github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/ec2/autoscaling.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/internal/adapters/cloud/aws/ec2/autoscaling.go (about)

     1  package ec2
     2  
     3  import (
     4  	"fmt"
     5  
     6  	"github.com/khulnasoft-lab/defsec/pkg/concurrency"
     7  	defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types"
     8  
     9  	ec2api "github.com/aws/aws-sdk-go-v2/service/ec2"
    10  	"github.com/aws/aws-sdk-go-v2/service/ec2/types"
    11  	"github.com/khulnasoft-lab/defsec/pkg/providers/aws/ec2"
    12  )
    13  
    14  func (a *adapter) getLaunchTemplates() ([]ec2.LaunchTemplate, error) {
    15  
    16  	a.Tracker().SetServiceLabel("Discovering launch templates...")
    17  
    18  	input := ec2api.DescribeLaunchTemplatesInput{}
    19  
    20  	var apiTemplates []types.LaunchTemplate
    21  	for {
    22  		output, err := a.client.DescribeLaunchTemplates(a.Context(), &input)
    23  		if err != nil {
    24  			return nil, err
    25  		}
    26  		apiTemplates = append(apiTemplates, output.LaunchTemplates...)
    27  		a.Tracker().SetTotalResources(len(apiTemplates))
    28  		if output.NextToken == nil {
    29  			break
    30  		}
    31  		input.NextToken = output.NextToken
    32  	}
    33  
    34  	a.Tracker().SetServiceLabel("Adapting launch templates...")
    35  	return concurrency.Adapt(apiTemplates, a.RootAdapter, a.adaptLaunchTemplate), nil
    36  }
    37  
    38  func (a *adapter) adaptLaunchTemplate(template types.LaunchTemplate) (*ec2.LaunchTemplate, error) {
    39  
    40  	metadata := a.CreateMetadata("launch-template/" + *template.LaunchTemplateId)
    41  
    42  	var version string
    43  	if template.DefaultVersionNumber != nil {
    44  		version = fmt.Sprintf("%d", *template.DefaultVersionNumber)
    45  	} else if template.LatestVersionNumber != nil {
    46  		version = fmt.Sprintf("%d", *template.LatestVersionNumber)
    47  	}
    48  
    49  	output, err := a.client.DescribeLaunchTemplateVersions(a.Context(), &ec2api.DescribeLaunchTemplateVersionsInput{
    50  		LaunchTemplateId: template.LaunchTemplateId,
    51  		Versions:         []string{version},
    52  	})
    53  	if err != nil {
    54  		return nil, err
    55  	}
    56  
    57  	if len(output.LaunchTemplateVersions) == 0 {
    58  		return nil, fmt.Errorf("launch template not found")
    59  	}
    60  
    61  	templateData := output.LaunchTemplateVersions[0].LaunchTemplateData
    62  
    63  	instance := ec2.NewInstance(metadata)
    64  	if templateData.MetadataOptions != nil {
    65  		instance.MetadataOptions.HttpTokens = defsecTypes.StringDefault(string(templateData.MetadataOptions.HttpTokens), metadata)
    66  		instance.MetadataOptions.HttpEndpoint = defsecTypes.StringDefault(string(templateData.MetadataOptions.HttpEndpoint), metadata)
    67  	}
    68  
    69  	if templateData.BlockDeviceMappings != nil {
    70  		for _, blockMapping := range templateData.BlockDeviceMappings {
    71  			ebsDevice := &ec2.BlockDevice{
    72  				Metadata:  metadata,
    73  				Encrypted: defsecTypes.BoolDefault(false, metadata),
    74  			}
    75  			if blockMapping.Ebs != nil && blockMapping.Ebs.Encrypted != nil {
    76  				ebsDevice.Encrypted = defsecTypes.BoolDefault(*blockMapping.Ebs.Encrypted, metadata)
    77  			}
    78  			instance.EBSBlockDevices = append(instance.EBSBlockDevices, ebsDevice)
    79  		}
    80  	}
    81  
    82  	return &ec2.LaunchTemplate{
    83  		Metadata: metadata,
    84  		Instance: *instance,
    85  	}, nil
    86  }