@infrascan/aws-route53-scanner/dist/edges.mjs

Infrascan scanner definition for AWS Route53

// src/edges.ts
import {
  evaluateSelectorGlobally,
  formatEdge,
  formatS3NodeId
} from "@infrascan/core";
async function aggregateRoute53RecordsByConnectedService(route53Records) {
  const aliasRecords = route53Records.filter(
    ({ Type, AliasTarget }) => Type === "A" && Boolean(AliasTarget)
  );
  const recordsByService = {
    cloudfront: [],
    s3: [],
    apiGateway: [],
    elb: []
  };
  aliasRecords.reduce((aliasRecordsMap, currentRecord) => {
    const domain = currentRecord.AliasTarget?.DNSName;
    if (domain == null) {
      return aliasRecordsMap;
    }
    if (domain.includes(".cloudfront.net.")) {
      aliasRecordsMap.cloudfront.push(currentRecord);
    } else if (domain.includes(".elb.amazonaws.com.")) {
      aliasRecordsMap.elb.push(currentRecord);
    } else if (/\.execute-api\.\w+\.amazonaws.com\.$/.test(domain)) {
      aliasRecordsMap.apiGateway.push(currentRecord);
    } else if (/s3-website-\w+\.amazonaws.com\.$/.test(domain)) {
      aliasRecordsMap.s3.push(currentRecord);
    }
    return aliasRecordsMap;
  }, recordsByService);
  const standardDnsRecords = route53Records.filter(
    ({ Type, AliasTarget }) => Type === "CNAME" && AliasTarget == null
  );
  for (const standardDnsRecord of standardDnsRecords) {
    const resourceRecords = standardDnsRecord.ResourceRecords;
    if (resourceRecords != null && resourceRecords.length > 0) {
      resourceRecords.forEach((resourceRecord) => {
        if (resourceRecord.Value == null) {
          return;
        }
        if (resourceRecord.Value.includes(".cloudfront.net")) {
          recordsByService.cloudfront.push(standardDnsRecord);
        } else if (resourceRecord.Value.includes(".elb.amazonaws.com")) {
          recordsByService.elb.push(standardDnsRecord);
        } else if (/\.execute-api\.\w+\.amazonaws.com$/.test(resourceRecord.Value)) {
          recordsByService.apiGateway.push(standardDnsRecord);
        } else if (/s3-website-\w+\.amazonaws.com$/.test(resourceRecord.Value)) {
          recordsByService.s3.push(standardDnsRecord);
        }
      });
    }
  }
  return recordsByService;
}
async function resolveCloudfrontEdges(cloudfrontConnectedDomains, stateConnector) {
  const cloudfrontState = await evaluateSelectorGlobally(
    "CloudFront|ListDistributions|[]",
    stateConnector
  );
  const cloudfrontRecords = cloudfrontState.flatMap(({ _result }) => _result?.DistributionList?.Items).filter(
    (distributionSummary) => distributionSummary != null
  );
  return cloudfrontConnectedDomains.map(({ Name, AliasTarget }) => {
    const target = cloudfrontRecords.find(
      ({ DomainName }) => `${DomainName}.` === AliasTarget?.DNSName
    );
    if (target?.ARN && Name) {
      return formatEdge(Name, { name: Name, target: target.ARN });
    }
    return null;
  }).filter((edge) => edge != null);
}
async function resolveS3Edges(s3ConnectedDomains, stateConnector) {
  const s3State = await evaluateSelectorGlobally(
    "S3|GetBucketWebsite|[]",
    stateConnector
  );
  return s3ConnectedDomains.map(({ Name }) => {
    const s3Bucket = s3State.find(
      ({ _parameters }) => `${_parameters?.Bucket}.` === Name
    );
    if (s3Bucket && Name && s3Bucket._parameters?.Bucket) {
      const formattedS3Arn = formatS3NodeId(s3Bucket._parameters.Bucket);
      return formatEdge(Name, { name: Name, target: formattedS3Arn });
    }
    return null;
  }).filter((edge) => edge != null);
}
async function resolveElbEdges(elbConnectedDomains, stateConnector) {
  const elbState = await evaluateSelectorGlobally(
    "ElasticLoadBalancingV2|DescribeLoadBalancers|[]",
    stateConnector
  );
  const elbs = elbState.flatMap(({ _result }) => _result.LoadBalancers).filter((lb) => Boolean(lb));
  return elbConnectedDomains.map(({ Name, AliasTarget }) => {
    const loadBalancer = elbs.find(
      ({ DNSName }) => AliasTarget?.DNSName?.endsWith(`${DNSName}.`)
    );
    if (loadBalancer?.LoadBalancerArn && Name) {
      return formatEdge(Name, {
        name: Name,
        target: loadBalancer.LoadBalancerArn
      });
    }
    return null;
  }).filter((edge) => edge != null);
}
async function resolveSnsEdges(route53Records, stateConnector) {
  const snsSubscriptionState = await evaluateSelectorGlobally(
    "SNS|ListSubscriptionsByTopic|[]",
    stateConnector
  );
  const snsSubscriptionInfo = snsSubscriptionState.flatMap(({ _result }) => _result.Subscriptions).filter((subscriptions) => Boolean(subscriptions));
  const webhookSubscriptions = snsSubscriptionInfo.filter(
    ({ Protocol }) => Protocol?.startsWith("http")
  );
  return webhookSubscriptions.flatMap(({ Endpoint, TopicArn, SubscriptionArn }) => {
    if (Endpoint && TopicArn) {
      const parsedUrl = new URL(Endpoint);
      const hostname = `${parsedUrl.host}.`;
      const targetRecord = route53Records.find(
        ({ Name }) => Name === hostname
      );
      if (targetRecord?.Name && SubscriptionArn) {
        return formatEdge(TopicArn, {
          name: targetRecord.Name,
          target: SubscriptionArn
        });
      }
    }
    return null;
  }).filter((edge) => edge != null);
}
async function getEdges(stateConnector) {
  const route53State = await evaluateSelectorGlobally(
    "Route53|ListResourceRecordSets|[]",
    stateConnector
  );
  const route53Records = route53State.flatMap(({ _result }) => _result.ResourceRecordSets).filter((recordSet) => recordSet != null);
  const { cloudfront, s3, elb } = await aggregateRoute53RecordsByConnectedService(route53Records);
  const cloudfrontEdges = await resolveCloudfrontEdges(
    cloudfront,
    stateConnector
  );
  const s3Edges = await resolveS3Edges(s3, stateConnector);
  const elbEdges = await resolveElbEdges(elb, stateConnector);
  const snsEdges = await resolveSnsEdges(route53Records, stateConnector);
  return cloudfrontEdges.concat(s3Edges).concat(elbEdges).concat(snsEdges);
}
export {
  aggregateRoute53RecordsByConnectedService,
  getEdges,
  resolveCloudfrontEdges,
  resolveElbEdges,
  resolveS3Edges,
  resolveSnsEdges
};