@infrascan/aws-cloudfront-scanner/dist/edges.mjs

Infrascan scanner definition for AWS Cloudfront

// src/edges.ts
import { formatEdge, formatS3NodeId } from "@infrascan/core";
import { minimatch } from "minimatch";
async function generateEdgesForS3BackedDistributions(connector) {
  const cloudfrontS3Edges = [];
  const cloudfrontDistributionsState = await connector.getGlobalStateForServiceFunction(
    "CloudFront",
    "ListDistributions"
  );
  const cloudfrontDistributions = cloudfrontDistributionsState.flatMap(({ _result }) => _result.DistributionList?.Items).filter((distribution) => distribution != null);
  const S3State = await connector.getGlobalStateForServiceFunction("S3", "ListBuckets");
  for (const distribution of cloudfrontDistributions) {
    if (!distribution?.ARN) {
      continue;
    }
    const distributionItems = distribution?.Origins?.Items;
    distributionItems?.forEach((distributionOrigin) => {
      const hasS3Domain = distributionOrigin?.DomainName?.endsWith(".s3.amazonaws.com") || minimatch(distributionOrigin?.DomainName ?? "", "*.s3.*.amazonaws.com");
      if (!hasS3Domain) {
        console.log(
          distributionOrigin?.DomainName,
          minimatch(
            distributionOrigin?.DomainName ?? "",
            "*.s3.*.amazonaws.com"
          )
        );
        return;
      }
      const bucketName = distributionOrigin?.DomainName?.split(
        "."
      ).shift();
      const relevantS3Bucket = S3State.find(
        ({ _result }) => _result.Buckets?.find((bucket) => bucket.Name)
      );
      if (relevantS3Bucket) {
        const distroTarget = {
          name: `${bucketName} Distribution`,
          target: formatS3NodeId(bucketName)
        };
        cloudfrontS3Edges.push(
          formatEdge(distribution?.ARN, distroTarget)
        );
      }
    });
  }
  return cloudfrontS3Edges;
}
async function getEdges(connector) {
  return generateEdgesForS3BackedDistributions(connector);
}
export {
  getEdges
};