🧹 fixups for aws ebs scanning and ec2 image fetch (#2449)

* 🧹 fixups for aws ebs scanning and ec2 image fetch * fix runtime on aws assets
mondoohq · Nov 3, 2023 · ffec199 · ffec199
1 parent dc70025
commit ffec199
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 9 deletions.
diff --git a/providers/aws/resources/aws_account.go b/providers/aws/resources/aws_account.go
@@ -5,6 +5,7 @@ package resources
 
 import (
 	"context"
+	"errors"
 
 	"github.com/aws/aws-sdk-go-v2/service/iam"
 	"github.com/aws/aws-sdk-go-v2/service/organizations"
@@ -14,8 +15,10 @@ import (
 )
 
 func (a *mqlAwsAccount) id() (string, error) {
-	conn := a.MqlRuntime.Connection.(*connection.AwsConnection)
-	return "aws.account/" + conn.AccountId(), nil
+	if conn, ok := a.MqlRuntime.Connection.(*connection.AwsConnection); ok {
+		return "aws.account/" + conn.AccountId(), nil
+	}
+	return "", errors.New("wrong connection for aws account id call")
 }
 
 func (a *mqlAwsAccount) aliases() ([]interface{}, error) {

diff --git a/providers/aws/resources/aws_ec2.go b/providers/aws/resources/aws_ec2.go
@@ -802,7 +802,13 @@ func initAwsEc2Image(runtime *plugin.Runtime, args map[string]*llx.RawData) (map
 	ctx := context.Background()
 	images, err := svc.DescribeImages(ctx, &ec2.DescribeImagesInput{ImageIds: []string{resource[1]}})
 	if err != nil {
-		return nil, nil, err
+		args["arn"] = llx.StringData(arnVal)
+		args["id"] = llx.StringData(resource[1])
+		args["name"] = llx.StringData("not found")
+		args["architecture"] = llx.NilData
+		args["ownerId"] = llx.NilData
+		args["ownerAlias"] = llx.NilData
+		return args, nil, nil
 	}
 
 	if len(images.Images) > 0 {

diff --git a/providers/aws/resources/discovery_conversion.go b/providers/aws/resources/discovery_conversion.go
@@ -231,12 +231,18 @@ func addConnectionInfoToEc2Asset(instance *mqlAwsEc2Instance, accountId string,
 	asset.IdDetector = []string{"aws-ec2"}
 	asset.Platform = &inventory.Platform{
 		Kind:    "virtual_machine",
-		Runtime: "aws_ec2",
+		Runtime: "aws-ec2-instance",
 	}
 	asset.State = mapEc2InstanceStateCode(instance.State.Data)
 	asset.Labels = mapStringInterfaceToStringString(instance.Tags.Data)
 	asset.Name = getInstanceName(instance.InstanceId.Data, asset.Labels)
 	asset.Options = conn.ConnectionOptions()
+	asset.Labels["mondoo.com/region"] = instance.Region.Data
+	asset.Labels["mondoo.com/platform"] = instance.PlatformDetails.Data
+	if instance.GetImage().Data != nil {
+		asset.Labels["mondoo.com/image"] = instance.GetImage().Data.Id.Data
+	}
+
 	// if there is a public ip & it is running, we assume ssh is an option
 	if instance.PublicIp.Data != "" && instance.State.Data == string(types.InstanceStateNameRunning) {
 		imageName := ""
@@ -289,7 +295,7 @@ func addSSMConnectionInfoToEc2Asset(instance *mqlAwsEc2Instance, accountId strin
 	asset.IdDetector = []string{"aws-ec2"}
 	asset.Platform = &inventory.Platform{
 		Kind:    "virtual_machine",
-		Runtime: "aws_ec2",
+		Runtime: "aws-ec2-instance",
 	}
 	ssm := ""
 	if s := instance.GetSsm().Data.(map[string]interface{})["InstanceInformationList"]; s != nil {
@@ -305,10 +311,16 @@ func addSSMConnectionInfoToEc2Asset(instance *mqlAwsEc2Instance, accountId strin
 		name = lname
 	}
 	asset.Name = name
+	imageId := ""
 	imageName := ""
 	if instance.GetImage().Data != nil {
+		imageId = instance.GetImage().Data.Id.Data
 		imageName = instance.GetImage().Data.Name.Data
 	}
+	asset.Labels["mondoo.com/region"] = instance.Region.Data
+	asset.Labels["mondoo.com/platform"] = instance.PlatformDetails.Data
+	asset.Labels["mondoo.com/image"] = imageId
+
 	creds := []*vault.Credential{
 		{
 			User: getProbableUsernameFromImageName(imageName),
@@ -386,6 +398,7 @@ func addConnectionInfoToSSMAsset(instance *mqlAwsSsmInstance, accountId string,
 	asset := &inventory.Asset{}
 	asset.Labels = mapStringInterfaceToStringString(instance.Tags.Data)
 	asset.Labels["mondoo.com/platform"] = instance.PlatformName.Data
+	asset.Labels["mondoo.com/region"] = instance.Region.Data
 
 	asset.Name = getInstanceName(instance.InstanceId.Data, asset.Labels)
 	creds := []*vault.Credential{
@@ -402,10 +415,9 @@ func addConnectionInfoToSSMAsset(instance *mqlAwsSsmInstance, accountId string,
 	asset.PlatformIds = []string{awsec2.MondooInstanceID(accountId, instance.Region.Data, instance.InstanceId.Data)}
 	asset.Platform = &inventory.Platform{
 		Kind:    "virtual_machine",
-		Runtime: "ssm_managed",
+		Runtime: "aws-ssm-instance",
 	}
 	asset.State = mapSmmManagedPingStateCode(instance.PingStatus.Data)
-
 	if strings.HasPrefix(instance.InstanceId.Data, "i-") && instance.PingStatus.Data == string(ssmtypes.PingStatusOnline) {
 		creds[0].Type = vault.CredentialType_aws_ec2_ssm_session // this will only work for ec2 instances
 		asset.Connections = []*inventory.Config{{
@@ -465,7 +477,7 @@ func addConnectionInfoToEcrAsset(image *mqlAwsEcrImage, conn *connection.AwsConn
 	a.PlatformIds = []string{containerid.MondooContainerImageID(image.Digest.Data)}
 	a.Platform = &inventory.Platform{
 		Kind:    "container_image",
-		Runtime: "aws_ecr",
+		Runtime: "aws-ecr",
 	}
 	a.Options = conn.ConnectionOptions()
 	a.Name = ecrImageName(image.RepoName.Data, image.Digest.Data)
@@ -540,7 +552,7 @@ func addConnectionInfoToECSContainerAsset(container *mqlAwsEcsContainer, account
 	a.PlatformIds = []string{containerid.MondooContainerID(runtimeId), MondooECSContainerID(containerArn)}
 	a.Platform = &inventory.Platform{
 		Kind:    "container",
-		Runtime: "aws_ecs",
+		Runtime: "aws-ecs",
 	}
 	a.State = mapContainerState(state)
 	taskId := ""