Add 2 new AWS fields necessary for writing additional checks (#6673)

tas50 · web-flow · commit 01a3582590c5 · 2026-02-24T19:53:59.000+02:00
These are blocking 2 new checks in the AWS policy

Signed-off-by: Tim Smith &lt;tsmith84@gmail.com&gt;
diff --git a/providers/aws/resources/aws.lr b/providers/aws/resources/aws.lr
@@ -1952,6 +1952,8 @@ private aws.ecs.cluster @defaults("name region status runningTasksCount pendingT
   registeredContainerInstancesCount int
   // Configuration for the cluster
   configuration dict
+  // Cluster settings (e.g., Container Insights)
+  settings map[string]string
   // Status of the cluster
   status string
   // List of AWS ECS task definitions
@@ -4094,6 +4096,8 @@ private aws.ec2.networkacl.entry @defaults("id egress ruleAction cidrBlock portR
   ruleAction string
   // Rule number
   ruleNumber int
+  // Protocol number (-1 for all, 6 for TCP, 17 for UDP)
+  protocol string
   // Port range for the ACL entry
   portRange() aws.ec2.networkacl.entry.portrange
   // CIDR block for the ACL entry
diff --git a/providers/aws/resources/aws.lr.go b/providers/aws/resources/aws.lr.go
diff --git a/providers/aws/resources/aws.lr.versions b/providers/aws/resources/aws.lr.versions
@@ -598,6 +598,7 @@ aws.ec2.networkacl.entry.portrange 9.0.0
 aws.ec2.networkacl.entry.portrange.from 9.0.0
 aws.ec2.networkacl.entry.portrange.id 9.0.0
 aws.ec2.networkacl.entry.portrange.to 9.0.0
+aws.ec2.networkacl.entry.protocol 11.12.3
 aws.ec2.networkacl.entry.ruleAction 9.0.0
 aws.ec2.networkacl.entry.ruleNumber 9.1.8
 aws.ec2.networkacl.id 9.0.0
@@ -723,6 +724,7 @@ aws.ecs.cluster.region 9.0.0
 aws.ecs.cluster.registeredContainerInstancesCount 9.0.0
 aws.ecs.cluster.runningTasksCount 9.0.0
 aws.ecs.cluster.services 11.5.114
+aws.ecs.cluster.settings 11.12.3
 aws.ecs.cluster.status 9.0.0
 aws.ecs.cluster.tags 9.0.0
 aws.ecs.cluster.tasks 9.0.0
diff --git a/providers/aws/resources/aws_ec2.go b/providers/aws/resources/aws_ec2.go
@@ -357,6 +357,7 @@ func (a *mqlAwsEc2Networkacl) entries() ([]any, error) {
 			"egress":        llx.BoolData(egress),
 			"ruleAction":    llx.StringData(string(entry.RuleAction)),
 			"ruleNumber":    llx.IntDataDefault(entry.RuleNumber, 0),
+			"protocol":      llx.StringDataPtr(entry.Protocol),
 			"cidrBlock":     llx.StringDataPtr(entry.CidrBlock),
 			"ipv6CidrBlock": llx.StringDataPtr(entry.Ipv6CidrBlock),
 			"id":            llx.StringData(entryId),
diff --git a/providers/aws/resources/aws_ecs.go b/providers/aws/resources/aws_ecs.go
@@ -177,7 +177,7 @@ func initAwsEcsCluster(runtime *plugin.Runtime, args map[string]*llx.RawData) (m
 
 	svc := conn.Ecs(region)
 	ctx := context.Background()
-	clusterDetails, err := svc.DescribeClusters(ctx, &ecs.DescribeClustersInput{Clusters: []string{a}, Include: []ecstypes.ClusterField{ecstypes.ClusterFieldConfigurations, ecstypes.ClusterFieldTags}})
+	clusterDetails, err := svc.DescribeClusters(ctx, &ecs.DescribeClustersInput{Clusters: []string{a}, Include: []ecstypes.ClusterField{ecstypes.ClusterFieldConfigurations, ecstypes.ClusterFieldSettings, ecstypes.ClusterFieldTags}})
 	if err != nil {
 		return nil, nil, err
 	}
@@ -198,6 +198,13 @@ func initAwsEcsCluster(runtime *plugin.Runtime, args map[string]*llx.RawData) (m
 	args["runningTasksCount"] = llx.IntData(int64(c.RunningTasksCount))
 	args["status"] = llx.StringDataPtr(c.Status)
 	args["tags"] = llx.MapData(ecsTagsToMap(c.Tags), types.String)
+	settingsMap := make(map[string]any)
+	for _, s := range c.Settings {
+		if s.Value != nil {
+			settingsMap[string(s.Name)] = *s.Value
+		}
+	}
+	args["settings"] = llx.MapData(settingsMap, types.String)
 	return args, nil, nil
 }
 
