initial support for guardduty detectors (#286)

* initial support for guardduty detectors

- support guardduty detectors
- added mock tests
- tested manually
* add e2e test

client/client.go

@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"time"
 
+	"github.com/aws/aws-sdk-go-v2/service/guardduty"
+
 	"github.com/aws/smithy-go/logging"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
@@ -129,6 +131,7 @@ type Services struct {
 	ConfigService        ConfigServiceClient
 	Waf                  WafClient
 	WafV2                WafV2Client
+	GuardDuty            GuardDutyClient
 }
 type ServicesAccountRegionMap map[string]map[string]*Services
 
@@ -368,6 +371,7 @@ func initServices(region string, c aws.Config) Services {
 		ELBv2:                elbv2.NewFromConfig(awsCfg),
 		EMR:                  emr.NewFromConfig(awsCfg),
 		FSX:                  fsx.NewFromConfig(awsCfg),
+		GuardDuty:            guardduty.NewFromConfig(awsCfg),
 		IAM:                  iam.NewFromConfig(awsCfg),
 		KMS:                  kms.NewFromConfig(awsCfg),
 		Lambda:               lambda.NewFromConfig(awsCfg),

client/services.go

@@ -3,6 +3,8 @@ package client
 import (
 	"context"
 
+	"github.com/aws/aws-sdk-go-v2/service/guardduty"
+
 	"github.com/aws/aws-sdk-go-v2/service/accessanalyzer"
 	"github.com/aws/aws-sdk-go-v2/service/apigateway"
 	"github.com/aws/aws-sdk-go-v2/service/apigatewayv2"
@@ -425,3 +427,10 @@ type SQSClient interface {
 	ListQueues(ctx context.Context, params *sqs.ListQueuesInput, optFns ...func(*sqs.Options)) (*sqs.ListQueuesOutput, error)
 	ListQueueTags(ctx context.Context, params *sqs.ListQueueTagsInput, optFns ...func(*sqs.Options)) (*sqs.ListQueueTagsOutput, error)
 }
+
+//go:generate mockgen -package=mocks -destination=./mocks/mock_guardduty.go . GuardDutyClient
+type GuardDutyClient interface {
+	guardduty.ListDetectorsAPIClient
+	guardduty.ListMembersAPIClient
+	GetDetector(ctx context.Context, params *guardduty.GetDetectorInput, optFns ...func(*guardduty.Options)) (*guardduty.GetDetectorOutput, error)
+}

docs/tables/aws_guardduty_detector_members.md

@@ -0,0 +1,14 @@
+
+# Table: aws_guardduty_detector_members
+Contains information about the member account.
+## Columns
+| Name        | Type           | Description  |
+| ------------- | ------------- | -----  |
+|detector_cq_id|uuid|Unique CloudQuery ID of aws_guardduty_detectors table (FK)|
+|account_id|text|The ID of the member account.|
+|email|text|The email address of the member account.|
+|master_id|text|The administrator account ID.|
+|relationship_status|text|The status of the relationship between the member and the administrator.|
+|updated_at|timestamp without time zone|The last-updated timestamp of the member.|
+|detector_id|text|The detector ID of the member account.|
+|invited_at|timestamp without time zone|The timestamp when the invitation was sent.|

docs/tables/aws_guardduty_detectors.md

@@ -0,0 +1,19 @@
+
+# Table: aws_guardduty_detectors
+
+## Columns
+| Name        | Type           | Description  |
+| ------------- | ------------- | -----  |
+|account_id|text|The AWS Account ID of the resource.|
+|region|text|The AWS Region of the resource.|
+|id|text|The Unique Identifier of the Detector.|
+|service_role|text|The GuardDuty service role.|
+|status|text|The detector status.|
+|created_at|timestamp without time zone|The timestamp of when the detector was created.|
+|data_sources_cloud_trail_status|text|Describes whether CloudTrail is enabled as a data source for the detector.|
+|data_sources_dns_logs_status|text|Denotes whether DNS logs is enabled as a data source.|
+|data_sources_flow_logs_status|text|Denotes whether VPC flow logs is enabled as a data source.|
+|data_sources_s3_logs_status|text|A value that describes whether S3 data event logs are automatically enabled for new members of the organization.|
+|finding_publishing_frequency|text|The publishing frequency of the finding.|
+|tags|jsonb|The tags of the detector resource.|
+|updated_at|timestamp without time zone|The last-updated timestamp for the detector.|

go.mod

@@ -32,6 +32,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/elasticsearchservice v1.4.0
 	github.com/aws/aws-sdk-go-v2/service/emr v1.2.0
 	github.com/aws/aws-sdk-go-v2/service/fsx v1.2.0
+	github.com/aws/aws-sdk-go-v2/service/guardduty v1.7.1
 	github.com/aws/aws-sdk-go-v2/service/iam v1.3.0
 	github.com/aws/aws-sdk-go-v2/service/kms v1.2.1
 	github.com/aws/aws-sdk-go-v2/service/lambda v1.3.0
@@ -41,6 +42,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/redshift v1.3.0
 	github.com/aws/aws-sdk-go-v2/service/route53 v1.4.0
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.19.1
+	github.com/aws/aws-sdk-go-v2/service/s3control v1.14.1
 	github.com/aws/aws-sdk-go-v2/service/sns v1.1.2
 	github.com/aws/aws-sdk-go-v2/service/sqs v1.9.1
 	github.com/aws/aws-sdk-go-v2/service/sts v1.4.1
@@ -131,8 +133,6 @@ require (
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 )
 
-require github.com/aws/aws-sdk-go-v2/service/s3control v1.14.1
-
 require (
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.0.0 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.1 // indirect

go.sum

@@ -207,6 +207,8 @@ github.com/aws/aws-sdk-go-v2/service/emr v1.2.0 h1:JwDNxHv2oazaknN1la3lskZWvOS56
 github.com/aws/aws-sdk-go-v2/service/emr v1.2.0/go.mod h1:EbPeddhwfEWE6ZJh5WM2+OoHhUEko8/zuloAs/4bqrA=
 github.com/aws/aws-sdk-go-v2/service/fsx v1.2.0 h1:/hxERAW8wfc5F+aC8rwsB2tqMkWApAWJoaVM0cuhBg4=
 github.com/aws/aws-sdk-go-v2/service/fsx v1.2.0/go.mod h1:BFqIiyAdn9j1EaiCN418uBCUvXBrPHw7P4+p8wvJ72c=
+github.com/aws/aws-sdk-go-v2/service/guardduty v1.7.1 h1:uzPWcFlbXbZRPZXtGIZHMfkiL/nt1KgCoDg0VzlsL6M=
+github.com/aws/aws-sdk-go-v2/service/guardduty v1.7.1/go.mod h1:Qi8iJ8THhntgnht2Fx9KZfXQNwG5ApeKheK1+2C1Zgw=
 github.com/aws/aws-sdk-go-v2/service/iam v1.3.0 h1:V95YLxbxLGlTcFR0KMMSZEaudIxYCAhycSGcO7/Favs=
 github.com/aws/aws-sdk-go-v2/service/iam v1.3.0/go.mod h1:gPUYT7MBEb30j9eAsJ17LN9KbXtD1uqKOOKesCC4tjc=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.0.4/go.mod h1:BCfU3Uo2fhKcMZFp9zU5QQGQxqWCOYmZ/27Dju3S/do=