WIP: Add asset inventory AWS CloudFront fetcher

go.mod

@@ -21,13 +21,14 @@ require (
 	github.com/aquasecurity/trivy v0.48.3
 	github.com/aquasecurity/trivy-db v0.0.0-20240220070059-88dc6466aa40
 	github.com/aws/aws-sdk-go v1.53.0
-	github.com/aws/aws-sdk-go-v2 v1.26.1
+	github.com/aws/aws-sdk-go-v2 v1.26.2
 	github.com/aws/aws-sdk-go-v2/config v1.27.13
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.13
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1
 	github.com/aws/aws-sdk-go-v2/service/accessanalyzer v1.29.3
 	github.com/aws/aws-sdk-go-v2/service/autoscaling v1.40.6
 	github.com/aws/aws-sdk-go-v2/service/cloudformation v1.50.1
+	github.com/aws/aws-sdk-go-v2/service/cloudfront v1.36.2
 	github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.39.3
 	github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.38.1
 	github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.35.2
@@ -182,8 +183,8 @@ require (
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ebs v1.21.7 // indirect

go.sum

@@ -687,8 +687,8 @@ github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX
 github.com/aws/aws-sdk-go v1.53.0 h1:MMo1x1ggPPxDfHMXJnQudTbGXYlD4UigUAud1DJxPVo=
 github.com/aws/aws-sdk-go v1.53.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
 github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M=
-github.com/aws/aws-sdk-go-v2 v1.26.1 h1:5554eUqIYVWpU0YmeeYZ0wU64H2VLBs8TlhRB2L+EkA=
-github.com/aws/aws-sdk-go-v2 v1.26.1/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2 v1.26.2 h1:OTRAL8EPdNoOdiq5SUhCaHhVPBU2wxAUe5uwasoJGRM=
+github.com/aws/aws-sdk-go-v2 v1.26.2/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2 h1:x6xsQXGSmW6frevwDA+vi/wqhp1ct18mVXYN08/93to=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.2/go.mod h1:lPprDr1e6cJdyYeGXnRaJoP4Md+cDBvi2eOj00BlGmg=
 github.com/aws/aws-sdk-go-v2/config v1.27.13 h1:WbKW8hOzrWoOA/+35S5okqO/2Ap8hkkFUzoW8Hzq24A=
@@ -700,11 +700,11 @@ github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24L
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.15.11 h1:I6lAa3wBWfCz/cKkOpAcumsETRkFAl70sWi8ItcMEsM=
 github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.15.11/go.mod h1:be1NIO30kJA23ORBLqPo1LttEM6tPNSEcjkd1eKzNW0=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5 h1:aw39xVGeRWlWx9EzGVnhOR4yOjQDHPQ6o6NmBlscyQg=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.5/go.mod h1:FSaRudD0dXiMPK2UjknVwwTYyZMRsHv3TtkabsZih5I=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6 h1:yrfbQyxO73opeqep8FohU4LJx56iiQuvf4/XPgFB4To=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.6/go.mod h1:bFtlRACYBPG2AUYst0ky5TPtgeYqWCksozVTGsZ1zq0=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5 h1:PG1F3OD1szkuQPzDw3CIQsRIrtTlUC3lP84taWzHlq0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.5/go.mod h1:jU1li6RFryMz+so64PpKtudI+QzbKoIEivqdf6LNpOc=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6 h1:DXsuqiAp1mGkelZCUSex8DsRtkeK4mW3oreyjNSegoo=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.6/go.mod h1:cLtGzsyh+Wz2j1w9Qyfn5DA9i25RfbYjwfJBZqCiP9Y=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.5 h1:81KE7vaZzrl7yHBYHVEzYB8sypz11NMOZ40YlWvPxsU=
@@ -715,6 +715,8 @@ github.com/aws/aws-sdk-go-v2/service/autoscaling v1.40.6 h1:IDoEdCkKRy7iPlRVSuDA
 github.com/aws/aws-sdk-go-v2/service/autoscaling v1.40.6/go.mod h1:ZErgk/bPaaZIpj+lUWGlwI1A0UFhSIscgnCPzTLnb2s=
 github.com/aws/aws-sdk-go-v2/service/cloudformation v1.50.1 h1:lFyHV8TCw4GRj39hvnGzENfTEFPPUpRwC8cqaAPp8dk=
 github.com/aws/aws-sdk-go-v2/service/cloudformation v1.50.1/go.mod h1:/v2KYdCW4BaHKayenaWEXOOdxItIwEA3oU0XzuQY3F0=
+github.com/aws/aws-sdk-go-v2/service/cloudfront v1.36.2 h1:vmxyUmIrNmIHaOxDWmPYCik+XJudxugLuKWizGcnEEU=
+github.com/aws/aws-sdk-go-v2/service/cloudfront v1.36.2/go.mod h1:+/qRdYWUYsG4f4JHep4Bl3NZ3DzuHMBxJ+wgy1WcO6Y=
 github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.39.3 h1:YeiiaKxb/ZeVJZ5eNRPjjKCQJeNvAl16tHwBUSoQmPE=
 github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.39.3/go.mod h1:gAJs+mKIoK4JTQD1KMZtHgyBRZ8S6Oy5+qjJzoDAvbE=
 github.com/aws/aws-sdk-go-v2/service/cloudwatch v1.38.1 h1:Lrq1Tuj+tA569WQzuESkm/rUfhIQMmNoZW6rRuZVHVI=

internal/resources/fetching/fetcher.go

@@ -31,29 +31,31 @@ const (
 	ProcessType    = "process"
 
 	// AWS subtypes
-	AccessAnalyzers           = "aws-access-analyzers"
-	AwsMonitoringType         = "aws-monitoring"
-	ConfigServiceResourceType = "aws-config"
-	EBSSnapshotType           = "aws-ebs-snapshot"
-	EBSType                   = "aws-ebs"
-	EC2NetworkingType         = "aws-ec2-network"
-	EC2Type                   = "aws-ec2"
-	EcrType                   = "aws-ecr"
-	ElbType                   = "aws-elb"
-	IAMServerCertificateType  = "aws-iam-server-certificate"
-	IAMType                   = "aws-iam"
-	IAMUserType               = "aws-iam-user"
-	KmsType                   = "aws-kms"
-	MultiTrailsType           = "aws-multi-trails"
-	NetworkNACLType           = "aws-nacl"
-	PolicyType                = "aws-policy"
-	PwdPolicyType             = "aws-password-policy"
-	RdsType                   = "aws-rds"
-	S3Type                    = "aws-s3"
-	SecurityGroupType         = "aws-security-group"
-	SecurityHubType           = "aws-securityhub"
-	TrailType                 = "aws-trail"
-	VpcType                   = "aws-vpc"
+	AccessAnalyzers             = "aws-access-analyzers"
+	AwsMonitoringType           = "aws-monitoring"
+	CloudFrontDistributionType  = "aws-cloudfront-distribution"
+	CloudFrontKeyValueStoreType = "aws-cloudfront-key-value-store"
+	ConfigServiceResourceType   = "aws-config"
+	EBSSnapshotType             = "aws-ebs-snapshot"
+	EBSType                     = "aws-ebs"
+	EC2NetworkingType           = "aws-ec2-network"
+	EC2Type                     = "aws-ec2"
+	EcrType                     = "aws-ecr"
+	ElbType                     = "aws-elb"
+	IAMServerCertificateType    = "aws-iam-server-certificate"
+	IAMType                     = "aws-iam"
+	IAMUserType                 = "aws-iam-user"
+	KmsType                     = "aws-kms"
+	MultiTrailsType             = "aws-multi-trails"
+	NetworkNACLType             = "aws-nacl"
+	PolicyType                  = "aws-policy"
+	PwdPolicyType               = "aws-password-policy"
+	RdsType                     = "aws-rds"
+	S3Type                      = "aws-s3"
+	SecurityGroupType           = "aws-security-group"
+	SecurityHubType             = "aws-securityhub"
+	TrailType                   = "aws-trail"
+	VpcType                     = "aws-vpc"
 
 	// GCP subtypes
 	GcpLoggingType    = "gcp-logging"

internal/resources/providers/awslib/cloudfront/cloudfront.go

@@ -0,0 +1,51 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package cloudfront
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/service/cloudfront"
+	"github.com/aws/aws-sdk-go-v2/service/cloudfront/types"
+	"github.com/elastic/elastic-agent-libs/logp"
+
+	"github.com/elastic/cloudbeat/internal/resources/providers/awslib"
+)
+
+type Distribution struct {
+	types.DistributionSummary
+}
+
+type KeyValueStore struct {
+	types.KeyValueStore
+}
+
+type Provider struct {
+	log    *logp.Logger
+	client Client
+}
+
+type Descriptor interface {
+	DescribeDistributions(ctx context.Context) ([]awslib.AwsResource, error)
+	DescribeKeyValueStores(ctx context.Context) ([]awslib.AwsResource, error)
+}
+
+type Client interface {
+	ListDistributions(ctx context.Context, params *cloudfront.ListDistributionsInput, optFns ...func(*cloudfront.Options)) (*cloudfront.ListDistributionsOutput, error)
+	ListKeyValueStores(ctx context.Context, params *cloudfront.ListKeyValueStoresInput, optFns ...func(*cloudfront.Options)) (*cloudfront.ListKeyValueStoresOutput, error)
+}