⭐️ AWS: Auto Scaling Groups tag propagation property (#6363)

Author: florinutz

providers/aws/resources/aws.lr

@@ -1211,6 +1211,8 @@ private aws.autoscaling.group @defaults("name region minSize maxSize") {
   healthCheckType string
   // Tags for the asg
   tags map[string]string
+  // Full tag properties
+  tagSpecifications []aws.autoscaling.group.tag
   // Region of the Auto Scaling group
   region string
   // Minimum number of instances to scale down to
@@ -1239,6 +1241,20 @@ private aws.autoscaling.group @defaults("name region minSize maxSize") {
   instances() []aws.ec2.instance
 }
 
+// AWS Auto Scaling group tag
+private aws.autoscaling.group.tag @defaults("key value propagateAtLaunch") {
+  // Tag key
+  key string
+  // Tag value
+  value string
+  // Whether the tag propagates to instances launched by the ASG
+  propagateAtLaunch bool
+  // Resource ID (ASG name)
+  resourceId string
+  // Resource type (always "auto-scaling-group")
+  resourceType string
+}
+
 // AWS Elastic Load Balancing
 aws.elb {
   // List of classic load balancers

providers/aws/resources/aws.lr.go

@@ -316,13 +316,28 @@ resources:
       name: {}
       region:
         min_mondoo_version: 9.0.0
+      tagSpecifications:
+        min_mondoo_version: 9.0.0
       tags:
         min_mondoo_version: 5.16.0
     is_private: true
     min_mondoo_version: 5.15.0
     platform:
       name:
       - aws
+  aws.autoscaling.group.tag:
+    fields:
+      id: {}
+      key: {}
+      propagateAtLaunch: {}
+      resourceId: {}
+      resourceType: {}
+      value: {}
+    is_private: true
+    min_mondoo_version: 9.0.0
+    platform:
+      name:
+      - aws
   aws.backup:
     docs:
       desc: |

providers/aws/resources/aws.lr.manifest.yaml

@@ -94,7 +94,14 @@ func initAwsAutoscalingGroup(runtime *plugin.Runtime, args map[string]*llx.RawDa
 		for _, zone := range group.AvailabilityZones {
 			availabilityZones = append(availabilityZones, zone)
 		}
-		args["arn"] = llx.StringDataPtr(group.AutoScalingGroupARN)
+
+		groupArn := convert.ToValue(group.AutoScalingGroupARN)
+		tagSpecs, err := createTagSpecifications(runtime, group.Tags, groupArn)
+		if err != nil {
+			return nil, nil, err
+		}
+
+		args["arn"] = llx.StringData(groupArn)
 		args["availabilityZones"] = llx.ArrayData(availabilityZones, types.String)
 		args["capacityRebalance"] = llx.BoolDataPtr(group.CapacityRebalance)
 		args["createdAt"] = llx.TimeDataPtr(group.CreatedTime)
@@ -111,7 +118,8 @@ func initAwsAutoscalingGroup(runtime *plugin.Runtime, args map[string]*llx.RawDa
 		args["name"] = llx.StringDataPtr(group.AutoScalingGroupName)
 		args["region"] = llx.StringData(region)
 		args["tags"] = llx.MapData(autoscalingTagsToMap(group.Tags), types.String)
-		mqlGroup, err := CreateResource(runtime, "aws.autoscaling.group", args)
+		args["tagSpecifications"] = llx.ArrayData(tagSpecs, types.Resource(ResourceAwsAutoscalingGroupTag))
+		mqlGroup, err := CreateResource(runtime, ResourceAwsAutoscalingGroup, args)
 		if err != nil {
 			return args, nil, err
 		}
@@ -156,9 +164,15 @@ func (a *mqlAwsAutoscaling) getGroups(conn *connection.AwsConnection) []*jobpool
 						availabilityZones = append(availabilityZones, zone)
 					}
 
-					mqlGroup, err := CreateResource(a.MqlRuntime, "aws.autoscaling.group",
+					groupArn := convert.ToValue(group.AutoScalingGroupARN)
+					tagSpecs, err := createTagSpecifications(a.MqlRuntime, group.Tags, groupArn)
+					if err != nil {
+						return nil, err
+					}
+
+					mqlGroup, err := CreateResource(a.MqlRuntime, ResourceAwsAutoscalingGroup,
 						map[string]*llx.RawData{
-							"arn":                     llx.StringDataPtr(group.AutoScalingGroupARN),
+							"arn":                     llx.StringData(groupArn),
 							"availabilityZones":       llx.ArrayData(availabilityZones, types.String),
 							"capacityRebalance":       llx.BoolDataPtr(group.CapacityRebalance),
 							"createdAt":               llx.TimeDataPtr(group.CreatedTime),
@@ -175,6 +189,7 @@ func (a *mqlAwsAutoscaling) getGroups(conn *connection.AwsConnection) []*jobpool
 							"name":                    llx.StringDataPtr(group.AutoScalingGroupName),
 							"region":                  llx.StringData(region),
 							"tags":                    llx.MapData(autoscalingTagsToMap(group.Tags), types.String),
+							"tagSpecifications":       llx.ArrayData(tagSpecs, types.Resource(ResourceAwsAutoscalingGroupTag)),
 						})
 					if err != nil {
 						return nil, err
@@ -201,3 +216,28 @@ func autoscalingTagsToMap(tags []ec2types.TagDescription) map[string]any {
 
 	return tagsMap
 }
+
+func createTagSpecifications(runtime *plugin.Runtime, tags []ec2types.TagDescription, groupArn string) ([]any, error) {
+	tagSpecs := make([]any, 0, len(tags))
+
+	for _, tag := range tags {
+		key := convert.ToValue(tag.Key)
+		tagId := fmt.Sprintf("%s/tag/%s", groupArn, key)
+
+		mqlTag, err := CreateResource(runtime, ResourceAwsAutoscalingGroupTag,
+			map[string]*llx.RawData{
+				"__id":              llx.StringData(tagId),
+				"key":               llx.StringData(key),
+				"value":             llx.StringData(convert.ToValue(tag.Value)),
+				"propagateAtLaunch": llx.BoolDataPtr(tag.PropagateAtLaunch),
+				"resourceId":        llx.StringData(convert.ToValue(tag.ResourceId)),
+				"resourceType":      llx.StringData(convert.ToValue(tag.ResourceType)),
+			})
+		if err != nil {
+			return nil, err
+		}
+		tagSpecs = append(tagSpecs, mqlTag)
+	}
+
+	return tagSpecs, nil
+}

providers/aws/resources/aws_autoscaling.go

@@ -251,7 +251,7 @@ func (dg *mqlAwsCodedeployDeploymentGroup) autoScalingGroups() ([]any, error) {
 		// ARN construction for ASGs is a bit different, usually fetched via name
 		// We'd need a way to link to an existing aws.autoscaling.group resource.
 		// For now, returning basic info. A full resource link would require aws.autoscaling.group to be an init-able resource by name+region.
-		asgRes, err := NewResource(dg.MqlRuntime, "aws.autoscaling.group", map[string]*llx.RawData{
+		asgRes, err := NewResource(dg.MqlRuntime, ResourceAwsAutoscalingGroup, map[string]*llx.RawData{
 			"name":   llx.StringData(*asg.Name),
 			"region": llx.StringData(dg.Region.Data),
 			// ARN might need to be constructed or looked up if not directly available