1config { 2 3 provider "*" { 4 # provider: the *provider.Provider 5 # example: 6 # provider.Name is "aws" 7 8 # resource: an entry in either provider.ResourceMap or provider.ResourceMap[].Relation 9 # examples: 10 # resource.Key is the CQ name ("apigateway.api_keys") 11 # resource.Value.Options.PrimaryKeys is table primary key columns, with CQ relationship columns removed 12 # resource.Value.ColumnNames is table column names, with CQ relationship columns removed 13 # resource.Value.Name is the table name ("aws_apigateway_api_keys") 14 15 resource "*" { 16 identifiers = resource.Value.Options.PrimaryKeys 17 attributes = resource.Value.ColumnNames 18 ignore_attributes = ["creation_date", "creation_time"] 19 deep = false 20 } 21 } 22 23 # TODO get from provider... But this could also override/decorate the * entry above, if specified 24 provider "aws" { 25 version = ">=0.6.2" 26 27 resource "*" { 28 ignore_identifiers = [ ] 29 ignore_attributes = [ "unknown_fields" ] 30 31 iac { 32 terraform { 33 # map of attributes from cloud provider to iac provider 34 attribute_map = [ 35 "tags=tags_all" 36 ] 37 } 38 } 39 } 40 41 resource "accessanalyzer.analyzers" { 42 identifiers = [ "name" ] 43 44 iac { 45 terraform { 46 type = "aws_accessanalyzer_analyzer" 47 } 48 } 49 } 50 51 resource "apigateway.api_keys" { 52 iac { 53 terraform { 54 type = "aws_api_gateway_api_key" 55 } 56 } 57 } 58 59 resource "apigateway.client_certificates" { 60 iac { 61 terraform { 62 type = "aws_api_gateway_client_certificate" 63 } 64 } 65 } 66 67 # TODO: apigateway.domain_names (no data in tests) 68 69 resource "apigateway.rest_apis" { 70 iac { 71 terraform { 72 type = "aws_api_gateway_rest_api" 73 } 74 } 75 } 76 77 resource "aws_apigateway_rest_api_authorizers" { 78 iac { 79 terraform { 80 type = "aws_api_gateway_authorizer" 81 } 82 } 83 } 84 85 resource "aws_apigateway_rest_api_deployments" { 86 iac { 87 terraform { 88 type = "aws_api_gateway_deployment" 89 } 90 } 91 } 92 93 resource "aws_apigateway_rest_api_documentation_parts" { 94 identifiers = [ sql("CONCAT(c.rest_api_id, '/', c.id)") ] 95 96 iac { 97 terraform { 98 type = "aws_api_gateway_documentation_part" 99 } 100 } 101 } 102 103 resource "aws_apigateway_rest_api_documentation_versions" { 104 identifiers = [ sql("CONCAT(c.rest_api_id, '/', c.version)") ] 105 106 iac { 107 terraform { 108 type = "aws_api_gateway_documentation_version" 109 } 110 } 111 } 112 113 # Unmatched: aws_apigateway_rest_api_gateway_responses 114 115 resource "aws_apigateway_rest_api_models" { 116 iac { 117 terraform { 118 type = "aws_api_gateway_model" 119 } 120 } 121 } 122 123 resource "aws_apigateway_rest_api_request_validators" { 124 iac { 125 terraform { 126 type = "aws_api_gateway_request_validator" 127 } 128 } 129 } 130 131 resource "aws_apigateway_rest_api_resources" { 132 iac { 133 terraform { 134 type = "aws_api_gateway_resource" 135 } 136 } 137 } 138 139 resource "aws_apigateway_rest_api_stages" { 140 identifiers = [ sql("CONCAT('ags-',parent.id,'-',c.stage_name)") ] 141 142 iac { 143 terraform { 144 type = "aws_api_gateway_stage" 145 } 146 } 147 } 148 149 resource "apigateway.usage_plans" { 150 iac { 151 terraform { 152 type = "aws_api_gateway_usage_plan" 153 } 154 } 155 } 156 157 resource "aws_apigateway_usage_plan_api_stages" { 158 identifiers = [ "usage_plan_id", "api_id", "stage" ] 159 iac { 160 terraform { 161 type = "aws_api_gateway_usage_plan" 162 path = "api_stages" 163 identifiers = [ "root.id", "api_id", "stage" ] 164 attribute_map = [ 165 "usage_plan_id=root.id" 166 ] 167 } 168 } 169 } 170 171 resource "aws_apigateway_usage_plan_keys" { 172 iac { 173 terraform { 174 type = "aws_api_gateway_usage_plan_key" 175 } 176 } 177 } 178 179 resource "apigateway.vpc_links" { 180 iac { 181 terraform { 182 type = "aws_api_gateway_vpc_link" 183 } 184 } 185 } 186 187 resource "apigatewayv2.apis" { 188 iac { 189 terraform { 190 type = "aws_apigatewayv2_api" 191 } 192 } 193 } 194 195 resource "aws_apigatewayv2_api_authorizers" { 196 iac { 197 terraform { 198 type = "aws_apigatewayv2_authorizer" 199 } 200 } 201 } 202 203 resource "aws_apigatewayv2_api_deployments" { 204 iac { 205 terraform { 206 type = "aws_apigatewayv2_deployment" 207 } 208 } 209 } 210 211 resource "aws_apigatewayv2_api_integrations" { 212 iac { 213 terraform { 214 type = "aws_apigatewayv2_integration" 215 } 216 } 217 } 218 219 resource "aws_apigatewayv2_api_integration_responses" { 220 iac { 221 terraform { 222 type = "aws_apigatewayv2_integration_response" 223 } 224 } 225 } 226 227 resource "aws_apigatewayv2_api_models" { 228 iac { 229 terraform { 230 type = "aws_apigatewayv2_model" 231 } 232 } 233 } 234 235 resource "aws_apigatewayv2_api_routes" { 236 iac { 237 terraform { 238 type = "aws_apigatewayv2_route" 239 } 240 } 241 } 242 243 resource "aws_apigatewayv2_api_route_responses" { 244 iac { 245 terraform { 246 type = "aws_apigatewayv2_route_response" 247 } 248 } 249 } 250 251 resource "aws_apigatewayv2_api_stages" { 252 iac { 253 terraform { 254 type = "aws_apigatewayv2_stage" 255 } 256 } 257 } 258 259 # TODO: apigatewayv2.domain_names (no data in tests) 260 261 # TODO: aws_apigatewayv2_domain_name_configurations (no data in tests) 262 263 # TODO: aws_apigatewayv2_domain_name_rest_api_mappings (no data in tests) 264 265 resource "apigatewayv2.vpc_links" { 266 iac { 267 terraform { 268 type = "aws_apigatewayv2_vpc_link" 269 } 270 } 271 } 272 273 resource "autoscaling.launch_configurations" { 274 identifiers = [ "launch_configuration_name" ] 275 276 iac { 277 terraform { 278 type = "aws_launch_configuration" 279 } 280 } 281 } 282 283 resource "aws_autoscaling_launch_configuration_block_device_mappings" { 284 identifiers = [ "parent.launch_configuration_name", "device_name" ] 285 286 iac { 287 terraform { 288 type = "aws_launch_configuration" 289 path = "ebs_block_device" 290 identifiers = [ "root.id", "device_name" ] 291 } 292 } 293 } 294 295 resource "cloudfront.cache_policies" { 296 iac { 297 terraform { 298 type = "aws_cloudfront_cache_policy" 299 } 300 } 301 } 302 303 resource "cloudfront.distributions" { 304 identifiers = [ "id" ] 305 306 iac { 307 terraform { 308 type = "aws_cloudfront_distribution" 309 } 310 } 311 } 312 313 resource "aws_cloudfront_distribution_cache_behaviours" { 314 identifiers = [ "parent.id", "path_pattern", "target_origin_id", "viewer_protocol_policy" ] 315 sets = [ "allowed_methods", "cached_methods" ] 316 317 iac { 318 terraform { 319 type = "aws_cloudfront_distribution" 320 path = "ordered_cache_behavior" 321 identifiers = [ "root.id", "path_pattern", "target_origin_id", "viewer_protocol_policy" ] 322 } 323 } 324 } 325 326 # TODO: aws_cache_behaviour_lambda_function_associations (no data in tests) 327 328 resource "aws_cloudfront_distribution_custom_error_responses" { 329 identifiers = [ "parent.id", "error_code", "response_code", "response_page_path" ] 330 331 iac { 332 terraform { 333 type = "aws_cloudfront_distribution" 334 path = "custom_error_response" 335 identifiers = [ "root.id", "error_code", "response_code", "response_page_path" ] 336 } 337 } 338 } 339 340 resource "aws_cloudfront_distribution_origins" { 341 identifiers = [ sql("SPLIT_PART(c.s3_origin_config_origin_access_identity,'/', 3)") ] 342 343 iac { 344 terraform { 345 type = "aws_cloudfront_origin_access_identity" 346 } 347 } 348 } 349 350 # Unmatched: aws_cloudfront_distribution_alias_icp_recordals (no data in tests) 351 352 # TODO: aws_cloudfront_distribution_origin_groups (tf row with type="aws_cloudfront_distribution".attributes->"origin_group"), no data in tests 353 354 resource "cloudtrail.trails" { 355 identifiers = [ "name" ] 356 357 iac { 358 terraform { 359 type = "aws_cloudtrail" 360 } 361 } 362 } 363 364 resource "aws_cloudtrail_trail_event_selectors" { 365 identifiers = [ "parent.name", sql("include_management_events::varchar"), "read_write_type" ] 366 367 iac { 368 terraform { 369 type = "aws_cloudtrail" 370 path = "event_selector" 371 identifiers = [ "root.id", "include_management_events", "read_write_type" ] 372 } 373 } 374 } 375 376 resource "cloudwatch.alarms" { 377 identifiers = [ "name" ] 378 379 iac { 380 terraform { 381 type = "aws_cloudwatch_metric_alarm" 382 } 383 } 384 } 385 386 resource "aws_cloudwatch_alarm_metrics" { 387 identifiers = [ "parent.name", "id" ] 388 389 iac { 390 terraform { 391 type = "aws_cloudwatch_metric_alarm" 392 path = "metric_query" 393 identifiers = [ "root.id", "id" ] 394 } 395 } 396 } 397 398 resource "cloudwatchlogs.filters" { 399 identifiers = [ "name", "log_group_name" ] 400 401 iac { 402 terraform { 403 identifiers = [ "id", "log_group_name" ] 404 type = "aws_cloudwatch_log_metric_filter" 405 } 406 } 407 } 408 409 resource "aws_cloudwatchlogs_filter_metric_transformations" { 410 identifiers = [ "parent.name", "metric_namespace", "metric_name" ] 411 ignore_attributes = [ "default_value" ] 412 413 iac { 414 terraform { 415 type = "aws_cloudwatch_log_metric_filter" 416 path = "metric_transformation" 417 identifiers = [ "root.id", "namespace", "name" ] 418 attribute_map = [ 419 "metric_namespace=namespace", 420 "metric_name=name", 421 "metric_value=value", 422 ] 423 } 424 } 425 } 426 427 resource "cognito.identity_pools" { 428 iac { 429 terraform { 430 type = "aws_cognito_identity_pool" 431 } 432 } 433 } 434 435 # TODO: aws_cognito_identity_pool_cognito_identity_providers (aws_cognito_identity_provider but no data in tests) 436 437 resource "cognito.user_pools" { 438 iac { 439 terraform { 440 type = "aws_cognito_user_pool" 441 } 442 } 443 } 444 445 # Unmatched: aws_cognito_user_pool_schema_attributess 446 447 resource "config.configuration_recorders" { 448 identifiers = [ "name" ] 449 450 iac { 451 terraform { 452 type = "aws_config_configuration_recorder" 453 } 454 } 455 } 456 457 resource "config.conformance_packs" { 458 identifiers = [ "conformance_pack_name" ] 459 460 iac { 461 terraform { 462 type = "aws_config_conformance_pack" 463 } 464 } 465 } 466 467 resource "directconnect.connections" { 468 iac { 469 terraform { 470 type = "aws_dx_connection" 471 } 472 } 473 } 474 475 # TODO: aws_directconnect_connection_mac_sec_keys (no data in tests) 476 477 resource "directconnect.gateways" { 478 iac { 479 terraform { 480 type = "aws_dx_gateway" 481 } 482 } 483 } 484 485 resource "aws_directconnect_gateway_associations" { 486 identifiers = [ sql("CONCAT('ga-', c.directconnect_gateway_id, c.associated_gateway_id)") ] 487 iac { 488 terraform { 489 type = "aws_dx_gateway_association" 490 } 491 } 492 } 493 494 # TODO: aws_directconnect_gateway_attachments (no data in tests) 495 496 resource "directconnect.lags" { 497 iac { 498 terraform { 499 type = "aws_dx_lag" 500 } 501 } 502 } 503 504 # TODO: aws_directconnect_lag_mac_sec_keys (no data in tests) 505 506 # Unmatched: directconnect.virtual_gateways (aws_dx_gateway but IDs don't match) 507 508 resource "directconnect.virtual_interfaces" { 509 iac { 510 terraform { 511 type = "aws_dx_public_virtual_interface" 512 } 513 } 514 } 515 516 # TODO: aws_directconnect_virtual_interface_bgp_peers (no data in tests) 517 518 # TODO: ec2.byoip_cidrs (no data in tests) 519 520 resource "ec2.customer_gateways" { 521 iac { 522 terraform { 523 type = "aws_customer_gateway" 524 } 525 } 526 } 527 528 resource "ec2.ebs_volumes" { 529 iac { 530 terraform { 531 type = "aws_ebs_volume" 532 } 533 } 534 } 535 536 resource "aws_ec2_ebs_volume_attachments" { 537 identifiers = [ "instance_id", "volume_id", "device" ] 538 iac { 539 terraform { 540 type = "aws_instance" 541 path = "root_block_device" 542 identifiers = [ "root.id", "volume_id", "device_name" ] 543 } 544 } 545 } 546 547 resource "ec2.flow_logs" { 548 iac { 549 terraform { 550 type = "aws_flow_log" 551 } 552 } 553 } 554 555 resource "ec2.images" { 556 identifiers = [ sql("tags->>'Ec2ImageBuilderArn'") ] 557 iac { 558 terraform { 559 type = "aws_imagebuilder_image" 560 } 561 } 562 } 563 564 resource "ec2.instances" { 565 ignore_attributes = ["launch_time"] 566 567 iac { 568 terraform { 569 type = "aws_instance" 570 } 571 } 572 } 573 574 resource "ec2.internet_gateways" { 575 filters = [ 576 "NOT EXISTS (SELECT 1 FROM aws_ec2_internet_gateway_attachments a JOIN aws_ec2_vpcs v ON v.id=a.vpc_id WHERE a.internet_gateway_cq_id=c.cq_id AND v.is_default)", 577 "NOT EXISTS (SELECT 1 FROM aws_ec2_route_table_routes WHERE gateway_id=c.id AND destination_cidr_block='0.0.0.0/0')" 578 ] 579 580 iac { 581 terraform { 582 type = "aws_internet_gateway" 583 } 584 } 585 } 586 587 resource "ec2.nat_gateways" { 588 iac { 589 terraform { 590 type = "aws_nat_gateway" 591 } 592 } 593 } 594 595 resource "ec2.network_acls" { 596 filters = [ "c.is_default!=true" ] 597 598 iac { 599 terraform { 600 type = "aws_network_acl" 601 } 602 } 603 } 604 605# resource "aws_ec2_network_acl_entries" { 606# # TODO: no CRC32 function, no data in tests to verify 607# identifiers = [ sql("CONCAT('nacl-',CRC32(CONCAT(parent.id,'-',c.rule_number,'-',CASE WHEN c.egress THEN 'true' ELSE 'false' END,'-',c.protocol,'-')))") ] 608# filters = [ "((c.cidr_block='0.0.0.0/0' AND c.rule_number=32767) OR (c.ipv6_cidr_block=':/0' AND c.rule_number=32768)) AND c.rule_action='deny' AND c.protocol='-1'" ] 609# 610# iac { 611# terraform { 612# type = "aws_network_acl_rule" 613# } 614# } 615# } 616 617 # Unmatched: ec2.regional_config (needed?) 618 619 resource "ec2.route_tables" { 620 filters = [ 621 "NOT EXISTS (SELECT 1 FROM aws_ec2_route_table_associations WHERE route_table_cq_id=c.cq_id AND main)", 622 "NOT EXISTS (SELECT 1 FROM aws_ec2_route_table_routes WHERE route_table_cq_id=c.cq_id AND origin='CreateRouteTable')" 623 ] 624 625 iac { 626 terraform { 627 type = "aws_route_table" 628 } 629 } 630 } 631 632 resource "ec2.security_groups" { 633 filters = [ "c.group_name!='default'" ] 634 635 iac { 636 terraform { 637 type = "aws_security_group" 638 } 639 } 640 } 641 642 resource "ec2.subnets" { 643 filters = [ "c.default_for_az!=true" ] 644 645 iac { 646 terraform { 647 type = "aws_subnet" 648 } 649 } 650 } 651 652 resource "ec2.transit_gateways" { 653 iac { 654 terraform { 655 type = "aws_ec2_transit_gateway" 656 } 657 } 658 } 659 660 resource "ec2.vpc_endpoints" { 661 iac { 662 terraform { 663 type = "aws_vpc_endpoint" 664 } 665 } 666 } 667 668 resource "ec2.vpc_peering_connections" { 669 iac { 670 terraform { 671 type = "aws_vpc_peering_connection" 672 } 673 } 674 } 675 676 resource "ec2.vpcs" { 677 filters = [ "c.is_default!=true" ] 678 679 iac { 680 terraform { 681 type = "aws_vpc" 682 } 683 } 684 } 685 686 resource "ec2.vpn_gateways" { 687 iac { 688 terraform { 689 type = "aws_vpn_gateway" 690 } 691 } 692 } 693 694 resource "ecr.repositories" { 695 identifiers = [ "name" ] 696 697 iac { 698 terraform { 699 type = "aws_ecr_repository" 700 } 701 } 702 } 703 704 resource "ecs.clusters" { 705 identifiers = [ "arn" ] 706 707 iac { 708 terraform { 709 type = "aws_ecs_cluster" 710 } 711 } 712 } 713 714 resource "efs.filesystems" { 715 iac { 716 terraform { 717 type = "aws_efs_file_system" 718 } 719 } 720 } 721 722 resource "eks.clusters" { 723 identifiers = [ "name" ] 724 725 iac { 726 terraform { 727 type = "aws_eks_cluster" 728 } 729 } 730 } 731 732 resource "elasticbeanstalk.environments" { 733 iac { 734 terraform { 735 type = "aws_elastic_beanstalk_environment" 736 } 737 } 738 } 739 740 resource "elasticsearch.domains" { 741 identifiers = [ "arn" ] 742 743 iac { 744 terraform { 745 type = "aws_elasticsearch_domain" 746 } 747 } 748 } 749 750 resource "elbv1.load_balancers" { 751 iac { 752 terraform { 753 type = "aws_elb" 754 } 755 } 756 } 757 758 resource "elbv2.load_balancers" { 759 iac { 760 terraform { 761 type = "aws_lb" 762 } 763 } 764 } 765 766 resource "elbv2.target_groups" { 767 iac { 768 terraform { 769 type = "aws_lb_target_group" 770 } 771 } 772 } 773 774 resource "emr.clusters" { 775 iac { 776 terraform { 777 type = "aws_emr_cluster" 778 } 779 } 780 } 781 782 resource "fsx.backups" { 783 iac { 784 terraform { 785 type = "aws_fsx_backup" 786 } 787 } 788 } 789 790 resource "iam.groups" { 791 identifiers = [ "name" ] 792 iac { 793 terraform { 794 type = "aws_iam_group" 795 } 796 } 797 } 798 799 resource "iam.openid_connect_identity_providers" { 800 iac { 801 terraform { 802 type = "aws_iam_openid_connect_provider" 803 } 804 } 805 } 806 807 # TODO: iam.password_policies (no data in tests) 808 809 resource "iam.policies" { 810 identifiers = [ "arn" ] 811 812 iac { 813 terraform { 814 type = "aws_iam_policy" 815 } 816 } 817 } 818 819 resource "iam.roles" { 820 identifiers = [ "name" ] 821 iac { 822 terraform { 823 type = "aws_iam_role" 824 } 825 } 826 } 827 828 resource "iam.saml_identity_providers" { 829 iac { 830 terraform { 831 type = "aws_iam_saml_provider" 832 } 833 } 834 } 835 836 resource "iam.server_certificates" { 837 iac { 838 terraform { 839 type = "aws_iam_server_certificate" 840 } 841 } 842 } 843 844 resource "iam.users" { 845 identifiers = ["user_name"] 846 attributes = [ "arn", "path", "permissions_boundary_arn", "permissions_boundary_type", "tags" ] 847 848 iac { 849 terraform { 850 type = "aws_iam_user" 851 } 852 } 853 } 854 855 resource "aws_iam_user_groups" { 856 identifiers = [ "group_name" ] 857 858 iac { 859 terraform { 860 type = "aws_iam_group" 861 } 862 } 863 } 864 865 resource "aws_iam_user_access_keys" { 866 iac { 867 terraform { 868 type = "aws_iam_access_key" 869 } 870 } 871 } 872 873 resource "aws_iam_user_attached_policies" { 874 identifiers = [ sql("CONCAT(parent.user_name, ':user_', c.policy_name)") ] 875 876 iac { 877 terraform { 878 type = "aws_iam_user_policy" 879 } 880 } 881 } 882 883 resource "aws_iam_user_policies" { 884 identifiers = [ sql("CONCAT(parent.user_name, ':', c.policy_name)") ] 885 886 iac { 887 terraform { 888 type = "aws_iam_user_policy" 889 } 890 } 891 } 892 893 # TODO: iam.virtual_mfa_devices (no data in tests) 894 895 resource "kms.keys" { 896 identifiers = [ "id" ] 897 iac { 898 terraform { 899 type = "aws_kms_key" 900 } 901 } 902 } 903 904 resource "lambda.functions" { 905 identifiers = [ "name" ] 906 iac { 907 terraform { 908 type = "aws_lambda_function" 909 } 910 } 911 } 912 913 resource "aws_lambda_layer_versions" { 914 identifiers = [ sql("CONCAT(parent.arn, ':', c.version)") ] 915 916 iac { 917 terraform { 918 type = "aws_lambda_layer_version" 919 } 920 } 921 } 922 923 resource "mq.brokers" { 924 iac { 925 terraform { 926 type = "aws_mq_broker" 927 } 928 } 929 } 930 931 # Unmatched: organizations.accounts 932 933 # Unmatched: rds.certificates (mode: data) 934 935 resource "rds.clusters" { 936 identifiers = [ "db_cluster_identifier" ] 937 iac { 938 terraform { 939 type = "aws_rds_cluster" 940 } 941 } 942 } 943 944 resource "rds.db_subnet_groups" { 945 identifiers = [ "name" ] 946 filters = [ 947 "NOT EXISTS (SELECT 1 FROM aws_ec2_vpcs WHERE id=c.vpc_id AND is_default)", 948 ] 949 iac { 950 terraform { 951 type = "aws_db_subnet_group" 952 } 953 } 954 } 955 956 resource "rds.instances" { 957 identifiers = [ "db_name" ] 958 959 iac { 960 terraform { 961 type = "aws_rds_cluster_instance" 962 } 963 } 964 } 965 966 resource "redshift.clusters" { 967 iac { 968 terraform { 969 type = "aws_redshift_cluster" 970 } 971 } 972 } 973 974 resource "redshift.subnet_groups" { 975 filters = [ 976 "NOT EXISTS (SELECT 1 FROM aws_ec2_vpcs WHERE id=c.vpc_id AND is_default)", 977 ] 978 iac { 979 terraform { 980 type = "aws_redshift_subnet_group" 981 } 982 } 983 } 984 985 # TODO: route53.domains ("aws_route53_record" but no data in tests) 986 987 resource "route53.health_checks" { 988 iac { 989 terraform { 990 type = "aws_route53_health_check" 991 } 992 } 993 } 994 995 resource "route53.hosted_zones" { 996 iac { 997 terraform { 998 type = "aws_route53_zone" 999 } 1000 } 1001 } 1002 1003 resource "route53.reusable_delegation_sets" { 1004 identifiers = [ sql("SPLIT_PART(c.id, '/', 3)") ] 1005 iac { 1006 terraform { 1007 type = "aws_route53_delegation_set" 1008 } 1009 } 1010 } 1011 1012 # TODO: route53.traffic_policies (no data in tests) 1013 1014 resource "s3.buckets" { 1015 ignore_attributes = [ "name" ] 1016 1017 iac { 1018 terraform { 1019 type = "aws_s3_bucket" 1020 } 1021 } 1022 } 1023 1024 resource "sns.subscriptions" { 1025 iac { 1026 terraform { 1027 type = "aws_sns_topic_subscription" 1028 } 1029 } 1030 } 1031 1032 resource "sns.topics" { 1033 iac { 1034 terraform { 1035 type = "aws_sns_topic" 1036 } 1037 } 1038 } 1039 1040 resource "sqs.queues" { 1041 identifiers = [ "url" ] 1042 ignore_attributes = [ "policy", "redrive_policy" ] # string type in TF, json type in CQ 1043 iac { 1044 terraform { 1045 type = "aws_sqs_queue" 1046 } 1047 } 1048 } 1049 1050 resource "waf.rule_groups" { 1051 sets = [ "rule_ids" ] 1052 iac { 1053 terraform { 1054 type = "aws_waf_rule_group" 1055 attribute_map = [ 1056 "rule_ids=activated_rule.#.rule_id" 1057 ] 1058 } 1059 } 1060 } 1061 1062 resource "waf.rules" { 1063 iac { 1064 terraform { 1065 type = "aws_waf_rule" 1066 } 1067 } 1068 } 1069 1070 # TODO: waf.subscribed_rule_groups (no data in tests) 1071 1072 resource "waf.web_acls" { 1073 iac { 1074 terraform { 1075 type = "aws_waf_web_acl" 1076 } 1077 } 1078 } 1079 1080 # Unmatched: wafv2.managed_rule_groups 1081 1082 resource "wafv2.rule_groups" { 1083 iac { 1084 terraform { 1085 type = "aws_wafv2_rule_group" 1086 } 1087 } 1088 } 1089 1090 resource "wafv2.web_acls" { 1091 iac { 1092 terraform { 1093 type = "aws_wafv2_web_acl" 1094 } 1095 } 1096 } 1097 1098/* 1099 ignore_resources = [ 1100 "ec2.instances:*", 1101 "iam.users", 1102 "s3.buckets:*" 1103 ] 1104*/ 1105 } 1106 1107 1108} 1109