github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/cloudformation/aws/dynamodb/cluster.go

github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/cloudformation/aws/dynamodb/cluster.go (about)

     1  package dynamodb
     2  
     3  import (
     4  	"github.com/aquasecurity/defsec/pkg/providers/aws/dynamodb"
     5  	defsecTypes "github.com/aquasecurity/defsec/pkg/types"
     6  	"github.com/aquasecurity/trivy-iac/pkg/scanners/cloudformation/parser"
     7  )
     8  
     9  func getClusters(file parser.FileContext) (clusters []dynamodb.DAXCluster) {
    10  
    11  	clusterResources := file.GetResourcesByType("AWS::DAX::Cluster")
    12  
    13  	for _, r := range clusterResources {
    14  		cluster := dynamodb.DAXCluster{
    15  			Metadata: r.Metadata(),
    16  			ServerSideEncryption: dynamodb.ServerSideEncryption{
    17  				Metadata: r.Metadata(),
    18  				Enabled:  defsecTypes.BoolDefault(false, r.Metadata()),
    19  				KMSKeyID: defsecTypes.StringDefault("", r.Metadata()),
    20  			},
    21  			PointInTimeRecovery: defsecTypes.BoolUnresolvable(r.Metadata()),
    22  		}
    23  
    24  		if sseProp := r.GetProperty("SSESpecification"); sseProp.IsNotNil() {
    25  			cluster.ServerSideEncryption = dynamodb.ServerSideEncryption{
    26  				Metadata: sseProp.Metadata(),
    27  				Enabled:  r.GetBoolProperty("SSESpecification.SSEEnabled"),
    28  				KMSKeyID: defsecTypes.StringUnresolvable(sseProp.Metadata()),
    29  			}
    30  		}
    31  
    32  		clusters = append(clusters, cluster)
    33  	}
    34  
    35  	return clusters
    36  }