Skip to main content

Check out Port for yourself 

Mapping Extra Resources

As you've probably looked at the Examples page, you've noticed that the AWS Integration supports some AWS resources, but most of them are not documented in the Examples page.

This page will help you understand what kind of AWS resources are supported by the AWS integration and how to map them into Port.

Is the resource supported by the AWS Integration?

The AWS Integration is relying on AWS's Cloud Control API. That means:

  1. Does the type of resource I want to ingest listed here?
Resource limitation

In Cloud Control, some resources require an input in order to be queried. Currently, the integration does not support passing these inputs, which means those resources are currently not supported.

Configuration

Port integrations use a YAML mapping block to ingest data from the third-party api into Port.

The mapping makes use of the JQ JSON processor to select, modify, concatenate, transform and perform other operations on existing fields and values from the integration API.

useGetResourceAPI property support

  • By default the integration uses the CloudControl:ListResources API to get the resources. The integration can also enrich each resource by running CloudControl:GetResource on each resource, you can use this by enabling useGetResourceAPI option.

    The useGetResourceAPI option is only available for resources that support the CloudControl:GetResource API.

resources:
- kind: AWS::Lambda::Function
selector:
query: 'true' # JQ boolean query. If evaluated to false - skip syncing the object.
useGetResourceAPI: 'true'
port:
entity:
mappings: # Mappings between one AWS object to a Port entity. Each value is a JQ query.
identifier: '.Identifier'
title: '.Properties.FunctionName'
blueprint: 'lambda'
properties:
kind: '.__Kind'
region: '.__Region'
link: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Arn"
description: '.Properties.Description'
memorySize: '.Properties.MemorySize'
ephemeralStorageSize: '.Properties.EphemeralStorage.Size'
timeout: '.Properties.Timeout'
runtime: '.Properties.Runtime'
packageType: '.Properties.PackageType'
environment: '.Properties.Environment'
architectures: '.Properties.Architectures'
layers: '.Properties.Layers'
tags: '.Properties.Tags'
iamRole: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Role"
arn: '.Properties.Arn'
relations:
account: '.__AccountId'

Note: Using the useGetResourceAPI option will make each resync run slower and use a lot more memory and cpu so you might want to add memory and cpu limits.

Get an example of the AWS resource properties

To get an example of the AWS resource properties, you can use the AWS Cloud Control API to get the resource properties.

For example for the AWS::Lambda::Function resource, you can use the following command to get the resource properties:

aws cloudcontrol list-resources --type-name AWS::Lambda::Function --max-items 1 | jq .ResourceDescriptions

Querying resources from specific regions

The regionPolicy option allows users to define a policy for querying resources in specific AWS regions. This feature enables finer control over which AWS regions are included or excluded when fetching resources. The regionPolicy option works with allow and deny lists to specify allowed or restricted regions.

  • allow: A list of regions explicitly permitted for querying.
  • deny: A list of regions explicitly restricted from querying.

How regionPolicy Works

  1. If both lists are empty: All regions are allowed.
  2. If the region is in deny: It is excluded unless explicitly allowed.
  3. If the region is in allow: It is included for querying.
  4. If a region appears in both lists: It is excluded.
  5. If only deny is specified: Only regions in the deny list are excluded.
  6. If only allow is specified: Only regions in the allow list are included.

Example Configuration

resources:
- kind: AWS::Lambda::Function
selector:
query: 'true'
useGetResourceAPI: 'true'
regionPolicy:
allow: ["us-east-1", "eu-west-1"]
deny: ["us-west-2"]
port:
entity:
mappings:
identifier: '.Identifier'
title: '.Properties.FunctionName'
blueprint: 'lambda'
properties:
region: '.__Region'
description: '.Properties.Description'
arn: '.Properties.Arn'
relations:
account: '.__AccountId'

In this example, resources in the us-east-1 and eu-west-1 regions are allowed, while us-west-2 is denied.

Mapping the resource to Port

After you've found the resource in the AWS Cloud Control API Docs, you can map it to Port by following these steps:

Compute resources blueprint example

Create a Port blueprint definition for the resource. The blueprint definition is based on the resource API specified per asset type. A few examples of blueprints for compute resources are provided below:

Lightsail Instance Blueprint
{
"identifier": "lightsailInstance",
"description": "This blueprint represents an AWS Lightsail Instance in our software catalog",
"title": "Lightsail Instance",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"state": {
"type": "string",
"title": "State"
},
"blueprintId": {
"type": "string",
"title": "Blueprint ID"
},
"bundleId": {
"type": "string",
"title": "Bundle ID"
},
"arn": {
"type": "string",
"title": "ARN"
},
"privateIpAddress": {
"type": "string",
"title": "Private IP Address"
},
"publicIpAddress": {
"type": "string",
"title": "Public IP Address"
},
"cpuCount": {
"type": "number",
"title": "CPU Count"
},
"ramSize": {
"type": "number",
"title": "RAM Size (GB)"
},
"regionName": {
"type": "string",
"title": "Region Name"
},
"availabilityZone": {
"type": "string",
"title": "Availability Zone"
},
"monthlyTransfer": {
"type": "number",
"title": "Monthly Transfer (GB)"
},
"ports": {
"type": "array",
"items": {
"type": "string"
},
"title": "Ports"
},
"username": {
"type": "string",
"title": "Username"
},
"tags": {
"type": "array",
"items": {
"type": "string"
},
"title": "Tags"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
Elastic Beanstalk Application Blueprint
{
"identifier": "elasticBeanstalkApplication",
"description": "This blueprint represents an AWS Elastic Beanstalk Application in our software catalog",
"title": "Elastic Beanstalk Application",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"applicationName": {
"type": "string",
"title": "Application Name"
},
"maxAgeInDays": {
"type": "number",
"title": "Max Age In Days"
},
"maxCount": {
"type": "number",
"title": "Max Count"
},
"kind": {
"type": "string",
"title": "Kind"
},
"region": {
"type": "string",
"title": "Region"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
ECS Service Blueprint
{
"identifier": "ecsService",
"description": "This blueprint represents an AWS ECS Service in our software catalog",
"title": "ECS Service",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"desiredCount": {
"type": "number",
"title": "Desired Count"
},
"taskDefinition": {
"type": "string",
"title": "Task Definition"
},
"launchType": {
"type": "string",
"enum": ["EC2", "FARGATE", "EXTERNAL"],
"title": "Launch Type"
},
"schedulingStrategy": {
"type": "string",
"enum": ["REPLICA", "DAEMON"],
"title": "Scheduling Strategy"
},
"loadBalancers": {
"type": "array",
"title": "Load Balancers"
},
"securityGroups": {
"type": "array",
"title": "Security Groups"
},
"subnets": {
"type": "array",
"title": "Subnets"
},
"iamRole": {
"type": "string",
"format": "url",
"title": "IAM Role",
"icon": "Unlock"
},
"arn": {
"type": "string",
"title": "ARN"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
SQS Blueprint
{
"identifier": "sqs",
"description": "This blueprint represents an AWS SQS service in our software catalog",
"title": "SQS",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
Lambda Blueprint
{
"identifier": "lambda",
"description": "This blueprint represents an AWS Lambda function in our software catalog",
"title": "Lambda",
"icon": "Lambda",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"description": {
"type": "string",
"title": "Description"
},
"memorySize": {
"type": "number",
"title": "Memory Size"
},
"ephemeralStorageSize": {
"type": "number",
"title": "Ephemeral Storage Size"
},
"timeout": {
"type": "number",
"title": "Timeout"
},
"runtime": {
"type": "string",
"title": "Runtime"
},
"packageType": {
"type": "string",
"enum": ["Image", "Zip"],
"title": "Package Type"
},
"environment": {
"type": "object",
"title": "Environment"
},
"architectures": {
"type": "array",
"items": {
"type": "string",
"enum": ["x86_64", "arm64"]
},
"title": "Architectures"
},
"layers": {
"type": "array",
"title": "Layers"
},
"tags": {
"type": "array",
"title": "Tags"
},
"iamRole": {
"type": "string",
"format": "url",
"title": "IAM Role",
"icon": "Unlock"
},
"arn": {
"type": "string",
"title": "ARN"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}

Compute resources integration configuration example

Create an integration configuration for the resource. The integration configuration is a YAML file that describes the ETL process to load data into the developer portal.

Mapping Configuration for Lambda, ECS Service, SQS, Lightsail, ElasticBeanstalk
resources:
- kind: AWS::Lambda::Function
selector:
query: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.FunctionName
blueprint: '"lambda"'
properties:
kind: .__Kind
region: .__Region
link: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Arn"
description: .Properties.Description
memorySize: .Properties.MemorySize
ephemeralStorageSize: .Properties.EphemeralStorage.Size
timeout: .Properties.Timeout
runtime: .Properties.Runtime
packageType: .Properties.PackageType
environment: .Properties.Environment
architectures: .Properties.Architectures
layers: .Properties.Layers
tags: .Properties.Tags
iamRole: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Role"
arn: .Properties.Arn
relations:
account: .__AccountId
- kind: AWS::ECS::Service
selector:
query: 'true'
port:
entity:
mappings:
identifier: .Identifier | split(":")[5] | split("/")[2] | split("|")[0]
title: .Identifier
blueprint: '"ecsService"'
properties:
kind: .__Kind
region: .__Region
link: >-
'https://console.aws.amazon.com/go/view?arn=' +
.Properties.ServiceArn
desiredCount: .Properties.DesiredCount
launchType: .Properties.LaunchType
cluster: .Properties.Cluster
schedulingStrategy: .Properties.SchedulingStrategy
loadBalancers: .Properties.LoadBalancers
securityGroups: >-
.Properties.NetworkConfiguration.AwsvpcConfiguration.SecurityGroups
subnets: .Properties.NetworkConfiguration.AwsvpcConfiguration.Subnets
taskDefinition: .Properties.TaskDefinition
iamRole: >-
.Role | if . == null then null else
'https://console.aws.amazon.com/go/view?arn=' + . end
arn: .Properties.ServiceArn
relations:
account: .__AccountId
- kind: AWS::SQS::Queue
selector:
query: 'true'
port:
entity:
mappings:
identifier: .Identifier | split("/")[4]
title: .Properties.QueueUrl | split("/")[4]
blueprint: '"sqs"'
properties:
kind: .__Kind
region: .__Region
link: .Properties.QueueUrl
relations:
account: .__AccountId
- kind: AWS::Lightsail::Instance
selector:
query: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.InstanceName
blueprint: '"lightsailInstance"'
properties:
link: >-
'https://console.aws.amazon.com/go/view?arn=' +
.Properties.InstanceArn
state: .Properties.State.Name
blueprintId: .Properties.BlueprintId
bundleId: .Properties.BundleId
arn: .Properties.InstanceArn
privateIpAddress: .Properties.PrivateIpAddress
publicIpAddress: .Properties.PublicIpAddress
cpuCount: .Properties.Hardware.CpuCount
ramSize: .Properties.Hardware.RamSizeInGb
regionName: Properties.RegionName
availabilityZone: .Properties.AvailabilityZone
monthlyTransfer: .Properties.MonthlyTransfer.GbPerMonthAllocated
ports: .Properties.Networking.Ports[](.FromPort | tostring + ' - ' + .ToPort | tostring + ' - ' + .AccessDirection)
username: .Properties.UserName
tags: .Properties.Tags
relations:
account: .__AccountId
- kind: AWS::ElasticBeanstalk::Application
selector:
query: 'true'
useGetResourceAPI: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.ApplicationName
blueprint: '"elasticBeanstalkApplication"'
properties:
link: >-
'https://console.aws.amazon.com/elasticbeanstalk/home?region=' +
.__Region +
'/application/overview?applicationName=' + .Properties.ApplicationName
applicationName: .Properties.ApplicationName
maxAgeInDays: .Properties.ResourceLifecycleConfig.VersionLifecycleConfig.MaxAgeRule.MaxAgeInDays
maxCount: .Properties.ResourceLifecycleConfig.VersionLifecycleConfig.MaxCountRule.MaxCount
kind: .__Kind
region: .__Region
relations:
account: .__AccountId

Developer tools blueprint and configuration example

Amplify App Blueprint
{
"identifier": "amplifyApp",
"description": "This blueprint represents an AWS Amplify App in our software catalog",
"title": "Amplify App",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"appId": {
"type": "string",
"title": "App ID"
},
"repository": {
"type": "string",
"title": "Repository"
},
"platform": {
"type": "string",
"title": "Platform"
},
"defaultDomain": {
"type": "string",
"title": "Default Domain"
},
"customHeaders": {
"type": "string",
"title": "Custom Headers"
},
"appName": {
"type": "string",
"title": "App Name"
},
"arn": {
"type": "string",
"title": "ARN"
},
"kind": {
"type": "string",
"title": "Kind"
},
"region": {
"type": "string",
"title": "Region"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
Mapping Configuration for Amplify App
resources:
- kind: AWS::Amplify::App
selector:
query: 'true'
useGetResourceAPI: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.AppName
blueprint: '"amplifyApp"'
properties:
link: >-
'https://console.aws.amazon.com/go/view?arn=' +
.Properties.Arn
appId: .Properties.AppId
repository: .Properties.Repository
platform: .Properties.Platform
defaultDomain: .Properties.DefaultDomain
customHeaders: .Properties.CustomHeaders
appName: .Properties.AppName
arn: .Properties.Arn
kind: .__Kind
region: .__Region
relations:
account: .__AccountId

Application integration blueprint and configuration example

Kinesis Stream Blueprint
{
"identifier": "kinesisStream",
"description": "This blueprint represents an AWS Kinesis Stream in our software catalog",
"title": "Kinesis Stream",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"streamMode": {
"type": "string",
"title": "Stream Mode"
},
"shardCount": {
"type": "number",
"title": "Shard Count"
},
"retentionPeriodHours": {
"type": "number",
"title": "Retention Period Hours"
},
"shardLevelMetrics": {
"type": "array",
"items": {
"type": "string"
},
"title": "Shard Level Metrics"
},
"arn": {
"type": "string",
"title": "ARN"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
SNS Topic Blueprint
{
"identifier": "snsTopic",
"description": "This blueprint represents an AWS SNS Topic in our software catalog",
"title": "SNS Topic",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"arn": {
"type": "string",
"title": "ARN"
},
"kind": {
"type": "string",
"title": "Kind"
},
"region": {
"type": "string",
"title": "Region"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
Mapping Configuration for Kinesis Stream and SNS Topic
resources:
- kind: AWS::Kinesis::Stream
selector:
query: 'true'
useGetResourceAPI: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.Name
blueprint: '"kinesisStream"'
properties:
link: >-
'https://console.aws.amazon.com/go/view?arn=' +
.Properties.Arn
streamMode: .Properties.StreamModeDetails.StreamMode
shardCount: .Properties.ShardCount
retentionPeriodHours: .Properties.RetentionPeriodHours
shardLevelMetrics: .Properties.DesiredShardLevelMetrics
arn: .Properties.Arn
relations:
account: .__AccountId
- kind: AWS::SNS::Topic
selector:
query: 'true'
useGetResourceAPI: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.TopicName
blueprint: '"snsTopic"'
properties:
link: >-
'https://console.aws.amazon.com/go/view?arn=' +
.Properties.TopicArn
arn: .Properties.TopicArn
kind: .__Kind
region: .__Region
relations:
account: .__AccountId

Machine learning blueprint and configuration example

Lex Bot Blueprint
{
"identifier": "lexBot",
"description": "This blueprint represents an AWS Lex Bot in our software catalog",
"title": "Lex Bot",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"arn": {
"type": "string",
"title": "ARN"
},
"role": {
"type": "string",
"title": "Role ARN"
},
"name": {
"type": "string",
"title": "Name"
},
"idleSessionTTLInSeconds": {
"type": "number",
"title": "Idle Session TTL In Seconds"
},
"dataPrivacy": {
"type": "object",
"title": "Data Privacy",
"properties": {
"childDirected": {
"type": "boolean",
"title": "Child Directed"
}
}
},
"kind": {
"type": "string",
"title": "Kind"
},
"region": {
"type": "string",
"title": "Region"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
Mapping Configuration for Lex Bot
resources:
- kind: AWS::Lex::Bot
selector:
query: 'true'
useGetResourceAPI: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.Name
blueprint: '"lexBot"'
properties:
link: >-
'https://console.aws.amazon.com/go/view?arn=' +
.Properties.Arn
arn: .Properties.Arn
role: .Properties.RoleArn
name: .Properties.Name
idleSessionTTLInSeconds: .Properties.IdleSessionTTLInSeconds
dataPrivacy: .Properties.DataPrivacy
kind: .__Kind
region: .__Region
relations:
account: .__AccountId

Management and governance blueprint and configuration example

Auto Scaling Group Blueprint
{
"identifier": "autoScalingGroup",
"description": "This blueprint represents an AWS Auto Scaling Group in our software catalog",
"title": "Auto Scaling Group",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"desiredCapacity": {
"type": "number",
"title": "Desired Capacity"
},
"minSize": {
"type": "number",
"title": "Minimum Size"
},
"maxSize": {
"type": "number",
"title": "Maximum Size"
},
"arn": {
"type": "string",
"title": "ARN"
},
"role": {
"type": "string",
"format": "url",
"title": "Service Linked Role ARN"
},
"kind": {
"type": "string",
"title": "Kind"
},
"region": {
"type": "string",
"title": "Region"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
CloudFormation Stack Blueprint
{
"identifier": "cloudformationStack",
"description": "This blueprint represents an AWS CloudFormation Stack in our software catalog",
"title": "CloudFormation Stack",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"arn": {
"type": "string",
"title": "ARN"
},
"kind": {
"type": "string",
"title": "Kind"
},
"region": {
"type": "string",
"title": "Region"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
Mapping Configuration for CloudFormation Stack and Auto Scaling Group
resources:
- kind: AWS::CloudFormation::Stack
selector:
query: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.StackId | split("/")[1]
blueprint: '"cloudformationStack"'
properties:
link: >-
'https://console.aws.amazon.com/go/view?arn=' +
.Properties.StackId
arn: .Properties.StackId
kind: .__Kind
region: .__Region
relations:
account: .__AccountId
- kind: AWS::AutoScaling::AutoScalingGroup
selector:
query: 'true'
useGetResourceAPI: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.AutoScalingGroupName
blueprint: '"autoScalingGroup"'
properties:
link: >-
'https://console.aws.amazon.com/ec2/home?region=' +
.__Region + '#AutoScalingGroupDetails:id=' +
.Properties.AutoScalingGroupName + ';view=details'
desiredCapacity: .Properties.DesiredCapacity
minSize: .Properties.MinSize
maxSize: .Properties.MaxSize
arn: .Properties.AutoScalingGroupARN
role: >-
'https://console.aws.amazon.com/go/view?arn=' +
.Properties.ServiceLinkedRoleARN
kind: .__Kind
region: .__Region
relations:
account: .__AccountId

Networking and content delivery blueprint and configuration example

CloudFront Distribution Blueprint
{
"identifier": "cloudFrontDistribution",
"description": "This blueprint represents an AWS CloudFront Distribution in our software catalog",
"title": "CloudFront Distribution",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"status": {
"type": "string",
"title": "Status"
},
"domainName": {
"type": "string",
"title": "Domain Name"
},
"lastModifiedTime": {
"type": "string",
"format": "date-time",
"title": "Last Modified Time"
},
"allowedMethods": {
"type": "array",
"items": {
"type": "string"
},
"title": "Allowed Methods"
},
"originDomainNames": {
"type": "array",
"items": {
"type": "string"
},
"title": "Origin Domain Names"
},
"originIds": {
"type": "array",
"items": {
"type": "string"
},
"title": "Origin IDs"
},
"enabled": {
"type": "boolean",
"title": "Enabled"
},
"isIpv6Enabled": {
"type": "boolean",
"title": "IPv6 Enabled"
},
"httpVersion": {
"type": "string",
"title": "HTTP Version"
},
"isStaging": {
"type": "boolean",
"title": "Is Staging"
},
"kind": {
"type": "string",
"title": "Kind"
},
"region": {
"type": "string",
"title": "Region"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
Mapping Configuration for CloudFront Distribution
resources:
- kind: AWS::CloudFront::Distribution
selector:
query: 'true'
useGetResourceAPI: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.DomainName
blueprint: '"cloudFrontDistribution"'
properties:
link: >-
'https://console.aws.amazon.com/cloudfront/home?region=' +
.__Region + '#/distribution/' +
.Properties.Id
status: .Properties.Status
domainName: .Properties.DomainName
lastModifiedTime: .Properties.LastModifiedTime
allowedMethods: .Properties.DefaultCacheBehavior.AllowedMethods
originDomainNames: .Properties.Origins[].DomainName
originIds: .Properties.Origins[].Id
enabled: .Properties.Enabled
isIpv6Enabled: .Properties.IPV6Enabled
httpVersion: .Properties.HttpVersion
isStaging: .Properties.Staging
kind: .__Kind
region: .__Region
relations:
account: .__AccountId

Security, identity, and compliance blueprint and configuration example

Cognito User Pool Blueprint
{
"identifier": "cognitoUserPool",
"description": "This blueprint represents an AWS Cognito User Pool in our software catalog",
"title": "Cognito User Pool",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"arn": {
"type": "string",
"title": "ARN"
},
"userPoolId": {
"type": "string",
"title": "User Pool ID"
},
"providerName": {
"type": "string",
"title": "Provider Name"
},
"status": {
"type": "string",
"title": "Status"
},
"creationDate": {
"type": "string",
"format": "date-time",
"title": "Creation Date"
},
"mfaConfiguration": {
"type": "string",
"title": "MFA Configuration"
},
"kind": {
"type": "string",
"title": "Kind"
},
"region": {
"type": "string",
"title": "Region"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
Mapping Configuration for Cognito User Pool
resources:
- kind: AWS::Cognito::UserPool
selector:
query: 'true'
useGetResourceAPI: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.UserPoolName
blueprint: '"cognitoUserPool"'
properties:
link: >-
'https://console.aws.amazon.com/go/view?arn=' +
.Properties.Arn
arn: .Properties.Arn
userPoolId: .Properties.UserPoolId
providerName: .Properties.ProviderName
status: .Properties.Status
creationDate: .Properties.CreationDate
mfaConfiguration: .Properties.MfaConfiguration
kind: .__Kind
region: .__Region
relations:
account: .__AccountId

Storage blueprint and configuration example

DynamoDB Table Blueprint
{
"identifier": "dynamoDBTable",
"description": "This blueprint represents an AWS DynamoDB Table in our software catalog",
"title": "DynamoDB Table",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"tableStatus": {
"type": "string",
"title": "Table Status"
},
"itemCount": {
"type": "number",
"title": "Item Count"
},
"creationDateTime": {
"type": "string",
"format": "date-time",
"title": "Creation Date Time"
},
"billingMode": {
"type": "string",
"title": "Billing Mode"
},
"writeCapacityUnits": {
"type": "number",
"title": "Write Capacity Units"
},
"readCapacityUnits": {
"type": "number",
"title": "Read Capacity Units"
},
"timeToLive": {
"type": "boolean",
"title": "Time to Live"
},
"pointInTimeRecovery": {
"type": "boolean",
"title": "Point in Time Recovery"
},
"deletionProtection": {
"type": "boolean",
"title": "Deletion Protection"
},
"arn": {
"type": "string",
"title": "ARN"
},
"kind": {
"type": "string",
"title": "Kind"
},
"region": {
"type": "string",
"title": "Region"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
ElastiCache Serverless Cache Blueprint
{
"identifier": "elasticacheServerless",
"description": "This blueprint represents an AWS ElastiCache Serverless Cache in our software catalog",
"title": "ElastiCache Serverless Cache",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"engine": {
"type": "string",
"title": "Engine"
},
"engineVersion": {
"type": "string",
"title": "Full Engine Version"
},
"status": {
"type": "string",
"title": "Status"
},
"description": {
"type": "string",
"title": "Description"
},
"createTime": {
"type": "string",
"format": "date-time",
"title": "Create Time"
},
"securityGroupIds": {
"type": "array",
"items": {
"type": "string"
},
"title": "Security Group IDs"
},
"subnetIds": {
"type": "array",
"items": {
"type": "string"
},
"title": "Subnet IDs"
},
"endpoint": {
"type": "string",
"title": "Endpoint"
},
"port": {
"type": "number",
"title": "Port"
},
"readerEndpoint": {
"type": "string",
"title": "Reader Endpoint"
},
"readerPort": {
"type": "number",
"title": "Reader Port"
},
"dailySnapshotTime": {
"type": "string",
"title": "Daily Snapshot Time"
},
"snapshotRetentionLimit": {
"type": "number",
"title": "Snapshot Retention Limit"
},
"serverlessCacheName": {
"type": "string",
"title": "Serverless Cache Name"
},
"arn": {
"type": "string",
"title": "ARN"
},
"kind": {
"type": "string",
"title": "Kind"
},
"region": {
"type": "string",
"title": "Region"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
RDS Instance Blueprint
{
"identifier": "rdsInstance",
"description": "This blueprint represents an AWS RDS DBInstance in our software catalog",
"title": "RDS Instance",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"dbInstanceClass": {
"type": "string",
"title": "DB Instance Class"
},
"dbInstanceStatus": {
"type": "string",
"title": "DB Instance Status"
},
"engine": {
"type": "string",
"title": "Engine"
},
"storageType": {
"type": "string",
"title": "Storage Type"
},
"engineVersion": {
"type": "string",
"title": "Engine Version"
},
"port": {
"type": "number",
"title": "Port"
},
"allocatedStorage": {
"type": "number",
"title": "Allocated Storage"
},
"endpoint": {
"type": "string",
"title": "Endpoint"
},
"multiAZ": {
"type": "boolean",
"title": "Multi-AZ"
},
"deletionProtection": {
"type": "boolean",
"title": "Deletion Protection"
},
"availabilityZone": {
"type": "string",
"title": "Availability Zone"
},
"masterUsername": {
"type": "string",
"title": "Master Username"
},
"publicAccess": {
"type": "boolean",
"title": "Public Access"
},
"vpcSecurityGroups": {
"type": "array",
"items": {
"type": "string"
},
"title": "VPC Security Groups"
},
"arn": {
"type": "string",
"title": "ARN"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
Mapping Configuration for RDS Instance, ElastiCache, DynamoDB Table
resources:
- kind: AWS::RDS::DBInstance
selector:
query: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.DBInstanceIdentifier
blueprint: '"rdsInstance"'
properties:
link: >-
'https://console.aws.amazon.com/go/view?arn=' +
.Properties.DBInstanceArn
dbInstanceClass: .Properties.DBInstanceClass
dbInstanceStatus: .Properties.DBInstanceStatus
engine: .Properties.Engine
storageType: .Properties.StorageType
engineVersion: .Properties.EngineVersion
port: .Properties.Endpoint.Port
allocatedStorage: .Properties.AllocatedStorage
endpoint: .Properties.Endpoint.Address
multiAZ: .Properties.MultiAZ
deletionProtection: .Properties.DeletionProtection
availabilityZone: .Properties.AvailabilityZone
masterUsername: .Properties.MasterUsername
publicAccess: .Properties.PubliclyAccessible
vpcSecurityGroups: .Properties.VpcSecurityGroups
arn: .Properties.DBInstanceArn
relations:
account: .__AccountId
- kind: AWS::DynamoDB::Table
selector:
query: 'true'
useGetResourceAPI: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.TableName
blueprint: '"dynamoDBTable"'
properties:
link: >-
'https://console.aws.amazon.com/go/view?arn=' +
.Properties.Arn
tableStatus: .Properties.TableStatus
itemCount: .Properties.ItemCount
creationDateTime: .Properties.CreationDateTime
billingMode: .Properties.BillingMode
writeCapacityUnits: .Properties.ProvisionedThroughput.WriteCapacityUnits
readCapacityUnits: .Properties.ProvisionedThroughput.ReadCapacityUnits
timeToLive: .Properties.TimeToLiveSpecification.Enabled
pointInTimeRecovery: .Properties.PointInTimeRecoverySpecification.PointInTimeRecoveryEnabled
deletionProtection: .Properties.DeletionProtectionEnabled
arn: .Properties.Arn
kind: .__Kind
region: .__Region
relations:
account: .__AccountId
- kind: AWS::ElastiCache::ServerlessCache
selector:
query: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.ServerlessCacheName
blueprint: '"elasticacheServerless"'
properties:
link: >-
'https://console.aws.amazon.com/go/view?arn=' +
.Properties.ARN
engine: .Properties.Engine
engineVersion: .Properties.FullEngineVersion
status: .Properties.Status
description: .Properties.Description
createTime: .Properties.CreateTime
securityGroupIds: .Properties.SecurityGroupIds
subnetIds: .Properties.SubnetIds
endpoint: .Properties.Endpoint.Address
port: .Properties.Endpoint.Port
readerEndpoint: .Properties.ReaderEndpoint.Address
readerPort: .Properties.ReaderEndpoint.Port
dailySnapshotTime: .Properties.DailySnapshotTime
snapshotRetentionLimit: .Properties.SnapshotRetentionLimit
serverlessCacheName: .Properties.ServerlessCacheName
arn: .Properties.ARN
kind: .__Kind
region: .__Region
relations:
account: .__AccountId