ipam

JamesWoolfenden · Dec 5, 2023 · ff3eb22 · ff3eb22
1 parent 9a450cc
commit ff3eb22
Show file tree

Hide file tree

Showing 25 changed files with 365 additions and 19 deletions.
diff --git a/src/aws.go b/src/aws.go
@@ -587,6 +587,16 @@ func AwsLookup(name string) interface{} {
 		"aws_waf_sql_injection_match_set":                    awsWafSqlInjectionMatchSet,
 		"aws_waf_web_acl":                                    awsWafWebAcl,
 		"aws_waf_xss_match_set":                              awsWafXssNatchSet,
+		"aws_vpc_ipam":                                       awsVpcIpam,
+		"aws_vpc_ipam_pool":                                  awsVpcIpamPool,
+		"aws_vpc_ipam_pool_cidr":                             awsVpcIpamPoolCidr,
+		"aws_vpc_ipam_pool_cidr_allocation":                  awsVpcIpamPoolCidrAllocation,
+		"aws_vpc_ipam_preview_next_cidr":                     awsVpcIpamPreviewNextCidr,
+		"aws_vpc_ipam_resource_discovery":                    awsVpcIpamResourceDiscovery,
+		"aws_vpc_ipam_resource_discovery_association":        awsVpcIpamResourceDiscoveryAssociation,
+		"aws_vpc_ipam_scope":                                 awsVpcIpamScope,
+		"aws_vpc_security_group_egress_rule":                 awsVpcSecurityGroupEgressRule,
+		"aws_vpc_security_group_ingress_rule":                awsVpcSecurityGroupIngressRule,
 	}
 
 	return TFLookup[name]

diff --git a/src/coverage/aws.md b/src/coverage/aws.md
@@ -743,19 +743,9 @@ Datasource percentage coverage 99.60
 ./resource.ps1 aws_vpc_endpoint_policy
 ./resource.ps1 aws_vpc_endpoint_security_group_association
 ./resource.ps1 aws_vpc_endpoint_service_allowed_principal
-./resource.ps1 aws_vpc_ipam
 ./resource.ps1 aws_vpc_ipam_organization_admin_account
-./resource.ps1 aws_vpc_ipam_pool
-./resource.ps1 aws_vpc_ipam_pool_cidr
-./resource.ps1 aws_vpc_ipam_pool_cidr_allocation
-./resource.ps1 aws_vpc_ipam_preview_next_cidr
-./resource.ps1 aws_vpc_ipam_resource_discovery
-./resource.ps1 aws_vpc_ipam_resource_discovery_association
-./resource.ps1 aws_vpc_ipam_scope
 ./resource.ps1 aws_vpc_ipv6_cidr_block_association
 ./resource.ps1 aws_vpc_network_performance_metric_subscription
-./resource.ps1 aws_vpc_security_group_egress_rule
-./resource.ps1 aws_vpc_security_group_ingress_rule
 ./resource.ps1 aws_vpclattice_access_log_subscription
 ./resource.ps1 aws_vpclattice_auth_policy
 ./resource.ps1 aws_vpclattice_listener

diff --git a/src/files.go b/src/files.go
@@ -1413,3 +1413,33 @@ var awsWafWebAcl []byte
 
 //go:embed mapping/aws/resource/waf/aws_waf_xss_match_set.json
 var awsWafXssNatchSet []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_ipam.json
+var awsVpcIpam []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_ipam_pool.json
+var awsVpcIpamPool []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_ipam_pool_cidr.json
+var awsVpcIpamPoolCidr []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_ipam_pool_cidr_allocation.json
+var awsVpcIpamPoolCidrAllocation []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_ipam_preview_next_cidr.json
+var awsVpcIpamPreviewNextCidr []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_ipam_resource_discovery.json
+var awsVpcIpamResourceDiscovery []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_ipam_resource_discovery_association.json
+var awsVpcIpamResourceDiscoveryAssociation []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_ipam_scope.json
+var awsVpcIpamScope []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_security_group_egress_rule.json
+var awsVpcSecurityGroupEgressRule []byte
+
+//go:embed mapping/aws/resource/ec2/aws_vpc_security_group_ingress_rule.json
+var awsVpcSecurityGroupIngressRule []byte
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam.json
@@ -0,0 +1,25 @@
+[
+  {
+    "apply": [
+      "ec2:CreateIpam",
+      "iam:CreateServiceLinkedRole",
+      "ec2:DescribeIpams",
+      "ec2:DeleteIpam",
+      "ec2:ModifyIpam",
+      "ec2:DescribeTags"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ]
+    },
+    "destroy": [
+      "ec2:DeleteIpam"
+    ],
+    "modify": [
+      "ec2:ModifyIpam"
+    ],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool.json
@@ -0,0 +1,23 @@
+[
+  {
+    "apply": [
+      "ec2:CreateIpamPool",
+      "ec2:DescribeIpamPools",
+      "ec2:DeleteIpamPool",
+      "ec2:ModifyIpamPool"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ]
+    },
+    "destroy": [
+      "ec2:DeleteIpamPool"
+    ],
+    "modify": [
+      "ec2:ModifyIpamPool"
+    ],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool_cidr.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool_cidr.json
@@ -0,0 +1,14 @@
+[
+  {
+    "apply": [
+      "ec2:ProvisionIpamPoolCidr",
+      "ec2:GetIpamPoolCidrs"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool_cidr_allocation.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_pool_cidr_allocation.json
@@ -0,0 +1,19 @@
+[
+  {
+    "apply": [
+      "ec2:AllocateIpamPoolCidr",
+      "ec2:GetIpamPoolAllocations",
+      "ec2:ReleaseIpamPoolAllocation",
+      "ec2:DeprovisionIpamPoolCidr"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "ec2:DeprovisionIpamPoolCidr",
+      "ec2:ReleaseIpamPoolAllocation"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_preview_next_cidr.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_preview_next_cidr.json
@@ -0,0 +1,13 @@
+[
+  {
+    "apply": [
+      "ec2:AllocateIpamPoolCidr"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_resource_discovery.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_resource_discovery.json
@@ -0,0 +1,22 @@
+[
+  {
+    "apply": [
+      "ec2:CreateIpamResourceDiscovery",
+      "ec2:DescribeIpamResourceDiscoveries",
+      "ec2:DescribeTags"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ]
+    },
+    "destroy": [
+      "ec2:DeleteIpamResourceDiscovery"
+    ],
+    "modify": [
+      "ec2:ModifyIpamResourceDiscovery"
+    ],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_resource_discovery_association.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_resource_discovery_association.json
@@ -0,0 +1,20 @@
+[
+  {
+    "apply": [
+      "ec2:AssociateIpamResourceDiscovery",
+      "ec2:DescribeIpamResourceDiscoveryAssociations",
+      "ec2:DisassociateIpamResourceDiscovery"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ]
+    },
+    "destroy": [
+      "ec2:DisassociateIpamResourceDiscovery"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_ipam_scope.json b/src/mapping/aws/resource/ec2/aws_vpc_ipam_scope.json
@@ -0,0 +1,20 @@
+[
+  {
+    "apply": [
+      "ec2:CreateIpamScope",
+      "ec2:DescribeIpamScopes",
+      "ec2:DeleteIpamScope"
+    ],
+    "attributes": {
+      "tags": [
+        "ec2:CreateTags",
+        "ec2:DeleteTags"
+      ]
+    },
+    "destroy": [
+      "ec2:DeleteIpamScope"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_security_group_egress_rule.json b/src/mapping/aws/resource/ec2/aws_vpc_security_group_egress_rule.json
@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "ec2:AuthorizeSecurityGroupEgress",
+      "ec2:DescribeSecurityGroupRules",
+      "ec2:RevokeSecurityGroupEgress"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [],
+    "modify": [],
+    "plan": [
+      "ec2:RevokeSecurityGroupEgress"
+    ]
+  }
+]
diff --git a/src/mapping/aws/resource/ec2/aws_vpc_security_group_ingress_rule.json b/src/mapping/aws/resource/ec2/aws_vpc_security_group_ingress_rule.json
@@ -0,0 +1,17 @@
+[
+  {
+    "apply": [
+      "ec2:AuthorizeSecurityGroupIngress",
+      "ec2:DescribeSecurityGroupRules",
+      "ec2:RevokeSecurityGroupIngress"
+    ],
+    "attributes": {
+      "tags": []
+    },
+    "destroy": [
+      "ec2:RevokeSecurityGroupIngress"
+    ],
+    "modify": [],
+    "plan": []
+  }
+]
diff --git a/terraform/aws/backup/aws_vpc_ipam.tf b/terraform/aws/backup/aws_vpc_ipam.tf
@@ -0,0 +1,10 @@
+resource "aws_vpc_ipam" "example" {
+  description = "this"
+  operating_regions {
+    region_name = data.aws_region.current.name
+  }
+  tags = {
+    pike    = "permissions"
+    another = "tag"
+  }
+}
diff --git a/terraform/aws/backup/aws_vpc_ipam_pool.tf b/terraform/aws/backup/aws_vpc_ipam_pool.tf
@@ -0,0 +1,9 @@
+resource "aws_vpc_ipam_pool" "example" {
+  description    = "this"
+  address_family = "ipv4"
+  ipam_scope_id  = aws_vpc_ipam.example.private_default_scope_id
+  locale         = data.aws_region.current.name
+  tags = {
+    pike = "permissions"
+  }
+}
diff --git a/terraform/aws/backup/aws_vpc_ipam_pool_cidr.tf b/terraform/aws/backup/aws_vpc_ipam_pool_cidr.tf
@@ -0,0 +1,4 @@
+resource "aws_vpc_ipam_pool_cidr" "example" {
+  ipam_pool_id = aws_vpc_ipam_pool.example.id
+  cidr         = "172.20.0.0/16"
+}
diff --git a/terraform/aws/backup/aws_vpc_ipam_pool_cidr_allocation.tf b/terraform/aws/backup/aws_vpc_ipam_pool_cidr_allocation.tf
@@ -0,0 +1,10 @@
+data "aws_region" "current" {}
+#
+resource "aws_vpc_ipam_pool_cidr_allocation" "example" {
+  ipam_pool_id = aws_vpc_ipam_pool.example.id
+  cidr         = "172.20.0.0/24"
+  depends_on = [
+    aws_vpc_ipam_pool_cidr.example
+  ]
+  description = "pike"
+}
diff --git a/terraform/aws/backup/aws_vpc_ipam_preview_next_cidr.tf b/terraform/aws/backup/aws_vpc_ipam_preview_next_cidr.tf
@@ -0,0 +1,13 @@
+resource "aws_vpc_ipam_preview_next_cidr" "example" {
+  ipam_pool_id   = aws_vpc_ipam_pool.example.id
+  netmask_length = 28
+
+  disallowed_cidrs = [
+    "172.2.0.0/32",
+  ]
+
+  depends_on = [
+    aws_vpc_ipam_pool_cidr.example
+  ]
+
+}
diff --git a/terraform/aws/backup/aws_vpc_ipam_resource_discovery.tf b/terraform/aws/backup/aws_vpc_ipam_resource_discovery.tf
@@ -0,0 +1,10 @@
+resource "aws_vpc_ipam_resource_discovery" "pike" {
+  description = "My IPAM Resource Discovery"
+  operating_regions {
+    region_name = data.aws_region.current.name
+  }
+
+  tags = {
+    another = "tag"
+  }
+}
diff --git a/terraform/aws/backup/aws_vpc_ipam_resource_discovery_association.tf b/terraform/aws/backup/aws_vpc_ipam_resource_discovery_association.tf
@@ -0,0 +1,10 @@
+resource "aws_vpc_ipam_resource_discovery_association" "test" {
+  ipam_id                    = aws_vpc_ipam.example.id
+  ipam_resource_discovery_id = aws_vpc_ipam_resource_discovery.pike.id
+
+  tags = {
+    "Name"  = "test"
+    pike    = "permissions"
+    another = "tag"
+  }
+}
diff --git a/terraform/aws/backup/aws_vpc_ipam_scope.tf b/terraform/aws/backup/aws_vpc_ipam_scope.tf
@@ -0,0 +1,8 @@
+resource "aws_vpc_ipam_scope" "example" {
+  ipam_id     = aws_vpc_ipam.example.id
+  description = "Another Scope"
+  tags = {
+    pike    = "permissions"
+    another = "tag"
+  }
+}
diff --git a/terraform/aws/backup/aws_vpc_security_group_egress_rule.tf b/terraform/aws/backup/aws_vpc_security_group_egress_rule.tf
@@ -0,0 +1,14 @@
+resource "aws_vpc_security_group_egress_rule" "pike" {
+  security_group_id = aws_security_group.pike.id
+
+  cidr_ipv4   = "10.0.0.0/8"
+  from_port   = 80
+  ip_protocol = "tcp"
+  to_port     = 80
+  tags = {
+    pike    = "permissions"
+    another = "tag"
+  }
+}
+
+resource "aws_security_group" "pike" {}
diff --git a/terraform/aws/backup/aws_vpc_security_group_ingress_rule.tf b/terraform/aws/backup/aws_vpc_security_group_ingress_rule.tf
@@ -0,0 +1,11 @@
+resource "aws_vpc_security_group_ingress_rule" "pike" {
+  security_group_id = aws_security_group.pike.id
+
+  cidr_ipv4   = "10.0.0.0/8"
+  from_port   = 80
+  ip_protocol = "tcp"
+  to_port     = 80
+  tags = {
+    pike = "permissions"
+  }
+}