Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Shield Tables #2315

Merged
merged 41 commits into from
Oct 29, 2024
Merged

Adding Shield Tables #2315

merged 41 commits into from
Oct 29, 2024

Conversation

dbermuehler
Copy link
Contributor

@dbermuehler dbermuehler commented Sep 26, 2024

This PR adds all relevant Shield APIs as tables to Steampipe. It will add the following new tables:

  • aws_shield_protection
  • aws_shield_protection_group
  • aws_shield_attack
  • aws_shield_attack_summary
  • aws_shield_attack_statistic
  • aws_shield_subscription
  • aws_shield_drt_access
  • aws_shield_emergency_contact

Since this is my first time contributing to this project and also the first time I worked with go, I would be more than happy to receive some feedback especially on the following points:

  1. Do you spot any obvious bugs?
  2. Is the code utilising caching, pointers, etc. efficiently?
  3. Is the way how I implemented the KeyColumns for the Get and List functions correct and can help to speed up the SQL queries?
  4. Do you agree with the division of the different APIs into the aforementioned tables?
  5. Do you agree with the names of the tables?
  6. Do you agree on the way how I split up the API JSON response in the different columns, especially in the table aws_shield_emergency_contact and aws_shield_attack_statistic
  7. Does the aws_shield_subscription table work properly if it is used with an AWS account that is not subscribed to Shield Advanced already?
  8. How can I improve the code to better follow yours or go's best practices?

Looking forward to your feedback! Cheers!

Integration test logs

Logs
Add passing integration test logs here

Example query results

Results

aws_shield_attack

select
  resource_arn,
  start_time,
  end_time
from
  aws_shield_attack
where
  start_time between current_date - interval '30 day' and current_date;
+--------------------------------------------------------------+---------------------------+---------------------------+
| resource_arn                                                 | start_time                | end_time                  |
+--------------------------------------------------------------+---------------------------+---------------------------+
| arn:aws:cloudfront::XXXXXXXXXXXXX:distribution/YYYYYYYYYYYYY | 2024-10-22T09:10:00+02:00 | 2024-10-22T09:20:00+02:00 |
| arn:aws:cloudfront::XXXXXXXXXXXXX:distribution/YYYYYYYYYYYYY | 2024-10-20T17:09:00+02:00 | 2024-10-20T17:18:00+02:00 |
| arn:aws:cloudfront::XXXXXXXXXXXXX:distribution/YYYYYYYYYYYYY | 2024-10-06T10:33:00+02:00 | 2024-10-06T10:39:00+02:00 |
+--------------------------------------------------------------+---------------------------+---------------------------+

aws_shield_attack_statistic

select
  max,
  unit,
  attack_count
from
  aws_shield_attack_statistic
order by
  attack_count desc;
+--------------------+-------------------+--------------+
| max                | unit              | attack_count |
+--------------------+-------------------+--------------+
| 6439917.8166666668 | RequestsPerSecond | 38           |
+--------------------+-------------------+--------------+

aws_shield_drt_access

select
  role_arn,
  log_bucket_list
from
  aws_shield_drt_access;
+-------------------------------------------+-----------------+
| role_arn                                  | log_bucket_list |
+-------------------------------------------+-----------------+
| arn:aws:iam::XXXXXXXXXXXX:role/DRT-Role   | <null>          |
+-------------------------------------------+-----------------+

aws_shield_emergency_contact

select
  email_address,
  phone_number,
  contact_notes
from
  aws_shield_emergency_contact;
+------------------------------------+--------------+---------------------------------------------------------------------------------------------------------------------+
| email_address                      | phone_number | contact_notes                                                                                                       |
+------------------------------------+--------------+---------------------------------------------------------------------------------------------------------------------+
| [email protected] | <null>       | The email address provided notifies a member of the DDoS response team of company.com who is currently on-call. |
+------------------------------------+--------------+---------------------------------------------------------------------------------------------------------------------+

aws_shield_protection

select
  name,
  resource_arn
from
  aws_shield_protection;
+-------------------+--------------------------------------------------------------+
| name              | resource_arn                                                 |
+-------------------+--------------------------------------------------------------+
| company.com       | arn:aws:route53:::hostedzone/XXXXXXXXXXXXXX                  |
| distribution-1    | arn:aws:cloudfront::FFFFFFFFFFFF:distribution/YYYYYYYYYYYYYY |
| distribution-2    | arn:aws:cloudfront::FFFFFFFFFFFF:distribution/XXXXXXXXXXXXXX |
| distribution-3    | arn:aws:cloudfront::FFFFFFFFFFFF:distribution/ZZZZZZZZZZZZZZ |
| distribution-4    | arn:aws:cloudfront::FFFFFFFFFFFF:distribution/AAAAAAAAAAAAAA |
| distribution-5    | arn:aws:cloudfront::FFFFFFFFFFFF:distribution/BBBBBBBBBBBBBB |
| distribution-6    | arn:aws:cloudfront::FFFFFFFFFFFF:distribution/CCCCCCCCCCCCCC |
| distribution-7    | arn:aws:cloudfront::FFFFFFFFFFFF:distribution/EEEEEEEEEEEEEE |
+-------------------+--------------------------------------------------------------+

aws_shield_subscription

select
  subscription_state,
  start_time,
  end_time,
  auto_renew,
  proactive_engagement_status
from
  aws_shield_subscription;
+--------------------+---------------------------+---------------------------+------------+-----------------------------+
| subscription_state | start_time                | end_time                  | auto_renew | proactive_engagement_status |
+--------------------+---------------------------+---------------------------+------------+-----------------------------+
| ACTIVE             | 2023-01-01T14:59:53+02:00 | 2025-01-01T14:59:53+02:00 | ENABLED    | DISABLED                    |
+--------------------+---------------------------+---------------------------+------------+-----------------------------+

aws_shield_protection_group

select
  protection_group_id,
  aggregation,
  pattern,
  resource_type
from
  aws_shield_protection_group;
+---------------------+-------------+------------------+----------------------+
| protection_group_id | aggregation | pattern          | resource_type        |
+---------------------+-------------+------------------+----------------------+
| Test                | SUM         | BY_RESOURCE_TYPE | ROUTE_53_HOSTED_ZONE |
+---------------------+-------------+------------------+----------------------+

@dbermuehler dbermuehler marked this pull request as draft September 26, 2024 11:24
@misraved misraved added the hacktoberfest-accepted This pull request has been accepted for Hacktoberfest label Sep 26, 2024
@misraved misraved requested a review from ParthaI September 26, 2024 11:43
@dbermuehler dbermuehler changed the title Adding aws_shield_protection table Adding Shield Tables Sep 27, 2024
@dbermuehler dbermuehler marked this pull request as ready for review September 27, 2024 14:46
Copy link
Contributor

@ParthaI ParthaI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @dbermuehler, I've provided a few initial review comments for the tables, particularly for aws_shield_attack. These comments can be applied across all the aws_shield_* tables.

Please take a look and make the necessary changes where applicable.

Additionally, the table documentation can be improved by adding more example queries by joining the tables.

Note: I see that we are updating the AWS SDK version to v1.31.0. Please ensure that this update does not affect any other tables.

Thanks!

aws/service.go Show resolved Hide resolved
aws/plugin.go Outdated Show resolved Hide resolved
aws/table_aws_shield_attack.go Outdated Show resolved Hide resolved
aws/table_aws_shield_attack.go Show resolved Hide resolved
aws/table_aws_shield_attack.go Outdated Show resolved Hide resolved
aws/table_aws_shield_attack.go Show resolved Hide resolved
aws/table_aws_shield_attack.go Outdated Show resolved Hide resolved
aws/table_aws_shield_attack.go Outdated Show resolved Hide resolved
aws/table_aws_shield_emergency_contact.go Show resolved Hide resolved
@rogerioacp
Copy link
Contributor

Hey folks, this is an awesome PR! Our team will really benefit from having this tables in Steampipe.
Is there an expected deadline to merge it?

Copy link
Contributor

@ParthaI ParthaI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @dbermuehler, I have left a few minor review comments. Please take look, thanks!

aws/table_aws_shield_attack.go Outdated Show resolved Hide resolved
aws/table_aws_shield_attack.go Show resolved Hide resolved
aws/table_aws_shield_protection.go Outdated Show resolved Hide resolved
aws/table_aws_shield_protection_group.go Outdated Show resolved Hide resolved
aws/table_aws_shield_protection.go Outdated Show resolved Hide resolved
aws/table_aws_shield_protection_group.go Outdated Show resolved Hide resolved
aws/table_aws_shield_protection_group.go Outdated Show resolved Hide resolved
aws/table_aws_shield_protection.go Outdated Show resolved Hide resolved
@ParthaI
Copy link
Contributor

ParthaI commented Oct 25, 2024

@misraved, could you please review this PR when you have a chance and proceed if everything looks good?

Note: Regarding the optional qualifiers (start_time and end_time) for the aws_shield_attack table, we have decided to temporarily remove support for them. Handling the various combinations of start_time and end_time with different query operators is a bit complex at the moment.

You can find the related discussion in the community channel.

Your feedback would be greatly appreciated.

Thanks!

@misraved
Copy link
Contributor

Thanks @dbermuehler for the new set of tables 👍!!

Could you please add query results(without any sensitive information) to the PR body?

@dbermuehler
Copy link
Contributor Author

dbermuehler commented Oct 28, 2024

Thank you @misraved. I added the queries, including the (anonymized) query results.

@misraved misraved merged commit d87d706 into turbot:main Oct 29, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
hacktoberfest-accepted This pull request has been accepted for Hacktoberfest
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants