bug fixes, bump version

Author: awsandy

README.md

@@ -24,7 +24,7 @@ Finally aws2tf runs a `terraform plan` command and there should hopefully be no
 + Python3 (v3.8+)
 + boto3 1.36.13 or later (pip3 install -r requirements.txt).
 + AWS cli (v2) **version 2.22.33 or higher** needs to be installed and you need a login with at least "Read" privileges.
-+ Terraform **version v1.8.5** or higher needs to be installed. (recommend you avoid early point releases eg. 1.9.0/1.9.1)
++ Terraform **version v1.10.4** or higher needs to be installed. (recommend you avoid early point releases eg. 1.9.0/1.9.1)
 + jq **version 1.6 or higher**
 
 ## Optional but recommended

code/build_lists.py

@@ -75,7 +75,7 @@ def fetch_tgw_data():
 
     def fetch_roles_data():
         try:
-            client = boto3.client('iam')
+            client = boto3.client('iam',region_name='us-east-1')
             response = []
             paginator = client.get_paginator('list_roles')
             for page in paginator.paginate():
@@ -90,7 +90,7 @@ def fetch_roles_data():
 
     def fetch_policies_data():
         try:
-            client = boto3.client('iam')
+            client = boto3.client('iam',region_name='us-east-1')
             response = []
             paginator = client.get_paginator('list_policies')
             for page in paginator.paginate(Scope='Local'):
@@ -126,7 +126,8 @@ def fetch_policies_data():
                     elif resource_type == 's3':
                         client = boto3.client('s3')
                         for _, bucket in result:
-                            #here ?    
+                            #here ? 
+                            #print("Buck from result=",bucket)   
                             try:
                                 ####### problematic call
                                 objs = client.list_objects_v2(Bucket=bucket,MaxKeys=1)      
@@ -154,7 +155,6 @@ def fetch_policies_data():
                     # Handle roles data
                     with open('imported/roles.json', 'w') as f:
                         json.dump(result, f, indent=2, default=str)
-
     # slower - 3m 29s
     ####    role attachments stuff
 
@@ -177,7 +177,7 @@ def build_secondary_lists(id=None):
         globals.tracking_message = "Stage 2 of 10, Building secondary IAM resource lists ..."
 
         def fetch_role_policies(role_name):
-            client = boto3.client('iam')
+            client = boto3.client('iam',region_name='us-east-1')
             try:
                 # Get attached policies
                 attached_policies = client.list_attached_role_policies(RoleName=role_name)

code/common.py

@@ -180,16 +180,19 @@ def call_resource(type, id):
 
             if clfn == "vpc-lattice":  getfn = getattr(eval("aws_vpc_lattice"), "get_"+type)
             elif clfn == "redshift-serverless":  getfn = getattr(eval("aws_redshift_serverless"), "get_"+type)
-            elif clfn == "s3":  getfn = getattr(eval("aws_s3"), "get_"+type)
+            elif clfn == "s3":  
+               #print("-1aa- clfn:"+clfn+" type:"+type)
+               getfn = getattr(eval("aws_s3"), "get_"+type)
             #elif clfn == "s3":  getfn = getattr(ast.literal_eval("aws_s3"), "get_"+type)
 
             else:
-               # print("-1aa- clfn:"+clfn+" type:"+type)
+               #print("-1aa- clfn:"+clfn+" type:"+type)
                mclfn = clfn.replace("-", "_")
-               # print("-1ab- mclfn:"+mclfn+" type:"+type)
+               #print("-1ab- mclfn:"+mclfn+" type:"+type)
                getfn = getattr(eval("aws_"+mclfn), "get_"+type)
                #print("-1ac- clfn:"+clfn+" type:"+type)
 
+            #print("type",type, "id",id, "clfn",clfn, "descfn",descfn, "topkey", topkey,"key",key, "filterid",filterid)   
             sr = getfn(type, id, clfn, descfn, topkey, key, filterid)
 
    except AttributeError as e:
@@ -818,7 +821,7 @@ def aws_tf(region,args):
 
    with open("provider.tf", 'w') as f3:
       f3.write('terraform {\n')
-      f3.write('  required_version = "> 1.9.5"\n')
+      f3.write('  required_version = "> 1.10.4"\n')
       f3.write('  required_providers {\n')
       f3.write('    aws = {\n')
       f3.write('      source  = "hashicorp/aws"\n')

code/fixtf.py

@@ -705,6 +705,8 @@ def deref_array(t1,tt1,tt2,ttft,prefix,skip):
 
 
 def deref_role_arn(t1,tt1,tt2):
+    if tt2 == "null" or tt2 == "[]": return t1
+
     if tt2.startswith("arn:aws:events:"): print(tt2)
 
     if tt2.startswith("arn:aws:s3:::"):
@@ -761,6 +763,7 @@ def deref_s3(t1, tt1, tt2):
 
  #if tt1 == "security_groups": t1,skip = deref_array(t1,tt1,tt2,"aws_security_group","sg-",skip)
 def deref_role_arn_array(t1,tt1,tt2):
+
     if tt2 == "null" or tt2 == "[]": return t1
     tt2=tt2.replace('"','').replace(' ','').replace('[','').replace(']','')
     cc=tt2.count(',')
@@ -844,7 +847,7 @@ def deref_elb_arn_array(t1,tt1,tt2):
 
 #### other arn derefs here
 def generic_deref_arn(t1, tt1, tt2):
-
+    print("Here",t1)
     try:
         if tt2.endswith("*"): return t1
         print("*** generic "+t1)

code/fixtf_aws_resources/fixtf_application_autoscaling.py

@@ -11,13 +11,6 @@ def aws_appautoscaling_scheduled_action(t1,tt1,tt2,flag1,flag2):
 
 def aws_appautoscaling_target(t1,tt1,tt2,flag1,flag2):
 	skip=0
-	#if tt1 == "role_arn": 
-#		if ":role/aws-service-role" in tt2:
-#			t1=fixtf.globals_replace(t1,tt1,tt2)
-#		else:
-#			if tt2 != "null":
-#				if ":" in tt2: tt2=tt2.split("/")[-1]
-#				t1=tt1 + " = aws_iam_role." + tt2 + ".arn\n"
-#				common.add_dependancy("aws_iam_role",tt2)
+
 	return skip,t1,flag1,flag2
 

code/fixtf_aws_resources/fixtf_dynamodb.py

@@ -14,6 +14,8 @@ def aws_dynamodb_kinesis_streaming_destination(t1,tt1,tt2,flag1,flag2):
 
 def aws_dynamodb_table(t1,tt1,tt2,flag1,flag2):
 	skip=0
+	if tt1=="recovery_period_in_days" and tt2=="0":
+		skip=1
 	return skip,t1,flag1,flag2
 
 def aws_dynamodb_table_item(t1,tt1,tt2,flag1,flag2):

code/fixtf_aws_resources/fixtf_ecs.py

@@ -8,8 +8,6 @@ def aws_ecs_cluster(t1,tt1,tt2,flag1,flag2):
 	if tt1 == "namespace":
 		if "arn:" in tt2: t1=fixtf.globals_replace(t1,tt1,tt2)
 
-
-
 	return skip,t1,flag1,flag2
 
 def aws_ecs_account_setting_default(t1,tt1,tt2,flag1,flag2):

code/fixtf_aws_resources/fixtf_lambda.py

@@ -35,7 +35,7 @@ def aws_lambda_function(t1,tt1,tt2,flag1,flag2):
 
         if tt2 == "null": skip=1
 
-
+    ###### layers code
     elif tt1 == "layers" and tt2!="[]":
         if tt2 != "null" and "arn:" in tt2:
             cc=tt2.count(',')
@@ -49,28 +49,31 @@ def aws_lambda_function(t1,tt1,tt2,flag1,flag2):
             for i in range(cc+1):
                 subn=tt2.split(',')[i]
                 subn=subn.strip(" ").lstrip('"').rstrip('"').strip(" ")
-
-                tarn=subn.replace("/","_").replace(".","_").replace(":","_").replace("|","_").replace("$","_").replace(",","_").replace("&","_").replace("#","_").replace("[","_").replace("]","_").replace("=","_").replace("!","_").replace(";","_")
-                common.add_dependancy("aws_lambda_layer_version",subn)
-                builds=builds+"aws_lambda_layer_version."+tarn+".arn,"
+                if globals.acc in subn:
+                    tarn=subn.replace("/","_").replace(".","_").replace(":","_").replace("|","_").replace("$","_").replace(",","_").replace("&","_").replace("#","_").replace("[","_").replace("]","_").replace("=","_").replace("!","_").replace(";","_")
+                    common.add_dependancy("aws_lambda_layer_version",subn)
+                    builds=builds+"aws_lambda_layer_version."+tarn+".arn,"
+                else:
+                    builds=builds+"\""+subn+"\", "
 
             if builds.endswith(','):
                 builds=builds.rstrip(',')
             t1 = tt1+" = ["+builds+"]\n"
 
         elif cc == 0:
-            tt2=tt2.lstrip('"').rstrip('"')
-            larn=tt2.split(":")[:-1]
-            myarn=""
-            for ta in larn:
-                myarn=myarn+ta+":"
-              
-            myarn=myarn.rstrip(":")
-            tarn=tt2.replace("/","_").replace(".","_").replace(":","_").replace("|","_").replace("$","_").replace(",","_").replace("&","_").replace("#","_").replace("[","_").replace("]","_").replace("=","_").replace("!","_").replace(";","_")
-            # test we can get at it before sub
-            
-            t1 = tt1+" = [aws_lambda_layer_version."+tarn+ ".arn]\n"
-            common.add_dependancy("aws_lambda_layer_version",tt2)
+            if globals.acc in tt2:  
+                tt2=tt2.lstrip('"').rstrip('"')
+                larn=tt2.split(":")[:-1]
+                myarn=""
+                for ta in larn:
+                    myarn=myarn+ta+":"
+                
+                myarn=myarn.rstrip(":")
+                tarn=tt2.replace("/","_").replace(".","_").replace(":","_").replace("|","_").replace("$","_").replace(",","_").replace("&","_").replace("#","_").replace("[","_").replace("]","_").replace("=","_").replace("!","_").replace(";","_")
+                # test we can get at it before sub
+                
+                t1 = tt1+" = [aws_lambda_layer_version."+tarn+ ".arn]\n"
+                common.add_dependancy("aws_lambda_layer_version",tt2)
 
     return skip,t1,flag1,flag2
 

code/fixtf_aws_resources/fixtf_networkmanager.py

@@ -1,4 +1,5 @@
 import common
+import globals
 
 def aws_networkmanager_attachment_accepter(t1,tt1,tt2,flag1,flag2):
 	skip=0
@@ -97,9 +98,11 @@ def aws_networkmanager_transit_gateway_registration(t1,tt1,tt2,flag1,flag2):
 	if tt1=="global_network_id" and tt2 !="null":
 		t1=tt1+" = aws_networkmanager_global_network."+tt2+".id\n"
 	elif tt1=="transit_gateway_arn" and tt2 !="null":
-		tgid=tt2.split("/")[-1]
-		t1=tt1+" = aws_ec2_transit_gateway."+tgid+".arn\n"
-		common.add_dependancy("aws_ec2_transit_gateway",tgid)
+		if tt2.startswith("arn:"):
+			tgid=tt2.split("/")[-1]
+			if tgid in str(globals.tgwlist.keys()):
+				t1=tt1+" = aws_ec2_transit_gateway."+tgid+".arn\n"
+				common.add_dependancy("aws_ec2_transit_gateway",tgid)
 	return skip,t1,flag1,flag2
 
 def aws_networkmanager_transit_gateway_route_table_attachment(t1,tt1,tt2,flag1,flag2):

code/get_aws_resources/aws_iam.py

@@ -287,7 +287,8 @@ def get_aws_iam_role(type,id,clfn,descfn,topkey,key,filterid):
 
 
     try:
-        client = boto3.client(clfn)
+        # hardcode to us-east-1 for iam
+        client = boto3.client(clfn,region_name='us-east-1')
         response = []
         if id is None: