Merge pull request #89 from BishopFox/aws-databases-rds-fix

Aws databases rds fix
BishopFox · Jun 4, 2024 · b02ad61 · b02ad61
2 parents 3759d2c + 0b88bca
commit b02ad61
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 4 deletions.
diff --git a/aws/databases.go b/aws/databases.go
@@ -271,6 +271,15 @@ func (m *DatabasesModule) executeRdsCheck(r string, wg *sync.WaitGroup, semaphor
 		service:      "rds",
 		executor:     m.getRdsClustersPerRegion,
 	})
+	m.executeCheck(check{
+		region:       r,
+		wg:           wg,
+		semaphore:    semaphore,
+		dataReceiver: dataReceiver,
+		serviceMap:   servicemap,
+		service:      "rds",
+		executor:     m.getRdsInstancesPerRegion,
+	})
 }
 
 func (m *DatabasesModule) executeRedshiftCheck(r string, wg *sync.WaitGroup, semaphore chan struct{}, dataReceiver chan Database, servicemap *awsservicemap.AwsServiceMap) {
@@ -395,6 +404,75 @@ func (m *DatabasesModule) getRdsClustersPerRegion(r string, wg *sync.WaitGroup,
 	}
 }
 
+func (m *DatabasesModule) getRdsInstancesPerRegion(r string, wg *sync.WaitGroup, semaphore chan struct{}, dataReceiver chan Database) {
+	defer func() {
+		m.CommandCounter.Executing--
+		m.CommandCounter.Complete++
+		wg.Done()
+
+	}()
+	semaphore <- struct{}{}
+	defer func() {
+		<-semaphore
+	}()
+	m.CommandCounter.Pending--
+	m.CommandCounter.Executing++
+
+	DBInstances, err := sdk.CachedRDSDescribeDBInstances(m.RDSClient, aws.ToString(m.Caller.Account), r)
+
+	if err != nil {
+		m.modLog.Error(err.Error())
+		m.CommandCounter.Error++
+		return
+	}
+
+	for _, instance := range DBInstances {
+		var public string
+		var service string
+		var roles string
+		if instance.Endpoint == nil {
+			continue
+		}
+
+		name := aws.ToString(instance.DBInstanceIdentifier)
+		port := instance.Endpoint.Port
+		endpoint := aws.ToString(instance.Endpoint.Address)
+		engine := aws.ToString(instance.Engine)
+
+		if aws.ToBool(instance.PubliclyAccessible) {
+			public = "True"
+		} else {
+			public = "False"
+		}
+
+		if isNeptune(instance.Engine) {
+			service = "Neptune"
+		} else if isDocDB(instance.Engine) {
+			service = "DocsDB"
+		} else {
+			service = "RDS"
+		}
+
+		associatedRoles := instance.AssociatedRoles
+		for _, role := range associatedRoles {
+			roles = roles + aws.ToString(role.RoleArn) + " "
+		}
+
+		dataReceiver <- Database{
+			AWSService: service,
+			Region:     r,
+			Name:       name,
+			Engine:     engine,
+			Endpoint:   endpoint,
+			UserName:   aws.ToString(instance.MasterUsername),
+			Port:       aws.ToInt32(port),
+			Protocol:   aws.ToString(instance.Engine),
+			Public:     public,
+			Roles:      roles,
+		}
+	}
+}
+
 func (m *DatabasesModule) getRedshiftDatabasesPerRegion(r string, wg *sync.WaitGroup, semaphore chan struct{}, dataReceiver chan Database) {
 	defer func() {
 		m.CommandCounter.Executing--

diff --git a/aws/databases_test.go b/aws/databases_test.go
@@ -42,10 +42,11 @@ func TestDatabasesCommand(t *testing.T) {
 	}
 
 	expectedResults := []string{
-		"db1.cluster-123456789012.us-west-2.rds.amazonaws.com",
-		"db2.cluster-123456789012.us-west-2.rds.amazonaws.com",
-		"db3.cluster-123456789012.us-west-2.neptune.amazonaws.com",
-		"db4.cluster-123456789012.us-west-2.docdb.amazonaws.com",
+		"db1.cluster-123456789012.us-west-2.rds.amazonaws.com", // make sure it includes the Aurora clusters
+		"db2.cluster-123456789012.us-west-2.rds.amazonaws.com", // make sure it includes the Aurora clusters
+		"db3.cluster-123456789012.us-west-2.neptune.amazonaws.com", // make sure it includes the Neptune instances
+		"db4.cluster-123456789012.us-west-2.docdb.amazonaws.com", // make sure it includes the DocumentDB instances
+		"db1-instances-1.blah.us-west-2.rds.amazonaws.com", // make sure it includes the RDS instances
 	}
 
 	for _, expected := range expectedResults {

diff --git a/aws/sdk/rds_mocks.go b/aws/sdk/rds_mocks.go
@@ -21,13 +21,21 @@ func (m *MockedRDSClient) DescribeDBInstances(ctx context.Context, input *rds.De
 				EngineVersion:        aws.String("13.3"),
 				InstanceCreateTime:   aws.Time(time.Now()),
 				MasterUsername:       aws.String("postgres"),
+				Endpoint: &rdsTypes.Endpoint{
+					Address: aws.String("db1-instances-1.blah.us-west-2.rds.amazonaws.com"),
+					Port:    aws.Int32(5432),
+				},
 			},
 			{
 				DBInstanceIdentifier: aws.String("db2"),
 				Engine:               aws.String("postgres"),
 				EngineVersion:        aws.String("13.3"),
 				InstanceCreateTime:   aws.Time(time.Now()),
 				MasterUsername:       aws.String("postgres"),
+				Endpoint: &rdsTypes.Endpoint{
+					Address: aws.String("db2-instances-1.blah.us-west-2.rds.amazonaws.com"),
+					Port:    aws.Int32(5432),
+				},
 			},
 		},
 	}, nil