Add security group to aws.rds.dbcluster (#2843)

This is a copy/modification of the same logic we use for the dbinstance resource Signed-off-by: Tim Smith <[email protected]>
mondoohq · Dec 19, 2023 · d328eab · d328eab
1 parent c3e7501
commit d328eab
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 0 deletions.
diff --git a/providers/aws/resources/aws.lr b/providers/aws/resources/aws.lr
@@ -1802,6 +1802,8 @@ private aws.rds.dbcluster @defaults("id region") {
   multiAZ bool
   // Whether deletion protection is enabled
   deletionProtection bool
+  // List of VPC security group elements that the DB cluster belongs to
+  securityGroups []aws.ec2.securitygroup
 }
 
 // Amazon RDS snapshot

diff --git a/providers/aws/resources/aws.lr.go b/providers/aws/resources/aws.lr.go
diff --git a/providers/aws/resources/aws.lr.manifest.yaml b/providers/aws/resources/aws.lr.manifest.yaml
@@ -1921,6 +1921,8 @@ resources:
       publiclyAccessible:
         min_mondoo_version: 9.0.0
       region: {}
+      securityGroups:
+        min_mondoo_version: 9.0.0
       snapshots: {}
       status:
         min_mondoo_version: 9.0.0

diff --git a/providers/aws/resources/aws_rds.go b/providers/aws/resources/aws_rds.go
@@ -238,6 +238,18 @@ func (a *mqlAwsRds) getDbClusters(conn *connection.AwsConnection) []*jobpool.Job
 					// 	}
 					// 	mqlRdsDbInstances = append(mqlRdsDbInstances, mqlInstance)
 					// }
+					sgs := []interface{}{}
+					for i := range cluster.VpcSecurityGroups {
+						// NOTE: this will create the resource and determine the data in its init method
+						mqlSg, err := NewResource(a.MqlRuntime, "aws.ec2.securitygroup",
+							map[string]*llx.RawData{
+								"arn": llx.StringData(fmt.Sprintf(securityGroupArnPattern, regionVal, conn.AccountId(), convert.ToString(cluster.VpcSecurityGroups[i].VpcSecurityGroupId))),
+							})
+						if err != nil {
+							return nil, err
+						}
+						sgs = append(sgs, mqlSg.(*mqlAwsEc2Securitygroup))
+					}
 					mqlDbCluster, err := CreateResource(a.MqlRuntime, "aws.rds.dbcluster",
 						map[string]*llx.RawData{
 							"arn":                     llx.StringDataPtr(cluster.DBClusterArn),
@@ -258,6 +270,7 @@ func (a *mqlAwsRds) getDbClusters(conn *connection.AwsConnection) []*jobpool.Job
 							"storageIops":             llx.IntData(convert.ToInt64From32(cluster.Iops)),
 							"storageType":             llx.StringDataPtr(cluster.StorageType),
 							"tags":                    llx.MapData(rdsTagsToMap(cluster.TagList), types.String),
+							"securityGroups":          llx.ArrayData(sgs, types.Resource("aws.ec2.securitygroup")),
 							// "members": mqlRdsDbInstances,
 						})
 					if err != nil {