Add region to all CIS AWS resources (elastic#883)

resources/fetchers/iam_fetcher.go

@@ -108,6 +108,7 @@ func (r IAMResource) GetMetadata() (fetching.ResourceMetadata, error) {
 		Type:    fetching.CloudIdentity,
 		SubType: r.GetResourceType(),
 		Name:    r.GetResourceName(),
+		Region:  r.GetRegion(),
 	}, nil
 }
 func (r IAMResource) GetElasticCommonData() any { return nil }

resources/fetchers/kms_fetcher.go

@@ -74,6 +74,7 @@ func (r KmsResource) GetMetadata() (fetching.ResourceMetadata, error) {
 		Type:    fetching.KeyManagement,
 		SubType: r.key.GetResourceType(),
 		Name:    r.key.GetResourceName(),
+		Region:  r.key.GetRegion(),
 	}, nil
 }
 

resources/fetchers/logging_fetcher.go

@@ -89,6 +89,7 @@ func (r LoggingResource) GetMetadata() (fetching.ResourceMetadata, error) {
 		Type:    fetching.CloudAudit,
 		SubType: r.GetResourceType(),
 		Name:    r.GetResourceName(),
+		Region:  r.GetRegion(),
 	}, nil
 }
 func (r LoggingResource) GetElasticCommonData() any { return nil }

resources/fetchers/monitoring_fetcher.go

@@ -94,6 +94,7 @@ func (r MonitoringResource) GetMetadata() (fetching.ResourceMetadata, error) {
 		Type:    fetching.MonitoringIdentity,
 		SubType: fetching.MultiTrailsType,
 		Name:    id,
+		Region:  awslib.GlobalRegion,
 	}, nil
 }
 func (r MonitoringResource) GetElasticCommonData() any { return nil }
@@ -108,6 +109,7 @@ func (s SecurityHubResource) GetMetadata() (fetching.ResourceMetadata, error) {
 		Name:    s.GetResourceName(),
 		Type:    fetching.MonitoringIdentity,
 		SubType: fetching.SecurityHubType,
+		Region:  s.GetRegion(),
 	}, nil
 }
 

resources/fetchers/monitoring_fetcher_test.go

@@ -160,6 +160,7 @@ func TestMonitoringResource_GetMetadata(t *testing.T) {
 				Name:    "cloudtrail-aws-account-id",
 				Type:    fetching.MonitoringIdentity,
 				SubType: fetching.MultiTrailsType,
+				Region:  awslib.GlobalRegion,
 			},
 		},
 		{
@@ -178,6 +179,7 @@ func TestMonitoringResource_GetMetadata(t *testing.T) {
 				Name:    "cloudtrail-aws-account-id",
 				Type:    fetching.MonitoringIdentity,
 				SubType: fetching.MultiTrailsType,
+				Region:  awslib.GlobalRegion,
 			},
 		},
 	}
@@ -227,6 +229,7 @@ func TestSecurityHubResource_GetMetadata(t *testing.T) {
 				Name:    "securityhub-us-east-1-" + accountId,
 				Type:    fetching.MonitoringIdentity,
 				SubType: fetching.SecurityHubType,
+				Region:  "us-east-1",
 			},
 		},
 		{
@@ -243,6 +246,7 @@ func TestSecurityHubResource_GetMetadata(t *testing.T) {
 				Name:    "securityhub-us-east-2-" + accountId,
 				Type:    fetching.MonitoringIdentity,
 				SubType: fetching.SecurityHubType,
+				Region:  "us-east-2",
 			},
 		},
 	}

resources/fetchers/network_fetcher.go

@@ -77,6 +77,7 @@ func (r NetworkResource) GetMetadata() (fetching.ResourceMetadata, error) {
 		Type:    fetching.EC2Identity,
 		SubType: r.GetResourceType(),
 		Name:    r.GetResourceName(),
+		Region:  r.GetRegion(),
 	}, nil
 }
 

resources/fetchers/rds_fetcher.go

@@ -72,6 +72,7 @@ func (r RdsResource) GetMetadata() (fetching.ResourceMetadata, error) {
 		Type:    fetching.CloudDatabase,
 		SubType: r.dbInstance.GetResourceType(),
 		Name:    r.dbInstance.GetResourceName(),
+		Region:  r.dbInstance.GetRegion(),
 	}, nil
 }
 

resources/fetchers/s3_fetcher.go

@@ -72,6 +72,7 @@ func (r S3Resource) GetMetadata() (fetching.ResourceMetadata, error) {
 		Type:    fetching.CloudStorage,
 		SubType: r.bucket.GetResourceType(),
 		Name:    r.bucket.GetResourceName(),
+		Region:  r.bucket.GetRegion(),
 	}, nil
 }
 

resources/providers/aws_cis/logging/provider.go

@@ -94,3 +94,10 @@ func (e EnrichedTrail) GetResourceName() string {
 func (e EnrichedTrail) GetResourceType() string {
 	return fetching.TrailType
 }
+
+func (e EnrichedTrail) GetRegion() string {
+	if e.Trail.HomeRegion == nil {
+		return ""
+	}
+	return *e.Trail.HomeRegion
+}

resources/providers/awslib/aws.go

@@ -23,7 +23,10 @@ import (
 	awssdk "github.com/aws/aws-sdk-go-v2/aws"
 )
 
-const DefaultRegion = "us-east-1"
+const (
+	DefaultRegion = "us-east-1"
+	GlobalRegion  = "global"
+)
 
 var ErrClientNotFound = errors.New("aws client not found")
 
@@ -35,6 +38,7 @@ type AwsResource interface {
 	GetResourceArn() string
 	GetResourceName() string
 	GetResourceType() string
+	GetRegion() string
 }
 
 func GetClient[T any](region *string, list map[string]T) (T, error) {

resources/providers/awslib/configservice/configservice.go

@@ -80,3 +80,7 @@ func (c Config) GetResourceName() string {
 func (c Config) GetResourceType() string {
 	return fetching.ConfigServiceResourceType
 }
+
+func (c Config) GetRegion() string {
+	return c.region
+}

resources/providers/awslib/ec2/ebs_encryption.go

@@ -40,3 +40,7 @@ func (e EBSEncryption) GetResourceName() string {
 func (e EBSEncryption) GetResourceType() string {
 	return fetching.EBSType
 }
+
+func (e EBSEncryption) GetRegion() string {
+	return e.region
+}

resources/providers/awslib/ec2/nacl.go

@@ -48,3 +48,7 @@ func (r NACLInfo) GetResourceName() string {
 func (r NACLInfo) GetResourceType() string {
 	return fetching.NetworkNACLType
 }
+
+func (r NACLInfo) GetRegion() string {
+	return r.region
+}

resources/providers/awslib/ec2/security_group.go

@@ -47,3 +47,7 @@ func (s SecurityGroup) GetResourceName() string {
 func (s SecurityGroup) GetResourceType() string {
 	return fetching.SecurityGroupType
 }
+
+func (s SecurityGroup) GetRegion() string {
+	return s.region
+}

resources/providers/awslib/ec2/vpc.go

@@ -48,3 +48,7 @@ func (v VpcInfo) GetResourceName() string {
 func (v VpcInfo) GetResourceType() string {
 	return fetching.VpcType
 }
+
+func (v VpcInfo) GetRegion() string {
+	return v.region
+}

resources/providers/awslib/iam/password_policy.go

@@ -70,3 +70,7 @@ func (p PasswordPolicy) GetResourceName() string {
 func (p PasswordPolicy) GetResourceType() string {
 	return fetching.PwdPolicyType
 }
+
+func (p PasswordPolicy) GetRegion() string {
+	return awslib.GlobalRegion
+}

resources/providers/awslib/iam/policy.go

@@ -136,6 +136,10 @@ func (p Policy) GetResourceType() string {
 	return fetching.PolicyType
 }
 
+func (p Policy) GetRegion() string {
+	return awslib.GlobalRegion
+}
+
 func stringOrEmpty(s *string) string {
 	if s == nil {
 		return ""

resources/providers/awslib/iam/user.go

@@ -125,6 +125,10 @@ func (u User) GetResourceType() string {
 	return fetching.IAMUserType
 }
 
+func (u User) GetRegion() string {
+	return awslib.GlobalRegion
+}
+
 func (p Provider) listUsers(ctx context.Context) ([]types.User, error) {
 	p.log.Debug("IAMProvider.getUsers")
 	var nativeUsers []types.User

resources/providers/awslib/kms/kms.go

@@ -30,6 +30,7 @@ import (
 type KmsInfo struct {
 	KeyMetadata        types.KeyMetadata `json:"key_metadata"`
 	KeyRotationEnabled bool              `json:"key_rotation_enabled"`
+	region             string
 }
 
 type KMS interface {

resources/providers/awslib/kms/provider.go

@@ -81,6 +81,7 @@ func (p *Provider) DescribeSymmetricKeys(ctx context.Context) ([]awslib.AwsResou
 			result = append(result, KmsInfo{
 				KeyMetadata:        *keyInfo.KeyMetadata,
 				KeyRotationEnabled: rotationStatus.KeyRotationEnabled,
+				region:             region,
 			})
 		}
 		return result, nil
@@ -107,3 +108,7 @@ func (k KmsInfo) GetResourceName() string {
 func (k KmsInfo) GetResourceType() string {
 	return fetching.KmsType
 }
+
+func (k KmsInfo) GetRegion() string {
+	return k.region
+}

resources/providers/awslib/kms/provider_test.go

@@ -26,7 +26,6 @@ import (
 	kmsClient "github.com/aws/aws-sdk-go-v2/service/kms"
 	"github.com/aws/aws-sdk-go-v2/service/kms/types"
 	"github.com/elastic/cloudbeat/resources/providers/awslib"
-	"github.com/elastic/cloudbeat/resources/utils/testhelper"
 	"github.com/elastic/elastic-agent-libs/logp"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/suite"
@@ -58,7 +57,7 @@ func (s *ProviderTestSuite) TearDownTest() {}
 var keyId1 = "21c0ba99-3a6c-4f72-8ef8-8118d4804710"
 var keyId2 = "21c0ba99-3a6c-4f72-8ef8-8118d4804711"
 
-func (s *ProviderTestSuite) TestProvider_DescribeBuckets() {
+func (s *ProviderTestSuite) TestProvider_DescribeSymmetricKeys() {
 	var tests = []struct {
 		name                    string
 		regions                 []string
@@ -142,25 +141,27 @@ func (s *ProviderTestSuite) TestProvider_DescribeBuckets() {
 				},
 			},
 			expected: []awslib.AwsResource{
-				KmsInfo{KeyMetadata: types.KeyMetadata{KeyId: &keyId1, KeySpec: types.KeySpecSymmetricDefault}, KeyRotationEnabled: true},
-				KmsInfo{KeyMetadata: types.KeyMetadata{KeyId: &keyId2, KeySpec: types.KeySpecSymmetricDefault}, KeyRotationEnabled: true},
+				KmsInfo{KeyMetadata: types.KeyMetadata{KeyId: &keyId1, KeySpec: types.KeySpecSymmetricDefault}, KeyRotationEnabled: true, region: "us-east-1"},
+				KmsInfo{KeyMetadata: types.KeyMetadata{KeyId: &keyId2, KeySpec: types.KeySpecSymmetricDefault}, KeyRotationEnabled: true, region: "us-east-2"},
 			},
 			expectError: false,
 			regions:     []string{"us-east-1", "us-east-2"},
 		},
 	}
 
 	for _, test := range tests {
-		kmsClientMock := &MockClient{}
-		for funcName, returnVals := range test.kmsClientMockReturnVals {
-			for _, vals := range returnVals {
-				kmsClientMock.On(funcName, vals[0]...).Return(vals[1]...).Once()
+		mockClients := make(map[string]Client, len(test.regions))
+		for i, region := range test.regions {
+			kmsClientMock := &MockClient{}
+			for funcName, returnVals := range test.kmsClientMockReturnVals {
+				kmsClientMock.On(funcName, returnVals[i][0]...).Return(returnVals[i][1]...)
 			}
+			mockClients[region] = kmsClientMock
 		}
 
 		kmsProvider := Provider{
 			log:     s.log,
-			clients: testhelper.CreateMockClients[Client](kmsClientMock, test.regions),
+			clients: mockClients,
 		}
 
 		ctx := context.Background()

resources/providers/awslib/multi_region_test.go

@@ -168,6 +168,8 @@ func (t testAwsResource) GetResourceName() string { return "" }
 
 func (t testAwsResource) GetResourceType() string { return "" }
 
+func (t testAwsResource) GetRegion() string { return "" }
+
 func (d dummyTester) DummyFunc() ([]AwsResource, error) {
 	awsRes := []AwsResource{testAwsResource{resRegion: d.region}}
 	switch d.region {

resources/providers/awslib/rds/provider.go

@@ -63,6 +63,7 @@ func (p Provider) DescribeDBInstances(ctx context.Context) ([]awslib.AwsResource
 				AutoMinorVersionUpgrade: dbInstance.AutoMinorVersionUpgrade,
 				PubliclyAccessible:      dbInstance.PubliclyAccessible,
 				Subnets:                 subnets,
+				region:                  region,
 			})
 		}
 
@@ -105,3 +106,7 @@ func (d DBInstance) GetResourceName() string {
 func (d DBInstance) GetResourceType() string {
 	return fetching.RdsType
 }
+
+func (d DBInstance) GetRegion() string {
+	return d.region
+}

resources/providers/awslib/rds/provider_test.go

@@ -98,8 +98,27 @@ func (s *ProviderTestSuite) TestProvider_DescribeDBInstances() {
 				{ec2types.RouteTable{RouteTableId: &identifier, Routes: []ec2types.Route{{DestinationCidrBlock: &destinationCidrBlock, GatewayId: &gatewayId}}}, nil},
 			},
 			expected: []awslib.AwsResource{
-				DBInstance{Identifier: identifier, Arn: arn, StorageEncrypted: false, AutoMinorVersionUpgrade: false, PubliclyAccessible: false, Subnets: []Subnet(nil)},
-				DBInstance{Identifier: identifier2, Arn: arn2, StorageEncrypted: true, AutoMinorVersionUpgrade: true, PubliclyAccessible: true, Subnets: []Subnet{{ID: identifier, RouteTable: nil}, {ID: identifier2, RouteTable: &RouteTable{ID: identifier, Routes: []Route{{DestinationCidrBlock: &destinationCidrBlock, GatewayId: &gatewayId}}}}}},
+				DBInstance{
+					Identifier:              identifier,
+					Arn:                     arn,
+					StorageEncrypted:        false,
+					AutoMinorVersionUpgrade: false,
+					PubliclyAccessible:      false,
+					Subnets:                 []Subnet(nil),
+					region:                  awslib.DefaultRegion,
+				},
+				DBInstance{
+					Identifier:              identifier2,
+					Arn:                     arn2,
+					StorageEncrypted:        true,
+					AutoMinorVersionUpgrade: true,
+					PubliclyAccessible:      true, Subnets: []Subnet{
+						{ID: identifier, RouteTable: nil},
+						{ID: identifier2, RouteTable: &RouteTable{
+							ID:     identifier,
+							Routes: []Route{{DestinationCidrBlock: &destinationCidrBlock, GatewayId: &gatewayId}},
+						}}},
+					region: awslib.DefaultRegion},
 			},
 		},
 	}

resources/providers/awslib/rds/rds.go

@@ -19,10 +19,9 @@ package rds
 
 import (
 	"context"
-	"github.com/elastic/cloudbeat/resources/providers/awslib/ec2"
-
 	"github.com/aws/aws-sdk-go-v2/service/rds"
 	"github.com/elastic/cloudbeat/resources/providers/awslib"
+	"github.com/elastic/cloudbeat/resources/providers/awslib/ec2"
 	"github.com/elastic/elastic-agent-libs/logp"
 )
 
@@ -33,6 +32,7 @@ type DBInstance struct {
 	AutoMinorVersionUpgrade bool     `json:"auto_minor_version_upgrade"`
 	PubliclyAccessible      bool     `json:"publicly_accessible"`
 	Subnets                 []Subnet `json:"subnets"`
+	region                  string
 }
 
 type Subnet struct {