From 48132816b7fe9a93869b0ae847a5cb9886b52591 Mon Sep 17 00:00:00 2001
From: Victoria Jeffrey <vj@mondoo.com>
Date: Sun, 19 May 2024 14:43:05 -0600
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20aws=20elb=20targetgroup?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 providers/aws/resources/aws.lr               |  40 +++
 providers/aws/resources/aws.lr.go            | 316 +++++++++++++++++++
 providers/aws/resources/aws.lr.manifest.yaml |  28 ++
 providers/aws/resources/aws_elb.go           |  90 ++++++
 4 files changed, 474 insertions(+)

diff --git a/providers/aws/resources/aws.lr b/providers/aws/resources/aws.lr
index 8279f485fb..5610c2a341 100644
--- a/providers/aws/resources/aws.lr
+++ b/providers/aws/resources/aws.lr
@@ -1088,6 +1088,44 @@ aws.elb {
   loadBalancers() []aws.elb.loadbalancer
 }
 
+// AWS ELB Target Group
+private aws.elb.targetgroup {
+  // Name for the load balancer target group
+  name string 
+  // ARN for the load balancer target group
+  arn string 
+  // Port for the load balancer target group
+  port int
+  // Protocol for the load balancer target group
+  protocol string
+  // Protocol version for the load balancer target group
+  protocolVersion string
+  // IP address type for the load balancer target group (ipv4, ipv6)
+  ipAddressType string
+  // True if health check is enabled for the load balancer target group
+  healthCheckEnabled bool
+  // Health check interval for the load balancer target group
+  healthCheckIntervalSeconds int
+  // Health check path for the load balancer target group
+  healthCheckPath string
+  // Health check port for the load balancer target group
+  healthCheckPort string
+  // Health check protocol for the load balancer target group
+  healthCheckProtocol string
+  // Health check timeout seconds for the load balancer target group
+  healthCheckTimeoutSeconds int
+  // Target type for the for the load balancer target group (instance, ip, lambda, alb)
+  targetType string
+  // Unhealthy treshold count for the load balancer target group
+  unhealthyThresholdCount int
+  // VPC for the load balancer target group
+  vpc() aws.vpc
+  // EC2 targets for the load balancer target group
+  ec2Targets() []aws.ec2.instance
+  // Lambda targets for the load balancer target group
+  lambdaTargets() []aws.lambda.functio
+}
+
 // AWS Elastic Load Balancing load balancer
 private aws.elb.loadbalancer @defaults("name region elbType scheme vpcId dnsName") {
   // ARN for the load balancer
@@ -1118,6 +1156,8 @@ private aws.elb.loadbalancer @defaults("name region elbType scheme vpcId dnsName
   elbType string
   // VPC where the load balancer is located
   vpc aws.vpc
+  // List of target groups for the load balancer
+  targetGroups() []aws.elb.targetgroup
 }
 
 // AWS CodeBuild for building and testing code
diff --git a/providers/aws/resources/aws.lr.go b/providers/aws/resources/aws.lr.go
index a83861d510..b10949a873 100644
--- a/providers/aws/resources/aws.lr.go
+++ b/providers/aws/resources/aws.lr.go
@@ -302,6 +302,10 @@ func init() {
 			// to override args, implement: initAwsElb(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error)
 			Create: createAwsElb,
 		},
+		"aws.elb.targetgroup": {
+			// to override args, implement: initAwsElbTargetgroup(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error)
+			Create: createAwsElbTargetgroup,
+		},
 		"aws.elb.loadbalancer": {
 			Init: initAwsElbLoadbalancer,
 			Create: createAwsElbLoadbalancer,
@@ -1955,6 +1959,57 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{
 	"aws.elb.loadBalancers": func(r plugin.Resource) *plugin.DataRes {
 		return (r.(*mqlAwsElb).GetLoadBalancers()).ToDataRes(types.Array(types.Resource("aws.elb.loadbalancer")))
 	},
+	"aws.elb.targetgroup.name": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetName()).ToDataRes(types.String)
+	},
+	"aws.elb.targetgroup.arn": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetArn()).ToDataRes(types.String)
+	},
+	"aws.elb.targetgroup.port": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetPort()).ToDataRes(types.Int)
+	},
+	"aws.elb.targetgroup.protocol": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetProtocol()).ToDataRes(types.String)
+	},
+	"aws.elb.targetgroup.protocolVersion": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetProtocolVersion()).ToDataRes(types.String)
+	},
+	"aws.elb.targetgroup.ipAddressType": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetIpAddressType()).ToDataRes(types.String)
+	},
+	"aws.elb.targetgroup.healthCheckEnabled": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetHealthCheckEnabled()).ToDataRes(types.Bool)
+	},
+	"aws.elb.targetgroup.healthCheckIntervalSeconds": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetHealthCheckIntervalSeconds()).ToDataRes(types.Int)
+	},
+	"aws.elb.targetgroup.healthCheckPath": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetHealthCheckPath()).ToDataRes(types.String)
+	},
+	"aws.elb.targetgroup.healthCheckPort": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetHealthCheckPort()).ToDataRes(types.String)
+	},
+	"aws.elb.targetgroup.healthCheckProtocol": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetHealthCheckProtocol()).ToDataRes(types.String)
+	},
+	"aws.elb.targetgroup.healthCheckTimeoutSeconds": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetHealthCheckTimeoutSeconds()).ToDataRes(types.Int)
+	},
+	"aws.elb.targetgroup.targetType": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetTargetType()).ToDataRes(types.String)
+	},
+	"aws.elb.targetgroup.unhealthyThresholdCount": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetUnhealthyThresholdCount()).ToDataRes(types.Int)
+	},
+	"aws.elb.targetgroup.vpc": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetVpc()).ToDataRes(types.Resource("aws.vpc"))
+	},
+	"aws.elb.targetgroup.ec2Targets": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetEc2Targets()).ToDataRes(types.Array(types.Resource("aws.ec2.instance")))
+	},
+	"aws.elb.targetgroup.lambdaTargets": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbTargetgroup).GetLambdaTargets()).ToDataRes(types.Array(types.Resource("aws.lambda.functio")))
+	},
 	"aws.elb.loadbalancer.arn": func(r plugin.Resource) *plugin.DataRes {
 		return (r.(*mqlAwsElbLoadbalancer).GetArn()).ToDataRes(types.String)
 	},
@@ -1997,6 +2052,9 @@ var getDataFields = map[string]func(r plugin.Resource) *plugin.DataRes{
 	"aws.elb.loadbalancer.vpc": func(r plugin.Resource) *plugin.DataRes {
 		return (r.(*mqlAwsElbLoadbalancer).GetVpc()).ToDataRes(types.Resource("aws.vpc"))
 	},
+	"aws.elb.loadbalancer.targetGroups": func(r plugin.Resource) *plugin.DataRes {
+		return (r.(*mqlAwsElbLoadbalancer).GetTargetGroups()).ToDataRes(types.Array(types.Resource("aws.elb.targetgroup")))
+	},
 	"aws.codebuild.projects": func(r plugin.Resource) *plugin.DataRes {
 		return (r.(*mqlAwsCodebuild).GetProjects()).ToDataRes(types.Array(types.Resource("aws.codebuild.project")))
 	},
@@ -6009,6 +6067,78 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool {
 		r.(*mqlAwsElb).LoadBalancers, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error)
 		return
 	},
+	"aws.elb.targetgroup.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+			r.(*mqlAwsElbTargetgroup).__id, ok = v.Value.(string)
+			return
+		},
+	"aws.elb.targetgroup.name": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).Name, ok = plugin.RawToTValue[string](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.arn": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).Arn, ok = plugin.RawToTValue[string](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.port": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).Port, ok = plugin.RawToTValue[int64](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.protocol": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).Protocol, ok = plugin.RawToTValue[string](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.protocolVersion": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).ProtocolVersion, ok = plugin.RawToTValue[string](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.ipAddressType": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).IpAddressType, ok = plugin.RawToTValue[string](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.healthCheckEnabled": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).HealthCheckEnabled, ok = plugin.RawToTValue[bool](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.healthCheckIntervalSeconds": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).HealthCheckIntervalSeconds, ok = plugin.RawToTValue[int64](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.healthCheckPath": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).HealthCheckPath, ok = plugin.RawToTValue[string](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.healthCheckPort": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).HealthCheckPort, ok = plugin.RawToTValue[string](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.healthCheckProtocol": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).HealthCheckProtocol, ok = plugin.RawToTValue[string](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.healthCheckTimeoutSeconds": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).HealthCheckTimeoutSeconds, ok = plugin.RawToTValue[int64](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.targetType": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).TargetType, ok = plugin.RawToTValue[string](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.unhealthyThresholdCount": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).UnhealthyThresholdCount, ok = plugin.RawToTValue[int64](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.vpc": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).Vpc, ok = plugin.RawToTValue[*mqlAwsVpc](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.ec2Targets": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).Ec2Targets, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error)
+		return
+	},
+	"aws.elb.targetgroup.lambdaTargets": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbTargetgroup).LambdaTargets, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error)
+		return
+	},
 	"aws.elb.loadbalancer.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) {
 			r.(*mqlAwsElbLoadbalancer).__id, ok = v.Value.(string)
 			return
@@ -6069,6 +6199,10 @@ var setDataFields = map[string]func(r plugin.Resource, v *llx.RawData) bool {
 		r.(*mqlAwsElbLoadbalancer).Vpc, ok = plugin.RawToTValue[*mqlAwsVpc](v.Value, v.Error)
 		return
 	},
+	"aws.elb.loadbalancer.targetGroups": func(r plugin.Resource, v *llx.RawData) (ok bool) {
+		r.(*mqlAwsElbLoadbalancer).TargetGroups, ok = plugin.RawToTValue[[]interface{}](v.Value, v.Error)
+		return
+	},
 	"aws.codebuild.__id": func(r plugin.Resource, v *llx.RawData) (ok bool) {
 			r.(*mqlAwsCodebuild).__id, ok = v.Value.(string)
 			return
@@ -15034,6 +15168,171 @@ func (c *mqlAwsElb) GetLoadBalancers() *plugin.TValue[[]interface{}] {
 	})
 }
 
+// mqlAwsElbTargetgroup for the aws.elb.targetgroup resource
+type mqlAwsElbTargetgroup struct {
+	MqlRuntime *plugin.Runtime
+	__id string
+	mqlAwsElbTargetgroupInternal
+	Name plugin.TValue[string]
+	Arn plugin.TValue[string]
+	Port plugin.TValue[int64]
+	Protocol plugin.TValue[string]
+	ProtocolVersion plugin.TValue[string]
+	IpAddressType plugin.TValue[string]
+	HealthCheckEnabled plugin.TValue[bool]
+	HealthCheckIntervalSeconds plugin.TValue[int64]
+	HealthCheckPath plugin.TValue[string]
+	HealthCheckPort plugin.TValue[string]
+	HealthCheckProtocol plugin.TValue[string]
+	HealthCheckTimeoutSeconds plugin.TValue[int64]
+	TargetType plugin.TValue[string]
+	UnhealthyThresholdCount plugin.TValue[int64]
+	Vpc plugin.TValue[*mqlAwsVpc]
+	Ec2Targets plugin.TValue[[]interface{}]
+	LambdaTargets plugin.TValue[[]interface{}]
+}
+
+// createAwsElbTargetgroup creates a new instance of this resource
+func createAwsElbTargetgroup(runtime *plugin.Runtime, args map[string]*llx.RawData) (plugin.Resource, error) {
+	res := &mqlAwsElbTargetgroup{
+		MqlRuntime: runtime,
+	}
+
+	err := SetAllData(res, args)
+	if err != nil {
+		return res, err
+	}
+
+	if res.__id == "" {
+	res.__id, err = res.id()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	if runtime.HasRecording {
+		args, err = runtime.ResourceFromRecording("aws.elb.targetgroup", res.__id)
+		if err != nil || args == nil {
+			return res, err
+		}
+		return res, SetAllData(res, args)
+	}
+
+	return res, nil
+}
+
+func (c *mqlAwsElbTargetgroup) MqlName() string {
+	return "aws.elb.targetgroup"
+}
+
+func (c *mqlAwsElbTargetgroup) MqlID() string {
+	return c.__id
+}
+
+func (c *mqlAwsElbTargetgroup) GetName() *plugin.TValue[string] {
+	return &c.Name
+}
+
+func (c *mqlAwsElbTargetgroup) GetArn() *plugin.TValue[string] {
+	return &c.Arn
+}
+
+func (c *mqlAwsElbTargetgroup) GetPort() *plugin.TValue[int64] {
+	return &c.Port
+}
+
+func (c *mqlAwsElbTargetgroup) GetProtocol() *plugin.TValue[string] {
+	return &c.Protocol
+}
+
+func (c *mqlAwsElbTargetgroup) GetProtocolVersion() *plugin.TValue[string] {
+	return &c.ProtocolVersion
+}
+
+func (c *mqlAwsElbTargetgroup) GetIpAddressType() *plugin.TValue[string] {
+	return &c.IpAddressType
+}
+
+func (c *mqlAwsElbTargetgroup) GetHealthCheckEnabled() *plugin.TValue[bool] {
+	return &c.HealthCheckEnabled
+}
+
+func (c *mqlAwsElbTargetgroup) GetHealthCheckIntervalSeconds() *plugin.TValue[int64] {
+	return &c.HealthCheckIntervalSeconds
+}
+
+func (c *mqlAwsElbTargetgroup) GetHealthCheckPath() *plugin.TValue[string] {
+	return &c.HealthCheckPath
+}
+
+func (c *mqlAwsElbTargetgroup) GetHealthCheckPort() *plugin.TValue[string] {
+	return &c.HealthCheckPort
+}
+
+func (c *mqlAwsElbTargetgroup) GetHealthCheckProtocol() *plugin.TValue[string] {
+	return &c.HealthCheckProtocol
+}
+
+func (c *mqlAwsElbTargetgroup) GetHealthCheckTimeoutSeconds() *plugin.TValue[int64] {
+	return &c.HealthCheckTimeoutSeconds
+}
+
+func (c *mqlAwsElbTargetgroup) GetTargetType() *plugin.TValue[string] {
+	return &c.TargetType
+}
+
+func (c *mqlAwsElbTargetgroup) GetUnhealthyThresholdCount() *plugin.TValue[int64] {
+	return &c.UnhealthyThresholdCount
+}
+
+func (c *mqlAwsElbTargetgroup) GetVpc() *plugin.TValue[*mqlAwsVpc] {
+	return plugin.GetOrCompute[*mqlAwsVpc](&c.Vpc, func() (*mqlAwsVpc, error) {
+		if c.MqlRuntime.HasRecording {
+			d, err := c.MqlRuntime.FieldResourceFromRecording("aws.elb.targetgroup", c.__id, "vpc")
+			if err != nil {
+				return nil, err
+			}
+			if d != nil {
+				return d.Value.(*mqlAwsVpc), nil
+			}
+		}
+
+		return c.vpc()
+	})
+}
+
+func (c *mqlAwsElbTargetgroup) GetEc2Targets() *plugin.TValue[[]interface{}] {
+	return plugin.GetOrCompute[[]interface{}](&c.Ec2Targets, func() ([]interface{}, error) {
+		if c.MqlRuntime.HasRecording {
+			d, err := c.MqlRuntime.FieldResourceFromRecording("aws.elb.targetgroup", c.__id, "ec2Targets")
+			if err != nil {
+				return nil, err
+			}
+			if d != nil {
+				return d.Value.([]interface{}), nil
+			}
+		}
+
+		return c.ec2Targets()
+	})
+}
+
+func (c *mqlAwsElbTargetgroup) GetLambdaTargets() *plugin.TValue[[]interface{}] {
+	return plugin.GetOrCompute[[]interface{}](&c.LambdaTargets, func() ([]interface{}, error) {
+		if c.MqlRuntime.HasRecording {
+			d, err := c.MqlRuntime.FieldResourceFromRecording("aws.elb.targetgroup", c.__id, "lambdaTargets")
+			if err != nil {
+				return nil, err
+			}
+			if d != nil {
+				return d.Value.([]interface{}), nil
+			}
+		}
+
+		return c.lambdaTargets()
+	})
+}
+
 // mqlAwsElbLoadbalancer for the aws.elb.loadbalancer resource
 type mqlAwsElbLoadbalancer struct {
 	MqlRuntime *plugin.Runtime
@@ -15053,6 +15352,7 @@ type mqlAwsElbLoadbalancer struct {
 	Region plugin.TValue[string]
 	ElbType plugin.TValue[string]
 	Vpc plugin.TValue[*mqlAwsVpc]
+	TargetGroups plugin.TValue[[]interface{}]
 }
 
 // createAwsElbLoadbalancer creates a new instance of this resource
@@ -15152,6 +15452,22 @@ func (c *mqlAwsElbLoadbalancer) GetVpc() *plugin.TValue[*mqlAwsVpc] {
 	return &c.Vpc
 }
 
+func (c *mqlAwsElbLoadbalancer) GetTargetGroups() *plugin.TValue[[]interface{}] {
+	return plugin.GetOrCompute[[]interface{}](&c.TargetGroups, func() ([]interface{}, error) {
+		if c.MqlRuntime.HasRecording {
+			d, err := c.MqlRuntime.FieldResourceFromRecording("aws.elb.loadbalancer", c.__id, "targetGroups")
+			if err != nil {
+				return nil, err
+			}
+			if d != nil {
+				return d.Value.([]interface{}), nil
+			}
+		}
+
+		return c.targetGroups()
+	})
+}
+
 // mqlAwsCodebuild for the aws.codebuild resource
 type mqlAwsCodebuild struct {
 	MqlRuntime *plugin.Runtime
diff --git a/providers/aws/resources/aws.lr.manifest.yaml b/providers/aws/resources/aws.lr.manifest.yaml
index 06aa93e275..8956168565 100755
--- a/providers/aws/resources/aws.lr.manifest.yaml
+++ b/providers/aws/resources/aws.lr.manifest.yaml
@@ -1626,6 +1626,8 @@ resources:
       scheme: {}
       securityGroups:
         min_mondoo_version: 9.0.0
+      targetGroups:
+        min_mondoo_version: latest
       vpc:
         min_mondoo_version: 9.0.0
       vpcId:
@@ -1635,6 +1637,32 @@ resources:
     platform:
       name:
       - aws
+  aws.elb.targetgroup:
+    fields:
+      arn: {}
+      attributes: {}
+      ec2Targets: {}
+      healthCheckEnabled: {}
+      healthCheckIntervalSeconds: {}
+      healthCheckPath: {}
+      healthCheckPort: {}
+      healthCheckProtocol: {}
+      healthCheckTimeoutSeconds: {}
+      ipAddressType: {}
+      ipTargets: {}
+      lambdaTargets: {}
+      name: {}
+      port: {}
+      protocol: {}
+      protocolVersion: {}
+      targetType: {}
+      unhealthyThresholdCount: {}
+      vpc: {}
+    is_private: true
+    min_mondoo_version: latest
+    platform:
+      name:
+      - aws
   aws.emr:
     docs:
       desc: |
diff --git a/providers/aws/resources/aws_elb.go b/providers/aws/resources/aws_elb.go
index 6e811d6fe2..97a7dbad2f 100644
--- a/providers/aws/resources/aws_elb.go
+++ b/providers/aws/resources/aws_elb.go
@@ -11,6 +11,9 @@ import (
 
 	"github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing"
 	"github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2"
+	elbtypes "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types"
+
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/rs/zerolog/log"
 	"go.mondoo.com/cnquery/v11/llx"
@@ -311,3 +314,90 @@ func isV1LoadBalancerArn(a string) bool {
 	}
 	return false
 }
+
+func (a *mqlAwsElbTargetgroup) id() (string, error) {
+	return a.Arn.Data, nil
+}
+
+func (a *mqlAwsElbLoadbalancer) targetGroups() ([]interface{}, error) {
+	conn := a.MqlRuntime.Connection.(*connection.AwsConnection)
+
+	regionVal := a.Region.Data
+	svc := conn.Elbv2(regionVal)
+	ctx := context.Background()
+	res := []interface{}{}
+
+	var marker *string
+	for {
+		tgs, err := svc.DescribeTargetGroups(ctx, &elasticloadbalancingv2.DescribeTargetGroupsInput{LoadBalancerArn: aws.String(a.Arn.Data), Marker: marker})
+		if err != nil {
+			if Is400AccessDeniedError(err) {
+				log.Warn().Str("region", regionVal).Msg("error accessing region for AWS API")
+				return res, nil
+			}
+			return nil, err
+		}
+		for _, tg := range tgs.TargetGroups {
+			args := map[string]*llx.RawData{
+				"arn":                        llx.StringDataPtr(tg.TargetGroupArn),
+				"name":                       llx.StringDataPtr(tg.TargetGroupName),
+				"port":                       llx.IntDataPtr(tg.Port),
+				"protocol":                   llx.StringData(string(tg.Protocol)),
+				"protocolVersion":            llx.StringDataPtr(tg.ProtocolVersion),
+				"ipAddressType":              llx.StringData(string(tg.IpAddressType)),
+				"healthCheckEnabled":         llx.BoolDataPtr(tg.HealthCheckEnabled),
+				"healthCheckIntervalSeconds": llx.IntDataPtr(tg.HealthCheckIntervalSeconds),
+				"healthCheckPath":            llx.StringDataPtr(tg.HealthCheckPath),
+				"healthCheckPort":            llx.StringDataPtr(tg.HealthCheckPort),
+				"healthCheckProtocol":        llx.StringData(string(tg.HealthCheckProtocol)),
+				"healthCheckTimeoutSeconds":  llx.IntDataPtr(tg.HealthCheckTimeoutSeconds),
+				"targetType":                 llx.StringData(string(tg.TargetType)),
+				"unhealthyThresholdCount":    llx.IntDataPtr(tg.UnhealthyThresholdCount),
+			}
+
+			mqlLb, err := CreateResource(a.MqlRuntime, "aws.elb.targetgroup", args)
+			if err != nil {
+				return nil, err
+			}
+			mqlLb.(*mqlAwsElbTargetgroup).targetGroup = tg
+			mqlLb.(*mqlAwsElbTargetgroup).region = regionVal
+			res = append(res, mqlLb)
+		}
+		if tgs.NextMarker == nil {
+			break
+		}
+		marker = tgs.NextMarker
+	}
+	return res, nil
+}
+
+type mqlAwsElbTargetgroupInternal struct {
+	targetGroup elbtypes.TargetGroup
+	region      string
+}
+
+func (a *mqlAwsElbTargetgroup) vpc() (*mqlAwsVpc, error) {
+	if a.targetGroup.VpcId == nil {
+		a.Vpc.State = plugin.StateIsNull | plugin.StateIsSet
+		return nil, nil
+	}
+	conn := a.MqlRuntime.Connection.(*connection.AwsConnection)
+	mqlVpc, err := NewResource(a.MqlRuntime, "aws.vpc",
+		map[string]*llx.RawData{
+			"arn": llx.StringData(fmt.Sprintf(vpcArnPattern, a.region, conn.AccountId(), *a.targetGroup.VpcId)),
+		})
+	if err != nil {
+		return nil, err
+	}
+	return mqlVpc.(*mqlAwsVpc), nil
+}
+
+func (a *mqlAwsElbTargetgroup) ec2Targets() ([]interface{}, error) {
+	// TODO
+	return nil, nil
+}
+
+func (a *mqlAwsElbTargetgroup) lambdaTargets() ([]interface{}, error) {
+	// TODO
+	return nil, nil
+}