.VolumeStateAvailable {
+			time.Sleep(10 * time.Second)
+			resp, err := c.scannerRegionEc2svc.DescribeVolumes(ctx, &ec2.DescribeVolumesInput{VolumeIds: []string{volume.Id}})
+			if err != nil {
+				return err
+			}
+			if len(resp.Volumes) == 1 {
+				volState = resp.Volumes[0].State
+
+				log.Info().Interface("state", volState).Msg("waiting for volume detachment completion")
+			}
+		}
+	}
+	return nil
+}
+
+func (c *AwsEbsConnection) DeleteCreatedVolume(ctx context.Context, volume *awsec2ebstypes.VolumeInfo) error {
+	log.Info().Msg("delete created volume")
+	_, err := c.scannerRegionEc2svc.DeleteVolume(ctx, &ec2.DeleteVolumeInput{VolumeId: &volume.Id})
+	return err
+}