add sche,a and amplify

Makefile

@@ -78,3 +78,6 @@ gci:
 
 fmt:
 	gofumpt -l -w .
+
+schema:
+	wget -qO- https://schema.cloudformation.us-east-1.amazonaws.com/CloudformationSchema.zip  |tar xvz -C ./src/schema

src/aws.go

@@ -55,7 +55,6 @@ func GetAWSResourcePermissions(result ResourceV2) ([]string, error) {
 	)
 
 	if temp := AwsLookup(result.Name); temp != nil {
-
 		Permissions, err = GetPermissionMap(temp.([]byte), result.Attributes, result.Name)
 	} else {
 		return nil, fmt.Errorf("%s not implemented", result.Name)
@@ -837,6 +836,9 @@ func AwsLookup(name string) interface{} {
 		"aws_xray_group":                                           awsXrayGroup,
 		"aws_xray_sampling_rule":                                   awsXraySamplingRule,
 		"backend":                                                  s3backend,
+		"aws_amplify_app":                                          awsAmplifyApp,
+		"aws_amplify_branch":                                       awsAmplifyBranch,
+		"aws_amplify_domain_association":                           awsAmplifyDomainAssociation,
 	}
 
 	return TFLookup[name]
@@ -857,7 +859,6 @@ func Contains(s []string, e string) bool {
 func GetPermissionMap(raw []byte, attributes []string, resource string) ([]string, error) {
 	var mappings []interface{}
 	err := json.Unmarshal(raw, &mappings)
-
 	if err != nil {
 		return nil, fmt.Errorf("failed to unmarshal json %w for %s", err, resource)
 	}
@@ -883,7 +884,6 @@ func GetPermissionMap(raw []byte, attributes []string, resource string) ([]strin
 	for _, attribute := range attributes {
 		if myAttributes[attribute] != nil {
 			for _, entry := range myAttributes[attribute].([]interface{}) {
-
 				found = append(
 					found,
 					entry.(string),

src/azure.go

@@ -34,7 +34,6 @@ func GetAZUREResourcePermissions(result ResourceV2) ([]string, error) {
 	if temp != nil {
 		Permissions, err = GetPermissionMap(temp.([]byte), result.Attributes, result.Name)
 	} else {
-
 		//goland:noinspection GoLinter
 		return nil, &notImplementedResourceError{result.Name}
 	}

src/compare.go

@@ -50,7 +50,6 @@ func Compare(directory string, arn string, init bool) (bool, error) {
 func CompareIAMPolicy(policy string, oldPolicy string) (bool, error) {
 	differ := diff.New()
 	compare, err := differ.Compare([]byte(policy), []byte(oldPolicy))
-
 	if err != nil {
 		return false, err
 	}
@@ -70,7 +69,6 @@ func CompareIAMPolicy(policy string, oldPolicy string) (bool, error) {
 
 		myFormatter := formatter.NewAsciiFormatter(aJSON, myConfig)
 		diffString, err := myFormatter.Format(compare)
-
 		if err != nil {
 			return false, err
 		}

src/coverage/aws.md

@@ -1,12 +1,9 @@
 # todo aws
 
-Resource percentage coverage   55.18
+Resource percentage coverage   55.40
 Datasource percentage coverage 100.00
 
-./resource.ps1 aws_amplify_app
 ./resource.ps1 aws_amplify_backend_environment
-./resource.ps1 aws_amplify_branch
-./resource.ps1 aws_amplify_domain_association
 ./resource.ps1 aws_amplify_webhook
 ./resource.ps1 aws_appconfig_deployment
 ./resource.ps1 aws_appconfig_deployment_strategy

src/coverage/coverage.go

@@ -46,7 +46,6 @@ func coverageAWS() error {
 
 	target = Prepend + target
 	err := os.WriteFile("aws.md", []byte(target), 0o700)
-
 	if err != nil {
 		return err
 	}
@@ -81,7 +80,6 @@ func coverageAzure() error {
 
 	target = Prepend + target
 	err := os.WriteFile("azure.md", []byte(target), 0o700)
-
 	if err != nil {
 		return err
 	}
@@ -116,7 +114,6 @@ func coverageGcp() error {
 
 	target = Prepend + target
 	err := os.WriteFile("google.md", []byte(target), 0o700)
-
 	if err != nil {
 		return err
 	}

src/data.go

@@ -102,7 +102,6 @@ func DetectBackend(resource ResourceV2, block *hclsyntax.Block, resources []Reso
 func GetResourceBlocks(file string) (*hclsyntax.Body, error) {
 	temp, _ := filepath.Abs(file)
 	src, err := os.ReadFile(temp)
-
 	if err != nil {
 		return nil, fmt.Errorf("failed to read file: %w", err)
 	}

src/files.go

@@ -2151,3 +2151,12 @@ var awsOamSink []byte
 
 //go:embed mapping/aws/resource/oam/aws_oam_sink_policy.json
 var awsOamSinkPolicy []byte
+
+//go:embed mapping/aws/resource/amplify/aws_amplify_app.json
+var awsAmplifyApp []byte
+
+//go:embed mapping/aws/resource/amplify/aws_amplify_branch.json
+var awsAmplifyBranch []byte
+
+//go:embed mapping/aws/resource/amplify/aws_amplify_domain_association.json
+var awsAmplifyDomainAssociation []byte

src/gcp_policy.go

@@ -28,7 +28,6 @@ func GCPPolicy(permissions []string) (string, error) {
 	var output bytes.Buffer
 
 	tmpl, err := template.New("test").Parse(string(policyGCPTemplate))
-
 	if err != nil {
 		return "", fmt.Errorf("failed to parse template %w", err)
 	}

src/gcp_test.go

@@ -22,19 +22,25 @@ func TestGetGCPPermissions(t *testing.T) {
 	}{
 		{name: "missing", args: args{
 			result: pike.ResourceV2{
-				TypeName: "bogus", Name: "bogus"}}, wantErr: true},
+				TypeName: "bogus", Name: "bogus",
+			},
+		}, wantErr: true},
 		{name: "notype", args: args{
 			result: pike.ResourceV2{
 				TypeName: "bogus", Name: "google_compute_duff", ResourceName: "pike", Provider: "azurerm", Attributes: []string{
 					"name",
 					"machine_type", "zone",
-				}}}, wantErr: true},
+				},
+			},
+		}, wantErr: true},
 		{name: "not implemented", args: args{
 			result: pike.ResourceV2{
 				TypeName: "data", Name: "google_compute_duff", ResourceName: "pike", Provider: "azurerm", Attributes: []string{
 					"name",
 					"machine_type", "zone",
-				}}}, wantErr: true},
+				},
+			},
+		}, wantErr: true},
 		{
 			name: "resource",
 			args: args{

src/gitHub.go

@@ -88,7 +88,6 @@ func InvokeGithubDispatchEvent(repository string, workflowFileName string, branc
 func VerifyBranch(client *github.Client, owner string, repo string, branch string) error {
 	ctx := context.Background()
 	branches, _, err := client.Repositories.ListBranches(ctx, owner, repo, nil)
-
 	if err != nil {
 		return err
 	}

src/inspect_test.go

@@ -42,14 +42,30 @@ func TestCompareAllow(t *testing.T) {
 		want    PolicyDiff
 		wantErr bool
 	}{
-		{"pass empty",
-			args{identity, policy}, PolicyDiff{}, false},
-		{"pass not empty",
-			args{identity, morePolicy}, PolicyDiff{nil, []string{"s3:*", "s3-object-lambda:*"}}, false},
-		{"pass",
-			args{moreIdentity, morePolicy}, PolicyDiff{}, false},
-		{"different",
-			args{moreIdentity, policy}, PolicyDiff{[]string{"s3:*", "s3-object-lambda:*"}, nil}, false},
+		{
+			"pass empty",
+			args{identity, policy},
+			PolicyDiff{},
+			false,
+		},
+		{
+			"pass not empty",
+			args{identity, morePolicy},
+			PolicyDiff{nil, []string{"s3:*", "s3-object-lambda:*"}},
+			false,
+		},
+		{
+			"pass",
+			args{moreIdentity, morePolicy},
+			PolicyDiff{},
+			false,
+		},
+		{
+			"different",
+			args{moreIdentity, policy},
+			PolicyDiff{[]string{"s3:*", "s3-object-lambda:*"}, nil},
+			false,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

src/make.go

@@ -136,7 +136,7 @@ func tfPlan(policyPath string) error {
 	}
 
 	outfile := filepath.Join(policyPath, "tf.json")
-	err = os.WriteFile(outfile, stdout, 0666)
+	err = os.WriteFile(outfile, stdout, 0o666)
 
 	if err != nil {
 		return fmt.Errorf("terraform show failed %w", err)

src/mapping/aws/resource/acm-pa/aws_acmpca_certificate.json

@@ -8,7 +8,9 @@
     "attributes": {
       "tags": []
     },
-    "destroy": [],
+    "destroy": [
+      "acm-pca:RevokeCertificate"
+    ],
     "modify": [],
     "plan": []
   }

src/mapping/aws/resource/amplify/aws_amplify_app.json

@@ -0,0 +1,33 @@
+[
+  {
+    "apply": [
+      "amplify:GetApp",
+      "amplify:CreateApp",
+      "amplify:TagResource",
+      "codecommit:GetRepository",
+      "codecommit:PutRepositoryTriggers",
+      "codecommit:GetRepositoryTriggers",
+      "sns:CreateTopic",
+      "sns:Subscribe",
+      "sns:Unsubscribe",
+      "iam:PassRole",
+      "amplify:DeleteApp",
+      "amplify:UpdateApp",
+      "amplify:ListTagsForResource"
+    ],
+    "attributes": {
+      "tags": [
+        "amplify:TagResource",
+        "amplify:UntagResource"
+      ]
+    },
+    "destroy": [
+      "amplify:DeleteApp",
+      "sns:Unsubscribe"
+    ],
+    "modify": [
+      "amplify:UpdateApp"
+    ],
+    "plan": []
+  }
+]

src/mapping/aws/resource/amplify/aws_amplify_branch.json

@@ -0,0 +1,38 @@
+[
+  {
+    "apply": [
+      "amplify:GetBranch",
+      "amplify:CreateBranch",
+      "amplify:TagResource",
+      "codecommit:GetRepository",
+      "codecommit:PutRepositoryTriggers",
+      "codecommit:GetRepositoryTriggers",
+      "s3:GetObject",
+      "s3:GetObjectAcl",
+      "s3:PutObject",
+      "s3:PutObjectAcl",
+      "iam:PassRole",
+      "amplify:DeleteBranch",
+      "amplify:ListTagsForResource",
+      "amplify:UpdateBranch"
+    ],
+    "attributes": {
+      "enable_notifications": [
+        "sns:CreateTopic",
+        "sns:Subscribe",
+        "sns:Unsubscribe"
+      ],
+      "tags": [
+        "amplify:TagResource",
+        "amplify:UntagResource"
+      ]
+    },
+    "destroy": [
+      "amplify:DeleteBranch"
+    ],
+    "modify": [
+      "amplify:UpdateBranch"
+    ],
+    "plan": []
+  }
+]

src/mapping/aws/resource/amplify/aws_amplify_domain_association.json

@@ -0,0 +1,28 @@
+[
+  {
+    "apply": [
+      "amplify:CreateDomainAssociation",
+      "route53:ListHostedZones",
+      "route53:ChangeResourceRecordSets",
+      "iam:PassRole",
+      "amplify:DeleteDomainAssociation",
+      "amplify:ListTagsForResource",
+      "amplify:GetDomainAssociation",
+      "route53:ListHostedZones"
+    ],
+    "attributes": {
+      "tags": [
+        "amplify:TagResource",
+        "amplify:UntagResource"
+      ]
+    },
+    "destroy": [
+      "amplify:DeleteDomainAssociation"
+    ],
+    "modify": [
+      "amplify:UpdateDomainAssociation",
+      "route53:ChangeResourceRecordSets"
+    ],
+    "plan": []
+  }
+]