From bf76ff8b4d961dc463b5da5cc2531bd42e3c8926 Mon Sep 17 00:00:00 2001 From: Preslav Date: Wed, 13 Nov 2024 09:50:10 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Assign=20SSM=20connection=20if?= =?UTF-8?q?=20available=20to=20ec2=20instances.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Preslav --- .../aws/resources/discovery_conversion.go | 29 ++++++++++--------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/providers/aws/resources/discovery_conversion.go b/providers/aws/resources/discovery_conversion.go index 70a4d77d5..2ab30794a 100644 --- a/providers/aws/resources/discovery_conversion.go +++ b/providers/aws/resources/discovery_conversion.go @@ -34,6 +34,7 @@ const ( MondooContainerNameLabelKey = "mondoo.com/container-name" MondooClusterNameLabelKey = "mondoo.com/cluster-name" MondooTaskArnLabelKey = "mondoo.com/task-arn" + MondooSsmConnection = "mondoo.com/ssm-connection" ) type mqlObject struct { @@ -305,14 +306,13 @@ func addConnectionInfoToEc2Asset(instance *mqlAwsEc2Instance, accountId string, info.image = &instance.GetImage().Data.Id.Data } addMondooLabels(info, asset) - + imageName := "" + if instance.GetImage().Data != nil { + imageName = instance.GetImage().Data.Name.Data + } + probableUsername := getProbableUsernameFromImageName(imageName) // if there is a public ip & it is running, we assume ssh is an option if instance.PublicIp.Data != "" && instance.State.Data == string(types.InstanceStateNameRunning) { - imageName := "" - if instance.GetImage().Data != nil { - imageName = instance.GetImage().Data.Name.Data - } - probableUsername := getProbableUsernameFromImageName(imageName) asset.Connections = []*inventory.Config{{ Type: "ssh", Host: instance.PublicIp.Data, @@ -330,14 +330,15 @@ func addConnectionInfoToEc2Asset(instance *mqlAwsEc2Instance, accountId string, "instance": instance.InstanceId.Data, }, }} - if instance.GetSsm() != nil && instance.GetSsm().Data != nil && len(instance.GetSsm().Data.(map[string]interface{})["InstanceInformationList"].([]interface{})) > 0 { - if instance.GetSsm().Data.(map[string]interface{})["InstanceInformationList"].([]interface{})[0].(map[string]interface{})["PingStatus"] == "Online" { - asset.Connections[0].Credentials = append(asset.Connections[0].Credentials, &vault.Credential{ - User: probableUsername, - Type: vault.CredentialType_aws_ec2_ssm_session, - }) - asset.Labels["mondoo.com/ssm-connection"] = "Online" - } + } + // if the ssm agent indicates it is online, we assume ssm is an option + if instance.GetSsm() != nil && instance.GetSsm().Data != nil && len(instance.GetSsm().Data.(map[string]interface{})["InstanceInformationList"].([]interface{})) > 0 { + if instance.GetSsm().Data.(map[string]interface{})["InstanceInformationList"].([]interface{})[0].(map[string]interface{})["PingStatus"] == "Online" { + asset.Connections[0].Credentials = append(asset.Connections[0].Credentials, &vault.Credential{ + User: probableUsername, + Type: vault.CredentialType_aws_ec2_ssm_session, + }) + asset.Labels[MondooSsmConnection] = "Online" } } return asset