Skip to content

⭐ Add Bedrock, Control Tower, Security Lake, Verified Access, Private CA resources #7136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tas50 merged 7 commits into from
Apr 10, 2026
Merged

⭐ Add Bedrock, Control Tower, Security Lake, Verified Access, Private CA resources #7136

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
0b4f257
⭐ Add aws.bedrock, aws.controltower, aws.securitylake, aws.verifiedac…
tas50 Apr 9, 2026
3c54ba4
🐛 Add missing service-availability checks and fix log levels
tas50 Apr 9, 2026
9c568eb
fix spellcheck failure
tas50 Apr 9, 2026
77604f3
🐛 Fix foundation model duplicates and privateca tags N+1
tas50 Apr 9, 2026
a7c7218
🐛 Fix error handling, KMS key resolution, and typed security groups
tas50 Apr 10, 2026
ada6912
🧹 Address review comments: driftStatus as dict, use NewSecurityGroupArn
tas50 Apr 10, 2026
6aecb36
🐛 Fix service-availability errors and timestamp parsing for new resou…
tas50 Apr 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .github/actions/spelling/expect.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ ciscocatalyst
clcerts
chokepoint
cloudflare
claude
Clusterwide
cmdline
cmek
Expand All @@ -50,6 +51,7 @@ cname
compressratio
cooldown
cpe
crowdstrike
cryptokey
ctx
customresources
Expand Down Expand Up @@ -136,6 +138,7 @@ ipsetforwardedipconfig
ipsetreferencestatement
istio
jira
jamf
jsonbody
junos
kerberoastable
Expand Down Expand Up @@ -224,6 +227,7 @@ posix
postgre
POWERUSER
priorityclass
privateca
processingjob
psc
PTn
Expand Down Expand Up @@ -289,6 +293,7 @@ targetgroup
tde
testutils
tgw
throughputs
timestream
toplevel
toport
Expand All @@ -306,6 +311,7 @@ Utc
valkey
VAULTNAME
Vcpus
verifiedaccess
vdcs
vdev
vertexai
Expand Down
2 changes: 1 addition & 1 deletion .github/actions/spelling/line_forbidden.patterns
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -387,7 +387,7 @@

# s.b. CrowdStrike
\bCrowd Strike\b
\b[Cc]rowdstrike\b
# \b[Cc]rowdstrike\b # false positive with enum in aws provider

# s.b. Zendesk
\bZenDesk\b
Expand Down
2 changes: 1 addition & 1 deletion providers/aws/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ import (
var Config = plugin.Provider{
Name: "aws",
ID: "go.mondoo.com/cnquery/v9/providers/aws",
Version: "13.9.0",
Version: "13.10.0",
ConnectionTypes: []string{provider.DefaultConnectionType, string(awsec2ebsconn.EBSConnectionType)},
Connectors: []plugin.Connector{
{
Expand Down
72 changes: 72 additions & 0 deletions providers/aws/connection/clients.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"github.com/aws/aws-sdk-go-v2/service/accessanalyzer"
"github.com/aws/aws-sdk-go-v2/service/account"
"github.com/aws/aws-sdk-go-v2/service/acm"
"github.com/aws/aws-sdk-go-v2/service/acmpca"
"github.com/aws/aws-sdk-go-v2/service/apigateway"
"github.com/aws/aws-sdk-go-v2/service/applicationautoscaling"
"github.com/aws/aws-sdk-go-v2/service/appmesh"
Expand All @@ -17,6 +18,7 @@ import (
"github.com/aws/aws-sdk-go-v2/service/autoscaling"
"github.com/aws/aws-sdk-go-v2/service/backup"
"github.com/aws/aws-sdk-go-v2/service/batch"
"github.com/aws/aws-sdk-go-v2/service/bedrock"
"github.com/aws/aws-sdk-go-v2/service/cloudformation"
"github.com/aws/aws-sdk-go-v2/service/cloudfront"
"github.com/aws/aws-sdk-go-v2/service/cloudtrail"
Expand All @@ -27,6 +29,7 @@ import (
"github.com/aws/aws-sdk-go-v2/service/cognitoidentity"
"github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider"
"github.com/aws/aws-sdk-go-v2/service/configservice"
"github.com/aws/aws-sdk-go-v2/service/controltower"
"github.com/aws/aws-sdk-go-v2/service/databasemigrationservice"
"github.com/aws/aws-sdk-go-v2/service/dax"
"github.com/aws/aws-sdk-go-v2/service/directoryservice"
Expand Down Expand Up @@ -77,6 +80,7 @@ import (
"github.com/aws/aws-sdk-go-v2/service/scheduler"
"github.com/aws/aws-sdk-go-v2/service/secretsmanager"
"github.com/aws/aws-sdk-go-v2/service/securityhub"
"github.com/aws/aws-sdk-go-v2/service/securitylake"
"github.com/aws/aws-sdk-go-v2/service/sfn"
"github.com/aws/aws-sdk-go-v2/service/shield"
"github.com/aws/aws-sdk-go-v2/service/sns"
Expand Down Expand Up @@ -2057,3 +2061,71 @@ func (t *AwsConnection) SsoAdmin(region string) *ssoadmin.Client {
t.clientcache.Store(cacheVal, &CacheEntry{Data: client})
return client
}

func (t *AwsConnection) Acmpca(region string) *acmpca.Client {
if len(region) == 0 {
region = t.cfg.Region
}
cacheVal := "_acmpca_" + region
c, ok := t.clientcache.Load(cacheVal)
if ok {
log.Debug().Msg("use cached acmpca client")
return c.Data.(*acmpca.Client)
}
cfg := t.cfg.Copy()
cfg.Region = region
client := acmpca.NewFromConfig(cfg)
t.clientcache.Store(cacheVal, &CacheEntry{Data: client})
return client
}

func (t *AwsConnection) Bedrock(region string) *bedrock.Client {
if len(region) == 0 {
region = t.cfg.Region
}
cacheVal := "_bedrock_" + region
c, ok := t.clientcache.Load(cacheVal)
if ok {
log.Debug().Msg("use cached bedrock client")
return c.Data.(*bedrock.Client)
}
cfg := t.cfg.Copy()
cfg.Region = region
client := bedrock.NewFromConfig(cfg)
t.clientcache.Store(cacheVal, &CacheEntry{Data: client})
return client
}

func (t *AwsConnection) Controltower(region string) *controltower.Client {
if len(region) == 0 {
region = t.cfg.Region
}
cacheVal := "_controltower_" + region
c, ok := t.clientcache.Load(cacheVal)
if ok {
log.Debug().Msg("use cached controltower client")
return c.Data.(*controltower.Client)
}
cfg := t.cfg.Copy()
cfg.Region = region
client := controltower.NewFromConfig(cfg)
t.clientcache.Store(cacheVal, &CacheEntry{Data: client})
return client
}

func (t *AwsConnection) Securitylake(region string) *securitylake.Client {
if len(region) == 0 {
region = t.cfg.Region
}
cacheVal := "_securitylake_" + region
c, ok := t.clientcache.Load(cacheVal)
if ok {
log.Debug().Msg("use cached securitylake client")
return c.Data.(*securitylake.Client)
}
cfg := t.cfg.Copy()
cfg.Region = region
client := securitylake.NewFromConfig(cfg)
t.clientcache.Store(cacheVal, &CacheEntry{Data: client})
return client
}
4 changes: 4 additions & 0 deletions providers/aws/connection/connection.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,10 @@ func (p *AwsConnection) AccountId() string {
return p.accountId
}

func (p *AwsConnection) Region() string {
return p.cfg.Region
}

func parseFlagsForConnectionOptions(m map[string]string, creds []*vault.Credential) []ConnectionOption {
o := make([]ConnectionOption, 0)
if apiEndpoint, ok := m["endpoint-url"]; ok {
Expand Down
4 changes: 4 additions & 0 deletions providers/aws/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ require (
github.com/aws/aws-sdk-go-v2/service/accessanalyzer v1.47.0
github.com/aws/aws-sdk-go-v2/service/account v1.30.5
github.com/aws/aws-sdk-go-v2/service/acm v1.38.1
github.com/aws/aws-sdk-go-v2/service/acmpca v1.46.12
github.com/aws/aws-sdk-go-v2/service/apigateway v1.39.1
github.com/aws/aws-sdk-go-v2/service/applicationautoscaling v1.41.14
github.com/aws/aws-sdk-go-v2/service/appmesh v1.35.12
Expand All @@ -20,6 +21,7 @@ require (
github.com/aws/aws-sdk-go-v2/service/autoscaling v1.65.0
github.com/aws/aws-sdk-go-v2/service/backup v1.55.0
github.com/aws/aws-sdk-go-v2/service/batch v1.63.2
github.com/aws/aws-sdk-go-v2/service/bedrock v1.59.0
github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.9
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.61.0
github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.9
Expand All @@ -30,6 +32,7 @@ require (
github.com/aws/aws-sdk-go-v2/service/cognitoidentity v1.33.22
github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.59.3
github.com/aws/aws-sdk-go-v2/service/configservice v1.62.1
github.com/aws/aws-sdk-go-v2/service/controltower v1.28.9
github.com/aws/aws-sdk-go-v2/service/databasemigrationservice v1.62.0
github.com/aws/aws-sdk-go-v2/service/dax v1.29.16
github.com/aws/aws-sdk-go-v2/service/directoryservice v1.38.16
Expand Down Expand Up @@ -80,6 +83,7 @@ require (
github.com/aws/aws-sdk-go-v2/service/scheduler v1.17.22
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.5
github.com/aws/aws-sdk-go-v2/service/securityhub v1.68.3
github.com/aws/aws-sdk-go-v2/service/securitylake v1.25.13
github.com/aws/aws-sdk-go-v2/service/sfn v1.40.10
github.com/aws/aws-sdk-go-v2/service/shield v1.34.21
github.com/aws/aws-sdk-go-v2/service/sns v1.39.15
Expand Down
8 changes: 8 additions & 0 deletions providers/aws/go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,8 @@ github.com/aws/aws-sdk-go-v2/service/account v1.30.5 h1:mBCX+sC+HpY0uvgGjBKlUaRo
github.com/aws/aws-sdk-go-v2/service/account v1.30.5/go.mod h1:0Yr7MY5U8hHfqLWVyzcs+MrkmcVlNqgXijaK3ryIHLc=
github.com/aws/aws-sdk-go-v2/service/acm v1.38.1 h1:41vgMbK0HvVfv5+549nVLMDWIsWFP/0FNAYDos5lKGA=
github.com/aws/aws-sdk-go-v2/service/acm v1.38.1/go.mod h1:0XoAyD03Stvqf8e/vVCk/1FP2aaF+xUluP7K9MrHWcQ=
github.com/aws/aws-sdk-go-v2/service/acmpca v1.46.12 h1:jnLzSmGRlTl7SYhecRKMgeKeg8lkCkOzRLT1B3GSpSY=
github.com/aws/aws-sdk-go-v2/service/acmpca v1.46.12/go.mod h1:6o9TY7hinjyo61EUZSJN9IX+IcKe3DDjbTyFcH8GxlI=
github.com/aws/aws-sdk-go-v2/service/apigateway v1.39.1 h1:r3dXvi6tMfv4D48pyantOgDL48ifV6Ibj1eU1ca0C3k=
github.com/aws/aws-sdk-go-v2/service/apigateway v1.39.1/go.mod h1:nhYOLBwQu7P3ckR+L4gZkY0DT0nAhrQuZkI51jR1vTE=
github.com/aws/aws-sdk-go-v2/service/applicationautoscaling v1.41.14 h1:0aYQ2UaSB1ccXZXUQ4a5XanrHEykKNzMLFgLEDhf8PU=
Expand All @@ -187,6 +189,8 @@ github.com/aws/aws-sdk-go-v2/service/backup v1.55.0 h1:p/1UY5ijuHkzGNTmRyvfU5t/f
github.com/aws/aws-sdk-go-v2/service/backup v1.55.0/go.mod h1:H59xrHDDsJO4OMJ9bznKryHxZdMOvoZb+4dKW+A9TKo=
github.com/aws/aws-sdk-go-v2/service/batch v1.63.2 h1:9bsy0RFJYSspgVBhJ9rArmHOMS9XYYHdg1IgpuZqUO4=
github.com/aws/aws-sdk-go-v2/service/batch v1.63.2/go.mod h1:T/6gED/2b8Qh8ZOOke4oG/JCjUewh+YFkTDF7GODXQ0=
github.com/aws/aws-sdk-go-v2/service/bedrock v1.59.0 h1:iddGKq5eJ8ABEDE543752cUuI0mSAJOBDuoC1RcS+bQ=
github.com/aws/aws-sdk-go-v2/service/bedrock v1.59.0/go.mod h1:C8KxG3IPteAlDQUCBVIXfkn81kDh9iIBZ4SS8B5UbDE=
github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.9 h1:AISf54dn2oMUmhoWt4UH80xC8GqlZectZIcffiJzp6U=
github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.9/go.mod h1:YWA53lezhB2wltdgeVvDQEIwGVKWh/n+yU5Wh0YTxCw=
github.com/aws/aws-sdk-go-v2/service/cloudfront v1.61.0 h1:Yx6+Np7TIPx2/j15dWnuGadv+w11ysw5KHgKpaiZsYM=
Expand All @@ -207,6 +211,8 @@ github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.59.3 h1:iO0QRVlR
github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.59.3/go.mod h1:XPkppF4ijOR6oZvwXB2tjQDLjkTEGCFn8Onl26v4GHQ=
github.com/aws/aws-sdk-go-v2/service/configservice v1.62.1 h1:0kqK/rGcsuDGDyLLBjLSH95zC3k8lIkW0nksCYEU72g=
github.com/aws/aws-sdk-go-v2/service/configservice v1.62.1/go.mod h1:9dXB7G3BUakIT/aCgH8si8fCl//iWvR8wpkWuVKY22A=
github.com/aws/aws-sdk-go-v2/service/controltower v1.28.9 h1:FKQ4VPl2Vp3qrfEQ1DA7CrBXVbMW9axovux13CbLtaY=
github.com/aws/aws-sdk-go-v2/service/controltower v1.28.9/go.mod h1:BV/X4lbe2tx+pUSdSoDp/oJEVSakBFkdBo0nwnmPKDc=
github.com/aws/aws-sdk-go-v2/service/databasemigrationservice v1.62.0 h1:aGmD/oKKz23xhUe7xA8Fij4wLdcgLIEPfCLwCRvVsQ0=
github.com/aws/aws-sdk-go-v2/service/databasemigrationservice v1.62.0/go.mod h1:RTEJQr3mkkqxxLUgBhmN5sc9ASrdGMlI+Gmv2CQhbDM=
github.com/aws/aws-sdk-go-v2/service/dax v1.29.16 h1:QscUGVecME2laCqDmkUwK/Vp0xri5Ymujq3+NGLUn3o=
Expand Down Expand Up @@ -319,6 +325,8 @@ github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.5 h1:z2ayoK3pOvf8ODj/v
github.com/aws/aws-sdk-go-v2/service/secretsmanager v1.41.5/go.mod h1:mpZB5HAl4ZIISod9qCi12xZ170TbHX9CCJV5y7nb7QU=
github.com/aws/aws-sdk-go-v2/service/securityhub v1.68.3 h1:Nz5/FeXnKq+7YtIeNtHIuDeX/ZeFWDETL0oaqf8V0VI=
github.com/aws/aws-sdk-go-v2/service/securityhub v1.68.3/go.mod h1:wFhqYLcoMThnIKlNsl048lq9FmCA20hJV1GY0TvS7MI=
github.com/aws/aws-sdk-go-v2/service/securitylake v1.25.13 h1:RfJQCcBl1LbCq0aiDXiB4cxrhOV7P+7YAytFnpa/ENI=
github.com/aws/aws-sdk-go-v2/service/securitylake v1.25.13/go.mod h1:I4Wy1npPxCFEvynpbEM8orrnq5a34kGKY29DzGKeGqo=
github.com/aws/aws-sdk-go-v2/service/sfn v1.40.10 h1:R6zfaJNZcopLNZujk02QwmE78cMOL1KRx08FtxTyI88=
github.com/aws/aws-sdk-go-v2/service/sfn v1.40.10/go.mod h1:Csc9j7BBtxws0bI2Aj+ALQpDkWaySstkqB37+1XyyJ8=
github.com/aws/aws-sdk-go-v2/service/shield v1.34.21 h1:mO+bATVTYarn2BlIWGoZ8i+X4+GEARDp940psUNh0f4=
Expand Down
Loading
Loading