github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/cloudformation/aws/ec2/launch_template.go (about) 1 package ec2 2 3 import ( 4 "github.com/aquasecurity/defsec/pkg/providers/aws/ec2" 5 "github.com/aquasecurity/defsec/pkg/types" 6 "github.com/aquasecurity/trivy-iac/pkg/scanners/cloudformation/parser" 7 ) 8 9 func getLaunchTemplates(file parser.FileContext) (templates []ec2.LaunchTemplate) { 10 launchConfigResources := file.GetResourcesByType("AWS::EC2::LaunchTemplate") 11 12 for _, r := range launchConfigResources { 13 templates = append(templates, adaptLaunchTemplate(r)) 14 } 15 return templates 16 } 17 18 func adaptLaunchTemplate(r *parser.Resource) ec2.LaunchTemplate { 19 launchTemplate := ec2.LaunchTemplate{ 20 Metadata: r.Metadata(), 21 Name: r.GetStringProperty("LaunchTemplateName", ""), 22 Instance: ec2.Instance{ 23 Metadata: r.Metadata(), 24 MetadataOptions: ec2.MetadataOptions{ 25 Metadata: r.Metadata(), 26 HttpTokens: types.StringDefault("optional", r.Metadata()), 27 HttpEndpoint: types.StringDefault("enabled", r.Metadata()), 28 }, 29 UserData: types.StringDefault("", r.Metadata()), 30 }, 31 } 32 33 if data := r.GetProperty("LaunchTemplateData"); data.IsNotNil() { 34 if opts := data.GetProperty("MetadataOptions"); opts.IsNotNil() { 35 launchTemplate.MetadataOptions = ec2.MetadataOptions{ 36 Metadata: opts.Metadata(), 37 HttpTokens: opts.GetStringProperty("HttpTokens", "optional"), 38 HttpEndpoint: opts.GetStringProperty("HttpEndpoint", "enabled"), 39 } 40 } 41 42 launchTemplate.Instance.UserData = data.GetStringProperty("UserData", "") 43 44 blockDevices := getBlockDevices(r) 45 for i, device := range blockDevices { 46 copyDevice := device 47 if i == 0 { 48 launchTemplate.RootBlockDevice = copyDevice 49 } else { 50 launchTemplate.EBSBlockDevices = append(launchTemplate.EBSBlockDevices, device) 51 } 52 } 53 } 54 55 return launchTemplate 56 }