@infrascan/aws-route53-scanner
Version:
Infrascan scanner definition for AWS Route53
398 lines (391 loc) • 13.7 kB
JavaScript
;
var __create = Object.create;
var __defProp = Object.defineProperty;
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
var __getOwnPropNames = Object.getOwnPropertyNames;
var __getProtoOf = Object.getPrototypeOf;
var __hasOwnProp = Object.prototype.hasOwnProperty;
var __export = (target, all) => {
for (var name in all)
__defProp(target, name, { get: all[name], enumerable: true });
};
var __copyProps = (to, from, except, desc) => {
if (from && typeof from === "object" || typeof from === "function") {
for (let key of __getOwnPropNames(from))
if (!__hasOwnProp.call(to, key) && key !== except)
__defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
}
return to;
};
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
// If the importer is in node compatibility mode or this is not an ESM
// file that has been converted to a CommonJS file using a Babel-
// compatible transform (i.e. "__esModule" has not been set), then set
// "default" to the CommonJS "module.exports" for node compatibility.
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
mod
));
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
// src/index.ts
var index_exports = {};
__export(index_exports, {
default: () => index_default
});
module.exports = __toCommonJS(index_exports);
// src/generated/client.ts
var import_client_route_53 = require("@aws-sdk/client-route-53");
var import_debug = __toESM(require("debug"));
var clientDebug = (0, import_debug.default)("route-53:client");
function getClient(credentials, context, retryStrategy) {
clientDebug("Creating instance with context", context);
return new import_client_route_53.Route53Client({
credentials,
region: context.region,
retryStrategy
});
}
// src/generated/getters.ts
var import_core = require("@infrascan/core");
var import_client_route_532 = require("@aws-sdk/client-route-53");
var import_debug2 = __toESM(require("debug"));
async function ListHostedZonesByName(client, stateConnector, context) {
const getterDebug = (0, import_debug2.default)("route-53:ListHostedZonesByName");
const state = [];
getterDebug("ListHostedZonesByName");
const preparedParams = {};
try {
const cmd = new import_client_route_532.ListHostedZonesByNameCommand(preparedParams);
const result = await client.send(cmd);
state.push({
_metadata: {
account: context.account,
region: context.region,
timestamp: Date.now()
},
_parameters: preparedParams,
_result: result
});
} catch (err) {
if (err instanceof import_client_route_532.Route53ServiceException) {
if (err?.$retryable) {
console.log("Encountered retryable error", err);
} else {
console.log("Encountered unretryable error", err);
}
} else {
console.log("Encountered unexpected error", err);
}
}
getterDebug("Recording state");
await stateConnector.onServiceScanCompleteCallback(
context.account,
context.region,
"Route53",
"ListHostedZonesByName",
state
);
}
async function ListResourceRecordSets(client, stateConnector, context) {
const getterDebug = (0, import_debug2.default)("route-53:ListResourceRecordSets");
const state = [];
getterDebug("Fetching state");
const resolvers = [
{
Key: "HostedZoneId",
Selector: "Route53|ListHostedZonesByName|[]._result.HostedZones[].Id"
}
];
const parameterQueue = await (0, import_core.resolveFunctionCallParameters)(
context.account,
context.region,
resolvers,
stateConnector
);
for (const parameters of parameterQueue) {
const preparedParams = parameters;
try {
const cmd = new import_client_route_532.ListResourceRecordSetsCommand(preparedParams);
const result = await client.send(
cmd
);
state.push({
_metadata: {
account: context.account,
region: context.region,
timestamp: Date.now()
},
_parameters: preparedParams,
_result: result
});
} catch (err) {
if (err instanceof import_client_route_532.Route53ServiceException) {
if (err?.$retryable) {
console.log("Encountered retryable error", err);
} else {
console.log("Encountered unretryable error", err);
}
} else {
console.log("Encountered unexpected error", err);
}
}
}
getterDebug("Recording state");
await stateConnector.onServiceScanCompleteCallback(
context.account,
context.region,
"Route53",
"ListResourceRecordSets",
state
);
}
// src/edges.ts
var import_core2 = require("@infrascan/core");
async function aggregateRoute53RecordsByConnectedService(route53Records) {
const aliasRecords = route53Records.filter(
({ Type, AliasTarget }) => Type === "A" && Boolean(AliasTarget)
);
const recordsByService = {
cloudfront: [],
s3: [],
apiGateway: [],
elb: []
};
aliasRecords.reduce((aliasRecordsMap, currentRecord) => {
const domain = currentRecord.AliasTarget?.DNSName;
if (domain == null) {
return aliasRecordsMap;
}
if (domain.includes(".cloudfront.net.")) {
aliasRecordsMap.cloudfront.push(currentRecord);
} else if (domain.includes(".elb.amazonaws.com.")) {
aliasRecordsMap.elb.push(currentRecord);
} else if (/\.execute-api\.\w+\.amazonaws.com\.$/.test(domain)) {
aliasRecordsMap.apiGateway.push(currentRecord);
} else if (/s3-website-\w+\.amazonaws.com\.$/.test(domain)) {
aliasRecordsMap.s3.push(currentRecord);
}
return aliasRecordsMap;
}, recordsByService);
const standardDnsRecords = route53Records.filter(
({ Type, AliasTarget }) => Type === "CNAME" && AliasTarget == null
);
for (const standardDnsRecord of standardDnsRecords) {
const resourceRecords = standardDnsRecord.ResourceRecords;
if (resourceRecords != null && resourceRecords.length > 0) {
resourceRecords.forEach((resourceRecord) => {
if (resourceRecord.Value == null) {
return;
}
if (resourceRecord.Value.includes(".cloudfront.net")) {
recordsByService.cloudfront.push(standardDnsRecord);
} else if (resourceRecord.Value.includes(".elb.amazonaws.com")) {
recordsByService.elb.push(standardDnsRecord);
} else if (/\.execute-api\.\w+\.amazonaws.com$/.test(resourceRecord.Value)) {
recordsByService.apiGateway.push(standardDnsRecord);
} else if (/s3-website-\w+\.amazonaws.com$/.test(resourceRecord.Value)) {
recordsByService.s3.push(standardDnsRecord);
}
});
}
}
return recordsByService;
}
async function resolveCloudfrontEdges(cloudfrontConnectedDomains, stateConnector) {
const cloudfrontState = await (0, import_core2.evaluateSelectorGlobally)(
"CloudFront|ListDistributions|[]",
stateConnector
);
const cloudfrontRecords = cloudfrontState.flatMap(({ _result }) => _result?.DistributionList?.Items).filter(
(distributionSummary) => distributionSummary != null
);
return cloudfrontConnectedDomains.map(({ Name, AliasTarget }) => {
const target = cloudfrontRecords.find(
({ DomainName }) => `${DomainName}.` === AliasTarget?.DNSName
);
if (target?.ARN && Name) {
return (0, import_core2.formatEdge)(Name, { name: Name, target: target.ARN });
}
return null;
}).filter((edge) => edge != null);
}
async function resolveS3Edges(s3ConnectedDomains, stateConnector) {
const s3State = await (0, import_core2.evaluateSelectorGlobally)(
"S3|GetBucketWebsite|[]",
stateConnector
);
return s3ConnectedDomains.map(({ Name }) => {
const s3Bucket = s3State.find(
({ _parameters }) => `${_parameters?.Bucket}.` === Name
);
if (s3Bucket && Name && s3Bucket._parameters?.Bucket) {
const formattedS3Arn = (0, import_core2.formatS3NodeId)(s3Bucket._parameters.Bucket);
return (0, import_core2.formatEdge)(Name, { name: Name, target: formattedS3Arn });
}
return null;
}).filter((edge) => edge != null);
}
async function resolveElbEdges(elbConnectedDomains, stateConnector) {
const elbState = await (0, import_core2.evaluateSelectorGlobally)(
"ElasticLoadBalancingV2|DescribeLoadBalancers|[]",
stateConnector
);
const elbs = elbState.flatMap(({ _result }) => _result.LoadBalancers).filter((lb) => Boolean(lb));
return elbConnectedDomains.map(({ Name, AliasTarget }) => {
const loadBalancer = elbs.find(
({ DNSName }) => AliasTarget?.DNSName?.endsWith(`${DNSName}.`)
);
if (loadBalancer?.LoadBalancerArn && Name) {
return (0, import_core2.formatEdge)(Name, {
name: Name,
target: loadBalancer.LoadBalancerArn
});
}
return null;
}).filter((edge) => edge != null);
}
async function resolveSnsEdges(route53Records, stateConnector) {
const snsSubscriptionState = await (0, import_core2.evaluateSelectorGlobally)(
"SNS|ListSubscriptionsByTopic|[]",
stateConnector
);
const snsSubscriptionInfo = snsSubscriptionState.flatMap(({ _result }) => _result.Subscriptions).filter((subscriptions) => Boolean(subscriptions));
const webhookSubscriptions = snsSubscriptionInfo.filter(
({ Protocol }) => Protocol?.startsWith("http")
);
return webhookSubscriptions.flatMap(({ Endpoint, TopicArn, SubscriptionArn }) => {
if (Endpoint && TopicArn) {
const parsedUrl = new URL(Endpoint);
const hostname = `${parsedUrl.host}.`;
const targetRecord = route53Records.find(
({ Name }) => Name === hostname
);
if (targetRecord?.Name && SubscriptionArn) {
return (0, import_core2.formatEdge)(TopicArn, {
name: targetRecord.Name,
target: SubscriptionArn
});
}
}
return null;
}).filter((edge) => edge != null);
}
async function getEdges(stateConnector) {
const route53State = await (0, import_core2.evaluateSelectorGlobally)(
"Route53|ListResourceRecordSets|[]",
stateConnector
);
const route53Records = route53State.flatMap(({ _result }) => _result.ResourceRecordSets).filter((recordSet) => recordSet != null);
const { cloudfront, s3, elb } = await aggregateRoute53RecordsByConnectedService(route53Records);
const cloudfrontEdges = await resolveCloudfrontEdges(
cloudfront,
stateConnector
);
const s3Edges = await resolveS3Edges(s3, stateConnector);
const elbEdges = await resolveElbEdges(elb, stateConnector);
const snsEdges = await resolveSnsEdges(route53Records, stateConnector);
return cloudfrontEdges.concat(s3Edges).concat(elbEdges).concat(snsEdges);
}
// src/graph.ts
var import_core3 = require("@infrascan/core");
var Route53RecordEntity = {
version: "0.1.0",
debugLabel: "route53-record",
provider: "aws",
command: "ListResourceRecordSets",
category: "route53",
subcategory: "record",
nodeType: "route53-record",
selector: "Route53|ListResourceRecordSets|[]",
getState(state, context) {
return (0, import_core3.evaluateSelector)(
context.account,
context.region,
Route53RecordEntity.selector,
state
);
},
translate(val) {
return (val._result.ResourceRecordSets ?? []).filter(
(record) => record.Type === "A" || record.Type === "AAAA" || record.Type === "CNAME"
).map(
(record) => Object.assign(record, {
$metadata: val._metadata,
$parameters: val._parameters
})
);
},
components: {
$metadata(val) {
return {
version: Route53RecordEntity.version,
timestamp: val.$metadata.timestamp
};
},
$graph(val) {
return {
id: val.Name,
label: val.Name,
nodeType: Route53RecordEntity.nodeType,
parent: val.$metadata.account
};
},
$source(val) {
return {
command: Route53RecordEntity.command,
parameters: val.$parameters
};
},
tenant(val) {
return {
tenantId: val.$metadata.account,
provider: Route53RecordEntity.provider,
partition: val.$metadata.partition
};
},
resource(val) {
return {
id: val.Name,
name: val.Name,
category: Route53RecordEntity.category,
subcategory: Route53RecordEntity.subcategory
};
},
dns(val) {
const domains = [];
if (val.Name) {
domains.push(val.Name);
}
return {
domains
};
},
route53(val) {
const route53Context = { ttl: val.TTL };
if (val.AliasTarget?.HostedZoneId != null || val.AliasTarget?.DNSName != null || val.AliasTarget?.EvaluateTargetHealth != null) {
route53Context.alias = {
hostedZoneId: val.AliasTarget?.HostedZoneId,
dnsName: val.AliasTarget?.DNSName,
evaluateTargetHealth: val.AliasTarget?.EvaluateTargetHealth
};
}
if (val.ResourceRecords?.length != null && val.ResourceRecords.length > 0) {
route53Context.resourceRecords = val.ResourceRecords.map(
(record) => record.Value
).filter((record) => record != null);
}
return route53Context;
}
}
};
// src/index.ts
var Route53Scanner = {
provider: "aws",
service: "route-53",
key: "Route53",
getClient,
callPerRegion: false,
getters: [ListHostedZonesByName, ListResourceRecordSets],
getEdges,
entities: [Route53RecordEntity]
};
var index_default = Route53Scanner;