diff --git a/pkg/mapper/iac-providers/cft/cft.go b/pkg/mapper/iac-providers/cft/cft.go index fafa4d984..b2d3a7605 100644 --- a/pkg/mapper/iac-providers/cft/cft.go +++ b/pkg/mapper/iac-providers/cft/cft.go @@ -77,6 +77,7 @@ import ( "github.com/awslabs/goformation/v7/cloudformation/redshift" "github.com/awslabs/goformation/v7/cloudformation/route53" "github.com/awslabs/goformation/v7/cloudformation/s3" + "github.com/awslabs/goformation/v7/cloudformation/ssm" "github.com/tenable/terrascan/pkg/iac-providers/output" "github.com/tenable/terrascan/pkg/mapper/core" "github.com/tenable/terrascan/pkg/mapper/iac-providers/cft/config" @@ -311,6 +312,8 @@ func (m cftMapper) mapConfigForResource(r cloudformation.Resource, resourceName return config.GetAppAutoScalingPolicyConfig(resource) case *secretsmanager.RotationSchedule: return config.GetSecretsManagerSecretRotationConfig(resource) + case *ssm.Parameter: + return config.GetSSMParameterConfig(resource) default: } return []config.AWSResourceConfig{} diff --git a/pkg/mapper/iac-providers/cft/config/ssm-parameter.go b/pkg/mapper/iac-providers/cft/config/ssm-parameter.go new file mode 100644 index 000000000..b3dfc4d89 --- /dev/null +++ b/pkg/mapper/iac-providers/cft/config/ssm-parameter.go @@ -0,0 +1,63 @@ +/* + Copyright (C) 2022 Tenable, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "github.com/awslabs/goformation/v7/cloudformation/ssm" +) + +// SSMParameterConfig holds config for SSMParameter +type SSMParameterConfig struct { + Config + Name string `json:"name"` + Description string `json:"description"` + Type string `json:"type"` + Value string `json:"value"` + Tier string `json:"tier"` + Policies string `json:"policies"` + AllowedPattern string `json:"allowed_pattern"` +} + +// GetSSMParameterConfig returns config for SSM Parameter +func GetSSMParameterConfig(b *ssm.Parameter) []AWSResourceConfig { + cf := SSMParameterConfig{ + Config: Config{ + Name: *b.Name, + Tags: b.Tags, + }, + Name: *b.Name, + Type: b.Type, + Value: b.Value, + } + if b.Description != nil { + cf.Description = *b.Description + } + if b.Tier != nil { + cf.Tier = *b.Tier + } + if b.Policies != nil { + cf.Policies = *b.Policies + } + if b.AllowedPattern != nil { + cf.AllowedPattern = *b.AllowedPattern + } + + return []AWSResourceConfig{{ + Resource: cf, + Metadata: b.AWSCloudFormationMetadata, + }} +} diff --git a/pkg/mapper/iac-providers/cft/store/store.go b/pkg/mapper/iac-providers/cft/store/store.go index fd3cc6b21..a21d71ea7 100644 --- a/pkg/mapper/iac-providers/cft/store/store.go +++ b/pkg/mapper/iac-providers/cft/store/store.go @@ -111,4 +111,5 @@ var ResourceTypes = map[string]string{ "AWS::EC2::NatGateway": AwsNatGateway, "AWS::EC2::Subnet": AwsSubnet, "AWS::EC2::Route": AwsRoute, + "AWS::SSM::Parameter": AwsSSMParameter, } diff --git a/pkg/mapper/iac-providers/cft/store/types.go b/pkg/mapper/iac-providers/cft/store/types.go index 6c3a9bafe..71cd9baf8 100644 --- a/pkg/mapper/iac-providers/cft/store/types.go +++ b/pkg/mapper/iac-providers/cft/store/types.go @@ -110,4 +110,5 @@ const ( AwsNatGateway = "aws_nat_gateway" AwsSubnet = "aws_subnet" AwsRoute = "aws_route" + AwsSSMParameter = "aws_ssm_parameter" )