github.com/aquasecurity/trivy-iac@v0.8.1-0.20240127024015-3d8e412cf0ab/internal/adapters/cloudformation/aws/rds/cluster.go (about) 1 package rds 2 3 import ( 4 "github.com/aquasecurity/defsec/pkg/providers/aws/rds" 5 defsecTypes "github.com/aquasecurity/defsec/pkg/types" 6 "github.com/aquasecurity/trivy-iac/pkg/scanners/cloudformation/parser" 7 ) 8 9 func getClusters(ctx parser.FileContext) (clusters map[string]rds.Cluster) { 10 clusters = make(map[string]rds.Cluster) 11 for _, clusterResource := range ctx.GetResourcesByType("AWS::RDS::DBCluster") { 12 clusters[clusterResource.ID()] = rds.Cluster{ 13 Metadata: clusterResource.Metadata(), 14 BackupRetentionPeriodDays: clusterResource.GetIntProperty("BackupRetentionPeriod", 1), 15 PerformanceInsights: rds.PerformanceInsights{ 16 Metadata: clusterResource.Metadata(), 17 Enabled: clusterResource.GetBoolProperty("PerformanceInsightsEnabled"), 18 KMSKeyID: clusterResource.GetStringProperty("PerformanceInsightsKmsKeyId"), 19 }, 20 Encryption: rds.Encryption{ 21 Metadata: clusterResource.Metadata(), 22 EncryptStorage: clusterResource.GetBoolProperty("StorageEncrypted"), 23 KMSKeyID: clusterResource.GetStringProperty("KmsKeyId"), 24 }, 25 PublicAccess: defsecTypes.BoolDefault(false, clusterResource.Metadata()), 26 Engine: clusterResource.GetStringProperty("Engine", rds.EngineAurora), 27 LatestRestorableTime: defsecTypes.TimeUnresolvable(clusterResource.Metadata()), 28 DeletionProtection: clusterResource.GetBoolProperty("DeletionProtection"), 29 } 30 } 31 return clusters 32 } 33 34 func getClassic(ctx parser.FileContext) rds.Classic { 35 return rds.Classic{ 36 DBSecurityGroups: getClassicSecurityGroups(ctx), 37 } 38 } 39 40 func getClassicSecurityGroups(ctx parser.FileContext) (groups []rds.DBSecurityGroup) { 41 for _, dbsgResource := range ctx.GetResourcesByType("AWS::RDS::DBSecurityGroup") { 42 group := rds.DBSecurityGroup{ 43 Metadata: dbsgResource.Metadata(), 44 } 45 groups = append(groups, group) 46 } 47 return groups 48 }