1 Reply Latest reply on Dec 6, 2019 10:50 AM by Andrew Waters

    Cloud AWS Supported Requests TPL Trigger and other AWS Component

    Alex Gravel
      Share This:

      Hi All,

       

      I am trying to find on what my Pattern should trigger when scanning AWS.

       

      I see there are example of TPL that show the API to call like this :

       

           da := discovery.access();

       

           results := discovery.AWS.EC2.DescribeVpnConnections(da);

           if results then

             // Process results

           end if;

       

      Although, i am not sure on what my pattern should trigger.

       

      Also, if I want to gather other component that Discovery doesn't offer Requests, using a rest api call, what should be the trigger?

       

      My goal is to get the Direct Connect and relate them to the VPCs in our envirionnement

       

      Thanks !

        • 1. Re: Cloud AWS Supported Requests TPL Trigger and other AWS Component
          Andrew Waters

          That depends upon what exactly you are going to do in your pattern.

           

          For example you could trigger off

          triggers

            // Trigger on DescribeInstances Cloud API result list

            on result_list := DiscoveredCloudAPIResultList

                                  where discovery_method = "AWS.EC2.DescribeInstances";

          end triggers;

          and then run the discovery.AWS.EC2.DescribeVpnConnections. However the VMs are not going to present for the current scan as you are triggering on the same thing as that building the VMs. If you then triggered off

          triggers

            // Trigger on DescribeVpnConnections Cloud API result list

            on result_list := DiscoveredCloudAPIResultList

                                  where discovery_method = "AWS.EC2.DescribeVpnConnections";

          end triggers;

          and then run the discovery.AWS.EC2.DescribeVpnConnections. However the VMs are not going to present for the current scan as you are triggering on the same thing as that building the VMs. If you then triggered off both the VMs and the VPC information would be present.

           

          Alternatively you could trigger off the EC2 VirtualMachine nodes themselves

          trigger

            on vm := VirtualMachine created, confirmed where vm_type = "AWS EC2 Instance";

          end triggers;

          and link that specific VM.

          2 of 2 people found this helpful