pangea 0.0.45 → 0.0.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2198) hide show
  1. checksums.yaml +4 -4
  2. data/.claude/skills/pangea-cloud-resource-creation/SKILL.md +169 -0
  3. data/.claude/skills/pangea-cloud-resource-creation/references/hetzner-volume-example.md +133 -0
  4. data/.claude/skills/pangea-cloud-resource-creation/references/patterns-antipatterns.md +149 -0
  5. data/.claude/skills/pangea-cloud-resource-creation/references/resource-templates.md +288 -0
  6. data/.claude/skills/pangea-cloud-resource-creation/references/tracker-cli.md +77 -0
  7. data/.claude/skills/pangea-cloud-resource-creation/references/type-system.md +105 -0
  8. data/.claude/skills/pangea-infrastructure/SKILL.md +300 -0
  9. data/.claude/skills/pangea-infrastructure/references/kubernetes-integration.md +149 -0
  10. data/.claude/skills/pangea-infrastructure/references/resource-patterns.md +206 -0
  11. data/.claude/skills/pangea-infrastructure/references/troubleshooting.md +86 -0
  12. data/.claude/skills/pangea-infrastructure/references/workflow-examples.md +98 -0
  13. data/.claude/skills/pangea-refactoring/SKILL.md +478 -0
  14. data/.claude/skills/pangea-resource-testing/SKILL.md +256 -0
  15. data/.claude/skills/pangea-rspec-resource-testing/SKILL.md +258 -0
  16. data/.claude/skills/pangea-rspec-resource-testing/references/cloudflare-zone-example.md +57 -0
  17. data/.claude/skills/pangea-rspec-resource-testing/references/common-patterns.md +109 -0
  18. data/.claude/skills/pangea-rspec-resource-testing/references/debugging.md +63 -0
  19. data/.claude/skills/pangea-rspec-resource-testing/references/integration-tests.md +55 -0
  20. data/.claude/skills/pangea-rspec-resource-testing/references/synthesis-tests.md +169 -0
  21. data/.claude/skills/pangea-rspec-resource-testing/references/troubleshooting.md +129 -0
  22. data/.claude/skills/pangea-rspec-resource-testing/references/type-validation-tests.md +92 -0
  23. data/.github/workflows/ci.yml +54 -53
  24. data/.gitignore +6 -1
  25. data/.rspec_status +17894 -0
  26. data/AGENT_GUIDE.md +24 -8
  27. data/CONTRIBUTING.md +35 -35
  28. data/Gemfile.lock +103 -57
  29. data/README.md +22 -13
  30. data/README_backend_configuration.md +16 -9
  31. data/bin/generate-hetzner-resource +204 -0
  32. data/bin/hetzner-tracker +280 -0
  33. data/bin/pangea +13 -0
  34. data/bin/pangea-compiler +15 -0
  35. data/bin/pangea-compiler-server +133 -0
  36. data/docs/KUBERNETES_OPERATOR_PLAN.md +2626 -0
  37. data/examples/test_simple/pangea.yml +7 -0
  38. data/examples/test_simple/simple.rb +39 -0
  39. data/flake.lock +748 -6
  40. data/flake.nix +501 -29
  41. data/gemset.nix +115 -104
  42. data/lib/pangea/agent/analysis.rb +128 -0
  43. data/lib/pangea/agent/compilation.rb +62 -0
  44. data/lib/pangea/agent/helpers.rb +29 -0
  45. data/lib/pangea/agent/listing.rb +108 -0
  46. data/lib/pangea/agent.rb +13 -349
  47. data/lib/pangea/architectures/base/architecture_reference/cost.rb +30 -0
  48. data/lib/pangea/architectures/base/architecture_reference/high_availability.rb +57 -0
  49. data/lib/pangea/architectures/base/architecture_reference/performance.rb +58 -0
  50. data/lib/pangea/architectures/base/architecture_reference/security.rb +61 -0
  51. data/lib/pangea/architectures/base/architecture_reference/validation.rb +46 -0
  52. data/lib/pangea/architectures/base/architecture_reference.rb +109 -0
  53. data/lib/pangea/architectures/base/vpc_networking.rb +155 -0
  54. data/lib/pangea/architectures/base.rb +9 -503
  55. data/lib/pangea/architectures/examples/architectures/devops_platform.rb +129 -0
  56. data/lib/pangea/architectures/examples/architectures/ecommerce_platform.rb +104 -0
  57. data/lib/pangea/architectures/examples/architectures/helpers.rb +47 -0
  58. data/lib/pangea/architectures/examples/architectures/ml_platform.rb +113 -0
  59. data/lib/pangea/architectures/examples/architectures/multi_region_saas.rb +95 -0
  60. data/lib/pangea/architectures/examples/web_application/analytics.rb +108 -0
  61. data/lib/pangea/architectures/examples/web_application/basic.rb +40 -0
  62. data/lib/pangea/architectures/examples/web_application/custom_database.rb +86 -0
  63. data/lib/pangea/architectures/examples/web_application/ecommerce.rb +103 -0
  64. data/lib/pangea/architectures/examples/web_application/microservices.rb +120 -0
  65. data/lib/pangea/architectures/examples/web_application/multi_environment.rb +88 -0
  66. data/lib/pangea/architectures/examples/web_application_examples.rb +7 -571
  67. data/lib/pangea/architectures/examples.rb +14 -480
  68. data/lib/pangea/architectures/patterns/data_processing/analytics.rb +70 -0
  69. data/lib/pangea/architectures/patterns/data_processing/iam_roles.rb +131 -0
  70. data/lib/pangea/architectures/patterns/data_processing/ingestion.rb +73 -0
  71. data/lib/pangea/architectures/patterns/data_processing/monitoring.rb +66 -0
  72. data/lib/pangea/architectures/patterns/data_processing/processing.rb +78 -0
  73. data/lib/pangea/architectures/patterns/data_processing/security.rb +34 -0
  74. data/lib/pangea/architectures/patterns/data_processing/storage.rb +74 -0
  75. data/lib/pangea/architectures/patterns/data_processing/streaming.rb +121 -0
  76. data/lib/pangea/architectures/patterns/data_processing/types.rb +79 -0
  77. data/lib/pangea/architectures/patterns/data_processing.rb +51 -619
  78. data/lib/pangea/architectures/patterns/microservices/helpers.rb +67 -0
  79. data/lib/pangea/architectures/patterns/microservices/observability.rb +83 -0
  80. data/lib/pangea/architectures/patterns/microservices/orchestration.rb +67 -0
  81. data/lib/pangea/architectures/patterns/microservices/platform_security.rb +56 -0
  82. data/lib/pangea/architectures/patterns/microservices/service.rb +117 -0
  83. data/lib/pangea/architectures/patterns/microservices/service_mesh.rb +49 -0
  84. data/lib/pangea/architectures/patterns/microservices/shared_services.rb +90 -0
  85. data/lib/pangea/architectures/patterns/microservices/types.rb +84 -0
  86. data/lib/pangea/architectures/patterns/microservices.rb +52 -563
  87. data/lib/pangea/architectures/patterns/web_application/compute_tier.rb +98 -0
  88. data/lib/pangea/architectures/patterns/web_application/database_tier.rb +76 -0
  89. data/lib/pangea/architectures/patterns/web_application/load_balancer_tier.rb +81 -0
  90. data/lib/pangea/architectures/patterns/web_application/monitoring_tier.rb +97 -0
  91. data/lib/pangea/architectures/patterns/web_application/security_tier.rb +76 -0
  92. data/lib/pangea/architectures/patterns/web_application/storage_tier.rb +58 -0
  93. data/lib/pangea/architectures/patterns/web_application/types.rb +99 -0
  94. data/lib/pangea/architectures/patterns/web_application/user_data.rb +107 -0
  95. data/lib/pangea/architectures/patterns/web_application.rb +46 -507
  96. data/lib/pangea/architectures/types/base_types.rb +58 -0
  97. data/lib/pangea/architectures/types/config_schemas.rb +112 -0
  98. data/lib/pangea/architectures/types/defaults.rb +62 -0
  99. data/lib/pangea/architectures/types/validators.rb +110 -0
  100. data/lib/pangea/architectures/types.rb +17 -257
  101. data/lib/pangea/architectures/web_application_architecture/architecture/component_creation.rb +146 -0
  102. data/lib/pangea/architectures/web_application_architecture/architecture/cost_estimation.rb +71 -0
  103. data/lib/pangea/architectures/web_application_architecture/architecture/fallback_resources.rb +63 -0
  104. data/lib/pangea/architectures/web_application_architecture/architecture/helpers.rb +50 -0
  105. data/lib/pangea/architectures/web_application_architecture/architecture/outputs.rb +73 -0
  106. data/lib/pangea/architectures/web_application_architecture/architecture/resource_creation.rb +54 -0
  107. data/lib/pangea/architectures/web_application_architecture/architecture.rb +18 -454
  108. data/lib/pangea/architectures/web_application_architecture/types/cost_estimation.rb +88 -0
  109. data/lib/pangea/architectures/web_application_architecture/types/defaults.rb +90 -0
  110. data/lib/pangea/architectures/web_application_architecture/types/input_schema.rb +91 -0
  111. data/lib/pangea/architectures/web_application_architecture/types/output_schema.rb +49 -0
  112. data/lib/pangea/architectures/web_application_architecture/types/validation.rb +81 -0
  113. data/lib/pangea/architectures/web_application_architecture/types.rb +35 -260
  114. data/lib/pangea/backends/local.rb +2 -2
  115. data/lib/pangea/backends/s3/dynamodb_lock.rb +115 -0
  116. data/lib/pangea/backends/s3.rb +47 -131
  117. data/lib/pangea/cli/application/command_router.rb +129 -0
  118. data/lib/pangea/cli/application/options.rb +128 -0
  119. data/lib/pangea/cli/application.rb +55 -156
  120. data/lib/pangea/cli/commands/agent/analysis.rb +107 -0
  121. data/lib/pangea/cli/commands/agent/complexity.rb +67 -0
  122. data/lib/pangea/cli/commands/agent/cost.rb +59 -0
  123. data/lib/pangea/cli/commands/agent/dependencies.rb +63 -0
  124. data/lib/pangea/cli/commands/agent/explanation.rb +81 -0
  125. data/lib/pangea/cli/commands/agent/security.rb +69 -0
  126. data/lib/pangea/cli/commands/agent/suggestions.rb +55 -0
  127. data/lib/pangea/cli/commands/agent/validation.rb +77 -0
  128. data/lib/pangea/cli/commands/agent.rb +36 -560
  129. data/lib/pangea/cli/commands/apply.rb +93 -185
  130. data/lib/pangea/cli/commands/base_command.rb +5 -0
  131. data/lib/pangea/cli/commands/destroy.rb +130 -62
  132. data/lib/pangea/cli/commands/enhanced_plan/metrics.rb +53 -0
  133. data/lib/pangea/cli/commands/enhanced_plan/plan_generation.rb +93 -0
  134. data/lib/pangea/cli/commands/enhanced_plan/template_operations.rb +106 -0
  135. data/lib/pangea/cli/commands/enhanced_plan.rb +63 -0
  136. data/lib/pangea/cli/commands/import/import_command_generator.rb +71 -0
  137. data/lib/pangea/cli/commands/import/resource_analyzer.rb +72 -0
  138. data/lib/pangea/cli/commands/import.rb +180 -0
  139. data/lib/pangea/cli/commands/init.rb +100 -0
  140. data/lib/pangea/cli/commands/inspect/config_inspection.rb +130 -0
  141. data/lib/pangea/cli/commands/inspect/resource_inspection.rb +105 -0
  142. data/lib/pangea/cli/commands/inspect/template_analysis.rb +124 -0
  143. data/lib/pangea/cli/commands/inspect.rb +30 -372
  144. data/lib/pangea/cli/commands/plan/json_analysis.rb +179 -0
  145. data/lib/pangea/cli/commands/plan/json_formatting.rb +53 -0
  146. data/lib/pangea/cli/commands/plan/plan_output.rb +152 -0
  147. data/lib/pangea/cli/commands/plan/resource_display.rb +98 -0
  148. data/lib/pangea/cli/commands/plan.rb +81 -138
  149. data/lib/pangea/cli/commands/sync.rb +110 -0
  150. data/lib/pangea/cli/commands/template_processor.rb +116 -0
  151. data/lib/pangea/cli/commands/workspace_operations.rb +154 -0
  152. data/lib/pangea/cli/error_handler.rb +169 -0
  153. data/lib/pangea/cli/errors.rb +57 -0
  154. data/lib/pangea/cli/ui/README.md +255 -0
  155. data/lib/pangea/cli/ui/banner/operation_summary.rb +120 -0
  156. data/lib/pangea/cli/ui/banner.rb +179 -0
  157. data/lib/pangea/cli/ui/command_display/cost_estimation.rb +82 -0
  158. data/lib/pangea/cli/ui/command_display/state_display.rb +116 -0
  159. data/lib/pangea/cli/ui/command_display/value_formatters.rb +68 -0
  160. data/lib/pangea/cli/ui/command_display.rb +147 -0
  161. data/lib/pangea/cli/ui/diff/formatting.rb +65 -0
  162. data/lib/pangea/cli/ui/diff/plan_parser.rb +84 -0
  163. data/lib/pangea/cli/ui/diff.rb +115 -202
  164. data/lib/pangea/cli/ui/logger/display_helpers.rb +98 -0
  165. data/lib/pangea/cli/ui/logger/info_panels.rb +99 -0
  166. data/lib/pangea/cli/ui/logger/resource_display.rb +66 -0
  167. data/lib/pangea/cli/ui/logger/styles.rb +63 -0
  168. data/lib/pangea/cli/ui/logger.rb +47 -122
  169. data/lib/pangea/cli/ui/output_formatter/constants.rb +28 -0
  170. data/lib/pangea/cli/ui/output_formatter/display.rb +156 -0
  171. data/lib/pangea/cli/ui/output_formatter/formatting.rb +44 -0
  172. data/lib/pangea/cli/ui/output_formatter.rb +28 -0
  173. data/lib/pangea/cli/ui/plan_display/action_group_display.rb +101 -0
  174. data/lib/pangea/cli/ui/plan_display.rb +150 -0
  175. data/lib/pangea/cli/ui/progress/animations.rb +69 -0
  176. data/lib/pangea/cli/ui/progress/wrappers.rb +111 -0
  177. data/lib/pangea/cli/ui/progress.rb +15 -153
  178. data/lib/pangea/cli/ui/spinner.rb +102 -10
  179. data/lib/pangea/cli/ui/table/formatters.rb +141 -0
  180. data/lib/pangea/cli/ui/table.rb +88 -11
  181. data/lib/pangea/cli/ui/template_display/resource_extractor.rb +109 -0
  182. data/lib/pangea/cli/ui/template_display.rb +185 -0
  183. data/lib/pangea/cli/ui/visualizer/cost.rb +37 -0
  184. data/lib/pangea/cli/ui/visualizer/display.rb +98 -0
  185. data/lib/pangea/cli/ui/visualizer/graph.rb +94 -0
  186. data/lib/pangea/cli/ui/visualizer/statistics.rb +58 -0
  187. data/lib/pangea/cli/ui/visualizer.rb +41 -270
  188. data/lib/pangea/compilation/backend_injector.rb +78 -0
  189. data/lib/pangea/compilation/compilation_helpers.rb +136 -0
  190. data/lib/pangea/compilation/template_compiler.rb +56 -317
  191. data/lib/pangea/compilation/template_extractor.rb +81 -0
  192. data/lib/pangea/compilation/template_validator.rb +88 -0
  193. data/lib/pangea/compiler_server.rb +133 -0
  194. data/lib/pangea/components/api_gateway_microservices/component.rb +79 -584
  195. data/lib/pangea/components/api_gateway_microservices/cors.rb +94 -0
  196. data/lib/pangea/components/api_gateway_microservices/deployment.rb +102 -0
  197. data/lib/pangea/components/api_gateway_microservices/helpers.rb +104 -0
  198. data/lib/pangea/components/api_gateway_microservices/methods.rb +111 -0
  199. data/lib/pangea/components/api_gateway_microservices/monitoring.rb +77 -0
  200. data/lib/pangea/components/api_gateway_microservices/rate_limiting.rb +75 -0
  201. data/lib/pangea/components/api_gateway_microservices/resources.rb +155 -0
  202. data/lib/pangea/components/api_gateway_microservices/types/core.rb +63 -0
  203. data/lib/pangea/components/api_gateway_microservices/types/endpoint.rb +53 -0
  204. data/lib/pangea/components/api_gateway_microservices/types/policy.rb +59 -0
  205. data/lib/pangea/components/api_gateway_microservices/types.rb +83 -176
  206. data/lib/pangea/components/application_load_balancer/component.rb +81 -264
  207. data/lib/pangea/components/application_load_balancer/listeners.rb +139 -0
  208. data/lib/pangea/components/application_load_balancer/monitoring.rb +93 -0
  209. data/lib/pangea/components/application_load_balancer/target_groups.rb +101 -0
  210. data/lib/pangea/components/auto_scaling_web_servers/component/launch_template.rb +79 -0
  211. data/lib/pangea/components/auto_scaling_web_servers/component/lifecycle.rb +90 -0
  212. data/lib/pangea/components/auto_scaling_web_servers/component/scaling_policies.rb +152 -0
  213. data/lib/pangea/components/auto_scaling_web_servers/component.rb +49 -347
  214. data/lib/pangea/components/carbon_aware_compute/component.rb +52 -1062
  215. data/lib/pangea/components/carbon_aware_compute/modules/code_generators/executor_code.rb +137 -0
  216. data/lib/pangea/components/carbon_aware_compute/modules/code_generators/monitor_code.rb +129 -0
  217. data/lib/pangea/components/carbon_aware_compute/modules/code_generators/scheduler_code.rb +145 -0
  218. data/lib/pangea/components/carbon_aware_compute/modules/code_generators.rb +31 -0
  219. data/lib/pangea/components/carbon_aware_compute/modules/functions.rb +99 -0
  220. data/lib/pangea/components/carbon_aware_compute/modules/helpers.rb +60 -0
  221. data/lib/pangea/components/carbon_aware_compute/modules/monitoring.rb +178 -0
  222. data/lib/pangea/components/carbon_aware_compute/modules/roles.rb +113 -0
  223. data/lib/pangea/components/carbon_aware_compute/modules/schedules.rb +51 -0
  224. data/lib/pangea/components/carbon_aware_compute/modules/tables.rb +80 -0
  225. data/lib/pangea/components/disaster_recovery_pilot_light/component.rb +78 -1514
  226. data/lib/pangea/components/disaster_recovery_pilot_light/modules/automation.rb +177 -0
  227. data/lib/pangea/components/disaster_recovery_pilot_light/modules/backup.rb +132 -0
  228. data/lib/pangea/components/disaster_recovery_pilot_light/modules/code_generators/lambda_code.rb +152 -0
  229. data/lib/pangea/components/disaster_recovery_pilot_light/modules/code_generators/runbook.rb +86 -0
  230. data/lib/pangea/components/disaster_recovery_pilot_light/modules/code_generators/workflow.rb +137 -0
  231. data/lib/pangea/components/disaster_recovery_pilot_light/modules/code_generators.rb +31 -0
  232. data/lib/pangea/components/disaster_recovery_pilot_light/modules/compliance.rb +86 -0
  233. data/lib/pangea/components/disaster_recovery_pilot_light/modules/dr_region.rb +167 -0
  234. data/lib/pangea/components/disaster_recovery_pilot_light/modules/helpers.rb +164 -0
  235. data/lib/pangea/components/disaster_recovery_pilot_light/modules/monitoring/alarms.rb +79 -0
  236. data/lib/pangea/components/disaster_recovery_pilot_light/modules/monitoring/dashboards.rb +167 -0
  237. data/lib/pangea/components/disaster_recovery_pilot_light/modules/monitoring.rb +55 -0
  238. data/lib/pangea/components/disaster_recovery_pilot_light/modules/networking.rb +94 -0
  239. data/lib/pangea/components/disaster_recovery_pilot_light/modules/primary_region.rb +134 -0
  240. data/lib/pangea/components/disaster_recovery_pilot_light/modules/replication/database.rb +103 -0
  241. data/lib/pangea/components/disaster_recovery_pilot_light/modules/replication/efs.rb +45 -0
  242. data/lib/pangea/components/disaster_recovery_pilot_light/modules/replication/s3.rb +120 -0
  243. data/lib/pangea/components/disaster_recovery_pilot_light/modules/replication.rb +61 -0
  244. data/lib/pangea/components/disaster_recovery_pilot_light/modules/testing.rb +93 -0
  245. data/lib/pangea/components/disaster_recovery_pilot_light/types/data_configs.rb +50 -0
  246. data/lib/pangea/components/disaster_recovery_pilot_light/types/operational_configs.rb +50 -0
  247. data/lib/pangea/components/disaster_recovery_pilot_light/types/optimization_configs.rb +63 -0
  248. data/lib/pangea/components/disaster_recovery_pilot_light/types/region_configs.rb +50 -0
  249. data/lib/pangea/components/disaster_recovery_pilot_light/types.rb +38 -140
  250. data/lib/pangea/components/event_driven_microservice/api_gateway.rb +25 -0
  251. data/lib/pangea/components/event_driven_microservice/component.rb +56 -626
  252. data/lib/pangea/components/event_driven_microservice/event_sources.rb +113 -0
  253. data/lib/pangea/components/event_driven_microservice/functions.rb +91 -0
  254. data/lib/pangea/components/event_driven_microservice/helpers.rb +90 -0
  255. data/lib/pangea/components/event_driven_microservice/iam.rb +117 -0
  256. data/lib/pangea/components/event_driven_microservice/monitoring.rb +191 -0
  257. data/lib/pangea/components/event_driven_microservice/storage.rb +126 -0
  258. data/lib/pangea/components/event_driven_microservice/types/cqrs_config.rb +37 -0
  259. data/lib/pangea/components/event_driven_microservice/types/event_replay_config.rb +36 -0
  260. data/lib/pangea/components/event_driven_microservice/types/event_source.rb +42 -0
  261. data/lib/pangea/components/event_driven_microservice/types/event_store_config.rb +40 -0
  262. data/lib/pangea/components/event_driven_microservice/types/function_config.rb +40 -0
  263. data/lib/pangea/components/event_driven_microservice/types/monitoring_config.rb +37 -0
  264. data/lib/pangea/components/event_driven_microservice/types/saga_config.rb +37 -0
  265. data/lib/pangea/components/event_driven_microservice/types.rb +35 -112
  266. data/lib/pangea/components/examples/enterprise_application.rb +166 -0
  267. data/lib/pangea/components/examples/three_tier_web_application.rb +159 -0
  268. data/lib/pangea/components/examples.rb +7 -492
  269. data/lib/pangea/components/global_service_mesh/component.rb +94 -1271
  270. data/lib/pangea/components/global_service_mesh/modules/connectivity.rb +133 -0
  271. data/lib/pangea/components/global_service_mesh/modules/gateways.rb +197 -0
  272. data/lib/pangea/components/global_service_mesh/modules/helpers.rb +172 -0
  273. data/lib/pangea/components/global_service_mesh/modules/mesh_components.rb +126 -0
  274. data/lib/pangea/components/global_service_mesh/modules/observability.rb +106 -0
  275. data/lib/pangea/components/global_service_mesh/modules/regional_mesh.rb +109 -0
  276. data/lib/pangea/components/global_service_mesh/modules/resilience.rb +116 -0
  277. data/lib/pangea/components/global_service_mesh/modules/security.rb +125 -0
  278. data/lib/pangea/components/global_service_mesh/types/infrastructure_types.rb +49 -0
  279. data/lib/pangea/components/global_service_mesh/types/operational_types.rb +49 -0
  280. data/lib/pangea/components/global_service_mesh/types/policy_types.rb +63 -0
  281. data/lib/pangea/components/global_service_mesh/types/service_types.rb +52 -0
  282. data/lib/pangea/components/global_service_mesh/types.rb +59 -206
  283. data/lib/pangea/components/global_traffic_manager/component.rb +86 -1111
  284. data/lib/pangea/components/global_traffic_manager/modules/accelerator.rb +112 -0
  285. data/lib/pangea/components/global_traffic_manager/modules/advanced_routing.rb +85 -0
  286. data/lib/pangea/components/global_traffic_manager/modules/cloudfront.rb +188 -0
  287. data/lib/pangea/components/global_traffic_manager/modules/edge_functions.rb +56 -0
  288. data/lib/pangea/components/global_traffic_manager/modules/health_checks.rb +77 -0
  289. data/lib/pangea/components/global_traffic_manager/modules/helpers.rb +164 -0
  290. data/lib/pangea/components/global_traffic_manager/modules/monitoring.rb +180 -0
  291. data/lib/pangea/components/global_traffic_manager/modules/routing.rb +168 -0
  292. data/lib/pangea/components/global_traffic_manager/modules/security.rb +152 -0
  293. data/lib/pangea/components/global_traffic_manager/modules/synthetic.rb +70 -0
  294. data/lib/pangea/components/global_traffic_manager/types/advanced_routing_config.rb +36 -0
  295. data/lib/pangea/components/global_traffic_manager/types/cloudfront_config.rb +38 -0
  296. data/lib/pangea/components/global_traffic_manager/types/endpoint_config.rb +39 -0
  297. data/lib/pangea/components/global_traffic_manager/types/geo_routing_config.rb +35 -0
  298. data/lib/pangea/components/global_traffic_manager/types/observability_config.rb +38 -0
  299. data/lib/pangea/components/global_traffic_manager/types/performance_config.rb +36 -0
  300. data/lib/pangea/components/global_traffic_manager/types/security_config.rb +38 -0
  301. data/lib/pangea/components/global_traffic_manager/types/traffic_policy_config.rb +40 -0
  302. data/lib/pangea/components/global_traffic_manager/types/validators.rb +158 -0
  303. data/lib/pangea/components/global_traffic_manager/types.rb +27 -223
  304. data/lib/pangea/components/green_data_lifecycle/component.rb +80 -1343
  305. data/lib/pangea/components/green_data_lifecycle/modules/code_generators/access_analyzer_code.rb +159 -0
  306. data/lib/pangea/components/green_data_lifecycle/modules/code_generators/carbon_optimizer_code.rb +170 -0
  307. data/lib/pangea/components/green_data_lifecycle/modules/code_generators/lifecycle_manager_code.rb +169 -0
  308. data/lib/pangea/components/green_data_lifecycle/modules/code_generators.rb +31 -0
  309. data/lib/pangea/components/green_data_lifecycle/modules/functions.rb +97 -0
  310. data/lib/pangea/components/green_data_lifecycle/modules/glacier.rb +58 -0
  311. data/lib/pangea/components/green_data_lifecycle/modules/helpers.rb +40 -0
  312. data/lib/pangea/components/green_data_lifecycle/modules/inventory.rb +57 -0
  313. data/lib/pangea/components/green_data_lifecycle/modules/lifecycle.rb +158 -0
  314. data/lib/pangea/components/green_data_lifecycle/modules/monitoring.rb +180 -0
  315. data/lib/pangea/components/green_data_lifecycle/modules/roles.rb +107 -0
  316. data/lib/pangea/components/green_data_lifecycle/modules/storage.rb +47 -0
  317. data/lib/pangea/components/microservice_deployment/component/autoscaling.rb +67 -0
  318. data/lib/pangea/components/microservice_deployment/component/container_definitions.rb +73 -0
  319. data/lib/pangea/components/microservice_deployment/component/logging.rb +28 -0
  320. data/lib/pangea/components/microservice_deployment/component/monitoring.rb +66 -0
  321. data/lib/pangea/components/microservice_deployment/component/outputs.rb +66 -0
  322. data/lib/pangea/components/microservice_deployment/component/service.rb +87 -0
  323. data/lib/pangea/components/microservice_deployment/component.rb +41 -419
  324. data/lib/pangea/components/microservice_deployment/types/auto_scaling_config.rb +36 -0
  325. data/lib/pangea/components/microservice_deployment/types/circuit_breaker_config.rb +33 -0
  326. data/lib/pangea/components/microservice_deployment/types/container_definition.rb +43 -0
  327. data/lib/pangea/components/microservice_deployment/types/health_check_config.rb +35 -0
  328. data/lib/pangea/components/microservice_deployment/types/service_discovery_config.rb +41 -0
  329. data/lib/pangea/components/microservice_deployment/types/tracing_config.rb +34 -0
  330. data/lib/pangea/components/microservice_deployment/types.rb +75 -146
  331. data/lib/pangea/components/microservices_examples/platform.rb +91 -0
  332. data/lib/pangea/components/microservices_examples/saga.rb +49 -0
  333. data/lib/pangea/components/microservices_examples.rb +7 -435
  334. data/lib/pangea/components/multi_region_active_active/component.rb +110 -1164
  335. data/lib/pangea/components/multi_region_active_active/modules/applications.rb +117 -0
  336. data/lib/pangea/components/multi_region_active_active/modules/aurora.rb +121 -0
  337. data/lib/pangea/components/multi_region_active_active/modules/chaos.rb +103 -0
  338. data/lib/pangea/components/multi_region_active_active/modules/dynamodb.rb +77 -0
  339. data/lib/pangea/components/multi_region_active_active/modules/helpers.rb +193 -0
  340. data/lib/pangea/components/multi_region_active_active/modules/monitoring.rb +113 -0
  341. data/lib/pangea/components/multi_region_active_active/modules/networking.rb +134 -0
  342. data/lib/pangea/components/multi_region_active_active/modules/routing.rb +185 -0
  343. data/lib/pangea/components/multi_region_active_active/types/application_config.rb +38 -0
  344. data/lib/pangea/components/multi_region_active_active/types/consistency_config.rb +36 -0
  345. data/lib/pangea/components/multi_region_active_active/types/cost_config.rb +35 -0
  346. data/lib/pangea/components/multi_region_active_active/types/database_config.rb +37 -0
  347. data/lib/pangea/components/multi_region_active_active/types/failover_config.rb +37 -0
  348. data/lib/pangea/components/multi_region_active_active/types/monitoring_config.rb +37 -0
  349. data/lib/pangea/components/multi_region_active_active/types/region_config.rb +37 -0
  350. data/lib/pangea/components/multi_region_active_active/types/routing_config.rb +35 -0
  351. data/lib/pangea/components/multi_region_active_active/types/validators.rb +139 -0
  352. data/lib/pangea/components/multi_region_active_active/types.rb +28 -192
  353. data/lib/pangea/components/mysql_database/component/database.rb +167 -0
  354. data/lib/pangea/components/mysql_database/component/helpers.rb +105 -0
  355. data/lib/pangea/components/mysql_database/component/monitoring.rb +126 -0
  356. data/lib/pangea/components/mysql_database/component.rb +33 -295
  357. data/lib/pangea/components/public_private_subnets/component/outputs.rb +49 -0
  358. data/lib/pangea/components/public_private_subnets/component/routing/nat_gateways.rb +89 -0
  359. data/lib/pangea/components/public_private_subnets/component/routing.rb +145 -0
  360. data/lib/pangea/components/public_private_subnets/component/subnets.rb +70 -0
  361. data/lib/pangea/components/public_private_subnets/component.rb +47 -341
  362. data/lib/pangea/components/secure_s3_bucket/component/bucket_config.rb +51 -0
  363. data/lib/pangea/components/secure_s3_bucket/component/features.rb +75 -0
  364. data/lib/pangea/components/secure_s3_bucket/component/monitoring.rb +65 -0
  365. data/lib/pangea/components/secure_s3_bucket/component/outputs.rb +58 -0
  366. data/lib/pangea/components/secure_s3_bucket/component.rb +39 -421
  367. data/lib/pangea/components/secure_s3_bucket/types/bucket_configs.rb +51 -0
  368. data/lib/pangea/components/secure_s3_bucket/types/feature_configs.rb +60 -0
  369. data/lib/pangea/components/secure_s3_bucket/types/lifecycle_rule.rb +59 -0
  370. data/lib/pangea/components/secure_s3_bucket/types/monitoring_configs.rb +57 -0
  371. data/lib/pangea/components/secure_s3_bucket/types.rb +38 -168
  372. data/lib/pangea/components/service_mesh_observability/alerting.rb +165 -0
  373. data/lib/pangea/components/service_mesh_observability/anomaly.rb +51 -0
  374. data/lib/pangea/components/service_mesh_observability/component.rb +50 -567
  375. data/lib/pangea/components/service_mesh_observability/dashboard.rb +144 -0
  376. data/lib/pangea/components/service_mesh_observability/helpers.rb +92 -0
  377. data/lib/pangea/components/service_mesh_observability/logging.rb +73 -0
  378. data/lib/pangea/components/service_mesh_observability/types/dashboard_widget.rb +35 -0
  379. data/lib/pangea/components/service_mesh_observability/types/observability_configs.rb +57 -0
  380. data/lib/pangea/components/service_mesh_observability/types/operational_configs.rb +46 -0
  381. data/lib/pangea/components/service_mesh_observability/types/service_config.rb +37 -0
  382. data/lib/pangea/components/service_mesh_observability/types.rb +39 -129
  383. data/lib/pangea/components/service_mesh_observability/xray.rb +64 -0
  384. data/lib/pangea/components/siem_security_platform/component.rb +60 -2827
  385. data/lib/pangea/components/siem_security_platform/modules/helpers.rb +87 -0
  386. data/lib/pangea/components/siem_security_platform/modules/incident_response/branches.rb +78 -0
  387. data/lib/pangea/components/siem_security_platform/modules/incident_response/lambdas.rb +200 -0
  388. data/lib/pangea/components/siem_security_platform/modules/incident_response/state_machine.rb +157 -0
  389. data/lib/pangea/components/siem_security_platform/modules/incident_response.rb +84 -0
  390. data/lib/pangea/components/siem_security_platform/modules/ingestion/firehose_config.rb +84 -0
  391. data/lib/pangea/components/siem_security_platform/modules/ingestion/iam_policies.rb +109 -0
  392. data/lib/pangea/components/siem_security_platform/modules/ingestion.rb +85 -0
  393. data/lib/pangea/components/siem_security_platform/modules/integrations.rb +193 -0
  394. data/lib/pangea/components/siem_security_platform/modules/monitoring.rb +154 -0
  395. data/lib/pangea/components/siem_security_platform/modules/processing/code_generators.rb +159 -0
  396. data/lib/pangea/components/siem_security_platform/modules/processing.rb +181 -0
  397. data/lib/pangea/components/siem_security_platform/modules/security.rb +107 -0
  398. data/lib/pangea/components/siem_security_platform/modules/storage.rb +197 -0
  399. data/lib/pangea/components/siem_security_platform/modules/threat_detection.rb +135 -0
  400. data/lib/pangea/components/siem_security_platform/types/detection_configs.rb +73 -0
  401. data/lib/pangea/components/siem_security_platform/types/log_collection_configs.rb +55 -0
  402. data/lib/pangea/components/siem_security_platform/types/opensearch_config.rb +48 -0
  403. data/lib/pangea/components/siem_security_platform/types/operational_configs.rb +69 -0
  404. data/lib/pangea/components/siem_security_platform/types/response_configs.rb +68 -0
  405. data/lib/pangea/components/siem_security_platform/types/security_configs.rb +49 -0
  406. data/lib/pangea/components/siem_security_platform/types.rb +36 -174
  407. data/lib/pangea/components/spot_instance_carbon_optimizer/component.rb +54 -1560
  408. data/lib/pangea/components/spot_instance_carbon_optimizer/modules/code_generators/carbon_monitor.rb +156 -0
  409. data/lib/pangea/components/spot_instance_carbon_optimizer/modules/code_generators/fleet_optimizer.rb +148 -0
  410. data/lib/pangea/components/spot_instance_carbon_optimizer/modules/code_generators/migration_orchestrator.rb +200 -0
  411. data/lib/pangea/components/spot_instance_carbon_optimizer/modules/code_generators.rb +31 -0
  412. data/lib/pangea/components/spot_instance_carbon_optimizer/modules/fleets.rb +112 -0
  413. data/lib/pangea/components/spot_instance_carbon_optimizer/modules/functions.rb +103 -0
  414. data/lib/pangea/components/spot_instance_carbon_optimizer/modules/helpers.rb +97 -0
  415. data/lib/pangea/components/spot_instance_carbon_optimizer/modules/monitoring.rb +180 -0
  416. data/lib/pangea/components/spot_instance_carbon_optimizer/modules/roles.rb +114 -0
  417. data/lib/pangea/components/spot_instance_carbon_optimizer/modules/schedules.rb +68 -0
  418. data/lib/pangea/components/spot_instance_carbon_optimizer/modules/tables.rb +99 -0
  419. data/lib/pangea/components/spot_instance_carbon_optimizer/types/enums.rb +51 -0
  420. data/lib/pangea/components/spot_instance_carbon_optimizer/types/input.rb +109 -0
  421. data/lib/pangea/components/spot_instance_carbon_optimizer/types/output.rb +68 -0
  422. data/lib/pangea/components/spot_instance_carbon_optimizer/types.rb +6 -156
  423. data/lib/pangea/components/sustainable_ml_training/component.rb +52 -1676
  424. data/lib/pangea/components/sustainable_ml_training/modules/code_generators/carbon_scheduler.rb +151 -0
  425. data/lib/pangea/components/sustainable_ml_training/modules/code_generators/efficiency_monitor.rb +141 -0
  426. data/lib/pangea/components/sustainable_ml_training/modules/code_generators/training_optimizer.rb +151 -0
  427. data/lib/pangea/components/sustainable_ml_training/modules/code_generators.rb +31 -0
  428. data/lib/pangea/components/sustainable_ml_training/modules/compute.rb +98 -0
  429. data/lib/pangea/components/sustainable_ml_training/modules/functions.rb +101 -0
  430. data/lib/pangea/components/sustainable_ml_training/modules/helpers.rb +100 -0
  431. data/lib/pangea/components/sustainable_ml_training/modules/monitoring.rb +195 -0
  432. data/lib/pangea/components/sustainable_ml_training/modules/roles.rb +127 -0
  433. data/lib/pangea/components/sustainable_ml_training/modules/storage.rb +85 -0
  434. data/lib/pangea/components/sustainable_ml_training/modules/tables.rb +71 -0
  435. data/lib/pangea/components/sustainable_ml_training/modules/training.rb +83 -0
  436. data/lib/pangea/components/sustainable_ml_training/types/constants.rb +42 -0
  437. data/lib/pangea/components/sustainable_ml_training/types/enums.rb +56 -0
  438. data/lib/pangea/components/sustainable_ml_training/types/validations.rb +63 -0
  439. data/lib/pangea/components/sustainable_ml_training/types.rb +32 -94
  440. data/lib/pangea/components/threat_intelligence_platform/types/correlation_rule.rb +38 -0
  441. data/lib/pangea/components/threat_intelligence_platform/types/enrichment_source.rb +35 -0
  442. data/lib/pangea/components/threat_intelligence_platform/types/threat_feed.rb +37 -0
  443. data/lib/pangea/components/threat_intelligence_platform/types/threat_source.rb +48 -0
  444. data/lib/pangea/components/threat_intelligence_platform/types.rb +23 -69
  445. data/lib/pangea/components/web_security_group/component.rb +19 -103
  446. data/lib/pangea/components/web_security_group/rules.rb +136 -0
  447. data/lib/pangea/components/web_security_group/types/port_methods.rb +58 -0
  448. data/lib/pangea/components/web_security_group/types/rules_summary.rb +130 -0
  449. data/lib/pangea/components/web_security_group/types/security_analysis.rb +79 -0
  450. data/lib/pangea/components/web_security_group/types/validation.rb +67 -0
  451. data/lib/pangea/components/web_security_group/types.rb +12 -207
  452. data/lib/pangea/components/web_tier_subnets/component/outputs.rb +70 -0
  453. data/lib/pangea/components/web_tier_subnets/component.rb +7 -54
  454. data/lib/pangea/components/zero_trust_network/audit.rb +61 -0
  455. data/lib/pangea/components/zero_trust_network/compliance.rb +65 -0
  456. data/lib/pangea/components/zero_trust_network/component.rb +108 -608
  457. data/lib/pangea/components/zero_trust_network/endpoints.rb +46 -0
  458. data/lib/pangea/components/zero_trust_network/monitoring.rb +75 -0
  459. data/lib/pangea/components/zero_trust_network/networking.rb +43 -0
  460. data/lib/pangea/components/zero_trust_network/policies.rb +70 -0
  461. data/lib/pangea/components/zero_trust_network/security_automation.rb +130 -0
  462. data/lib/pangea/components/zero_trust_network/segments.rb +59 -0
  463. data/lib/pangea/components/zero_trust_network/threat_detection.rb +87 -0
  464. data/lib/pangea/configuration/config_loader.rb +86 -0
  465. data/lib/pangea/configuration/defaults.rb +58 -0
  466. data/lib/pangea/configuration/namespace_manager.rb +95 -0
  467. data/lib/pangea/configuration/types/backends.rb +95 -0
  468. data/lib/pangea/configuration/types/base.rb +33 -0
  469. data/lib/pangea/configuration/types/configuration_schema.rb +105 -0
  470. data/lib/pangea/configuration/types/settings.rb +56 -0
  471. data/lib/pangea/configuration/types/state.rb +91 -0
  472. data/lib/pangea/configuration/types.rb +6 -279
  473. data/lib/pangea/configuration.rb +28 -167
  474. data/lib/pangea/entities/namespace.rb +9 -1
  475. data/lib/pangea/errors.rb +76 -10
  476. data/lib/pangea/execution/terraform_command_builder.rb +87 -0
  477. data/lib/pangea/execution/terraform_command_executor.rb +152 -0
  478. data/lib/pangea/execution/terraform_executor.rb +58 -189
  479. data/lib/pangea/execution/terraform_operations.rb +91 -0
  480. data/lib/pangea/execution/terraform_output_parser.rb +129 -0
  481. data/lib/pangea/execution/terraform_retry.rb +99 -0
  482. data/lib/pangea/logging/formatters.rb +92 -0
  483. data/lib/pangea/logging/structured_logger.rb +195 -0
  484. data/lib/pangea/logging.rb +22 -0
  485. data/lib/pangea/resources/aws/cloudformation/types/stack_instances_attributes.rb +91 -0
  486. data/lib/pangea/resources/aws/cloudformation/types/stack_set_attributes.rb +150 -0
  487. data/lib/pangea/resources/aws/cloudformation/types/stack_set_instance_attributes.rb +96 -0
  488. data/lib/pangea/resources/aws/cloudformation/types/type_attributes.rb +102 -0
  489. data/lib/pangea/resources/aws/cloudformation/types.rb +15 -274
  490. data/lib/pangea/resources/aws/comprehendmedical/jobs/entities_detection_v2_job.rb +58 -0
  491. data/lib/pangea/resources/aws/comprehendmedical/jobs/icd10_cm_inference_job.rb +58 -0
  492. data/lib/pangea/resources/aws/comprehendmedical/jobs/job_builder.rb +77 -0
  493. data/lib/pangea/resources/aws/comprehendmedical/jobs/phi_detection_job.rb +58 -0
  494. data/lib/pangea/resources/aws/comprehendmedical/jobs/rx_norm_inference_job.rb +58 -0
  495. data/lib/pangea/resources/aws/comprehendmedical/jobs/snomed_ct_inference_job.rb +58 -0
  496. data/lib/pangea/resources/aws/comprehendmedical/jobs.rb +14 -290
  497. data/lib/pangea/resources/aws/ec2/access_control.rb +72 -0
  498. data/lib/pangea/resources/aws/ec2/account_settings.rb +57 -0
  499. data/lib/pangea/resources/aws/ec2/capacity.rb +87 -0
  500. data/lib/pangea/resources/aws/ec2/host.rb +57 -0
  501. data/lib/pangea/resources/aws/ec2/spot.rb +72 -0
  502. data/lib/pangea/resources/aws/ec2/transit_gateway_multicast.rb +72 -0
  503. data/lib/pangea/resources/aws/ec2.rb +25 -256
  504. data/lib/pangea/resources/aws/elasticache_extended.disabled/reserved_cache_node.rb +1 -1
  505. data/lib/pangea/resources/aws/elasticache_extended.disabled/serverless_cache.rb +3 -3
  506. data/lib/pangea/resources/aws/elasticache_extended.disabled/user_group.rb +1 -1
  507. data/lib/pangea/resources/aws/frauddetector/detector.rb +12 -190
  508. data/lib/pangea/resources/aws/frauddetector/entity_type.rb +65 -0
  509. data/lib/pangea/resources/aws/frauddetector/event_type.rb +84 -0
  510. data/lib/pangea/resources/aws/frauddetector/outcome.rb +66 -0
  511. data/lib/pangea/resources/aws/frauddetector/variable.rb +77 -0
  512. data/lib/pangea/resources/aws/gamelift/attributes.rb +104 -0
  513. data/lib/pangea/resources/aws/gamelift.rb +19 -98
  514. data/lib/pangea/resources/aws/gamesparks/types.rb +87 -0
  515. data/lib/pangea/resources/aws/gamesparks.rb +10 -103
  516. data/lib/pangea/resources/aws/healthlake/fhir_datastore.rb +4 -108
  517. data/lib/pangea/resources/aws/healthlake/fhir_export_job.rb +76 -0
  518. data/lib/pangea/resources/aws/healthlake/fhir_import_job.rb +82 -0
  519. data/lib/pangea/resources/aws/healthlake.rb +4 -0
  520. data/lib/pangea/resources/aws/load_balancing/classic_elb_dsl.rb +146 -0
  521. data/lib/pangea/resources/aws/load_balancing/modules/attachments.rb +65 -0
  522. data/lib/pangea/resources/aws/load_balancing/modules/policies.rb +85 -0
  523. data/lib/pangea/resources/aws/load_balancing/modules/trust_stores.rb +45 -0
  524. data/lib/pangea/resources/aws/load_balancing.rb +4 -122
  525. data/lib/pangea/resources/aws/lookout/equipment/dataset.rb +85 -0
  526. data/lib/pangea/resources/aws/lookout/equipment/inference_scheduler.rb +103 -0
  527. data/lib/pangea/resources/aws/lookout/equipment/model.rb +90 -0
  528. data/lib/pangea/resources/aws/lookout/equipment.rb +7 -197
  529. data/lib/pangea/resources/aws/opensearch.disabled/package.rb +1 -1
  530. data/lib/pangea/resources/aws/opensearch.disabled/serverless_collection.rb +1 -1
  531. data/lib/pangea/resources/aws/sfn_extended.disabled/activity.rb +1 -1
  532. data/lib/pangea/resources/aws/sumerian/attributes.rb +93 -0
  533. data/lib/pangea/resources/aws/sumerian.rb +14 -82
  534. data/lib/pangea/resources/aws/vpc/functions/defaults.rb +87 -0
  535. data/lib/pangea/resources/aws/vpc/functions/endpoints.rb +102 -0
  536. data/lib/pangea/resources/aws/vpc.rb +6 -136
  537. data/lib/pangea/resources/aws_acmpca_certificate_authority/types/attributes.rb +93 -0
  538. data/lib/pangea/resources/aws_acmpca_certificate_authority/types/helpers.rb +118 -0
  539. data/lib/pangea/resources/aws_acmpca_certificate_authority/types/templates.rb +140 -0
  540. data/lib/pangea/resources/aws_acmpca_certificate_authority/types/validators.rb +70 -0
  541. data/lib/pangea/resources/aws_acmpca_certificate_authority/types.rb +5 -328
  542. data/lib/pangea/resources/aws_alb_target_group_attachment/types.rb +1 -1
  543. data/lib/pangea/resources/aws_ami/types.rb +1 -1
  544. data/lib/pangea/resources/aws_api_gateway_api_key/types/configs.rb +125 -0
  545. data/lib/pangea/resources/aws_api_gateway_api_key/types.rb +96 -198
  546. data/lib/pangea/resources/aws_api_gateway_integration/types/factory_methods.rb +99 -0
  547. data/lib/pangea/resources/aws_api_gateway_integration/types/predicates.rb +57 -0
  548. data/lib/pangea/resources/aws_api_gateway_integration/types/uri_helpers.rb +58 -0
  549. data/lib/pangea/resources/aws_api_gateway_integration/types/validators.rb +98 -0
  550. data/lib/pangea/resources/aws_api_gateway_integration/types.rb +43 -202
  551. data/lib/pangea/resources/aws_api_gateway_rest_api/types.rb +1 -1
  552. data/lib/pangea/resources/aws_api_gateway_stage/resource/helpers/basic.rb +67 -0
  553. data/lib/pangea/resources/aws_api_gateway_stage/resource/helpers/configuration.rb +132 -0
  554. data/lib/pangea/resources/aws_api_gateway_stage/resource/helpers/method_settings.rb +88 -0
  555. data/lib/pangea/resources/aws_api_gateway_stage/resource/helpers.rb +47 -0
  556. data/lib/pangea/resources/aws_api_gateway_stage/resource/main.rb +127 -0
  557. data/lib/pangea/resources/aws_api_gateway_stage/resource.rb +13 -298
  558. data/lib/pangea/resources/aws_api_gateway_stage/types/helpers.rb +75 -0
  559. data/lib/pangea/resources/aws_api_gateway_stage/types/validators.rb +133 -0
  560. data/lib/pangea/resources/aws_api_gateway_stage/types.rb +36 -143
  561. data/lib/pangea/resources/aws_api_gateway_usage_plan/types/attributes.rb +64 -0
  562. data/lib/pangea/resources/aws_api_gateway_usage_plan/types/configs.rb +81 -0
  563. data/lib/pangea/resources/aws_api_gateway_usage_plan/types/helpers.rb +103 -0
  564. data/lib/pangea/resources/aws_api_gateway_usage_plan/types/settings.rb +53 -0
  565. data/lib/pangea/resources/aws_api_gateway_usage_plan/types/validation.rb +80 -0
  566. data/lib/pangea/resources/aws_api_gateway_usage_plan/types.rb +7 -295
  567. data/lib/pangea/resources/aws_appstream_fleet/types/attributes.rb +80 -0
  568. data/lib/pangea/resources/aws_appstream_fleet/types/cost_estimation.rb +54 -0
  569. data/lib/pangea/resources/aws_appstream_fleet/types/nested_types.rb +82 -0
  570. data/lib/pangea/resources/aws_appstream_fleet/types.rb +4 -218
  571. data/lib/pangea/resources/aws_athena_named_query/types/query_analysis.rb +148 -0
  572. data/lib/pangea/resources/aws_athena_named_query/types/query_templates.rb +88 -0
  573. data/lib/pangea/resources/aws_athena_named_query/types.rb +40 -208
  574. data/lib/pangea/resources/aws_athena_workgroup/types/attributes.rb +101 -0
  575. data/lib/pangea/resources/aws_athena_workgroup/types/class_methods.rb +102 -0
  576. data/lib/pangea/resources/aws_athena_workgroup/types/instance_methods.rb +104 -0
  577. data/lib/pangea/resources/aws_athena_workgroup/types/validation.rb +56 -0
  578. data/lib/pangea/resources/aws_athena_workgroup/types.rb +5 -235
  579. data/lib/pangea/resources/aws_autoscaling_group/types/auto_scaling_tag.rb +42 -0
  580. data/lib/pangea/resources/aws_autoscaling_group/types/instance_refresh_preferences.rb +39 -0
  581. data/lib/pangea/resources/aws_autoscaling_group/types/launch_template_specification.rb +57 -0
  582. data/lib/pangea/resources/aws_autoscaling_group/types.rb +90 -141
  583. data/lib/pangea/resources/aws_autoscaling_group_tag/types.rb +1 -1
  584. data/lib/pangea/resources/aws_autoscaling_lifecycle_hook/types.rb +1 -1
  585. data/lib/pangea/resources/aws_autoscaling_notification/types.rb +1 -1
  586. data/lib/pangea/resources/aws_autoscaling_policy/types/predictive_scaling_configuration.rb +42 -0
  587. data/lib/pangea/resources/aws_autoscaling_policy/types/step_adjustment.rb +38 -0
  588. data/lib/pangea/resources/aws_autoscaling_policy/types/target_tracking_configuration.rb +89 -0
  589. data/lib/pangea/resources/aws_autoscaling_policy/types.rb +88 -151
  590. data/lib/pangea/resources/aws_autoscaling_policy_step_adjustment/types.rb +1 -1
  591. data/lib/pangea/resources/aws_autoscaling_policy_target_tracking_scaling_policy/types.rb +1 -1
  592. data/lib/pangea/resources/aws_autoscaling_schedule/types.rb +1 -1
  593. data/lib/pangea/resources/aws_autoscaling_tag/types/tag_queries.rb +121 -0
  594. data/lib/pangea/resources/aws_autoscaling_tag/types/tag_specification.rb +42 -0
  595. data/lib/pangea/resources/aws_autoscaling_tag/types/tag_validator.rb +103 -0
  596. data/lib/pangea/resources/aws_autoscaling_tag/types.rb +13 -186
  597. data/lib/pangea/resources/aws_autoscaling_traffic_source_attachment/types.rb +1 -1
  598. data/lib/pangea/resources/aws_autoscaling_warm_pool/types.rb +1 -1
  599. data/lib/pangea/resources/aws_batch_compute_environment/types/attributes.rb +88 -0
  600. data/lib/pangea/resources/aws_batch_compute_environment/types/helpers.rb +54 -0
  601. data/lib/pangea/resources/aws_batch_compute_environment/types/templates.rb +153 -0
  602. data/lib/pangea/resources/aws_batch_compute_environment/types/validators.rb +144 -0
  603. data/lib/pangea/resources/aws_batch_compute_environment/types.rb +5 -314
  604. data/lib/pangea/resources/aws_batch_job_definition/resource.rb +21 -189
  605. data/lib/pangea/resources/aws_batch_job_definition/synthesis/synthesizer.rb +144 -0
  606. data/lib/pangea/resources/aws_batch_job_definition/types/computed.rb +60 -0
  607. data/lib/pangea/resources/aws_batch_job_definition/types/configurations.rb +75 -0
  608. data/lib/pangea/resources/aws_batch_job_definition/types/templates.rb +156 -0
  609. data/lib/pangea/resources/aws_batch_job_definition/types/validation.rb +154 -0
  610. data/lib/pangea/resources/aws_batch_job_definition/types.rb +31 -502
  611. data/lib/pangea/resources/aws_batch_job_queue/types/attributes.rb +75 -0
  612. data/lib/pangea/resources/aws_batch_job_queue/types/templates.rb +132 -0
  613. data/lib/pangea/resources/aws_batch_job_queue/types.rb +6 -359
  614. data/lib/pangea/resources/aws_blockchain_query/types/attributes.rb +75 -0
  615. data/lib/pangea/resources/aws_blockchain_query/types/helpers.rb +187 -0
  616. data/lib/pangea/resources/aws_blockchain_query/types/validators.rb +95 -0
  617. data/lib/pangea/resources/aws_blockchain_query/types.rb +4 -324
  618. data/lib/pangea/resources/aws_blockchain_token_balance/types/attributes.rb +71 -0
  619. data/lib/pangea/resources/aws_blockchain_token_balance/types/network_helpers.rb +83 -0
  620. data/lib/pangea/resources/aws_blockchain_token_balance/types/query_helpers.rb +94 -0
  621. data/lib/pangea/resources/aws_blockchain_token_balance/types/token_helpers.rb +89 -0
  622. data/lib/pangea/resources/aws_blockchain_token_balance/types/validation.rb +86 -0
  623. data/lib/pangea/resources/aws_blockchain_token_balance/types.rb +6 -302
  624. data/lib/pangea/resources/aws_braket_device/types/helpers.rb +113 -0
  625. data/lib/pangea/resources/aws_braket_device/types/validations.rb +80 -0
  626. data/lib/pangea/resources/aws_braket_device/types.rb +73 -203
  627. data/lib/pangea/resources/aws_braket_device_capabilities/types/capability_support.rb +60 -0
  628. data/lib/pangea/resources/aws_braket_device_capabilities/types/device_classification.rb +66 -0
  629. data/lib/pangea/resources/aws_braket_device_capabilities/types/device_specs.rb +93 -0
  630. data/lib/pangea/resources/aws_braket_device_capabilities/types/execution_params.rb +60 -0
  631. data/lib/pangea/resources/aws_braket_device_capabilities/types.rb +47 -220
  632. data/lib/pangea/resources/aws_braket_job/types/attributes.rb +81 -0
  633. data/lib/pangea/resources/aws_braket_job/types/constants.rb +43 -0
  634. data/lib/pangea/resources/aws_braket_job/types/instance_methods.rb +71 -0
  635. data/lib/pangea/resources/aws_braket_job/types/validation.rb +69 -0
  636. data/lib/pangea/resources/aws_braket_job/types.rb +5 -260
  637. data/lib/pangea/resources/aws_braket_job_queue/types/cost_estimation.rb +64 -0
  638. data/lib/pangea/resources/aws_braket_job_queue/types/helpers.rb +100 -0
  639. data/lib/pangea/resources/aws_braket_job_queue/types/validators.rb +72 -0
  640. data/lib/pangea/resources/aws_braket_job_queue/types.rb +46 -206
  641. data/lib/pangea/resources/aws_braket_local_simulator/types/helpers.rb +143 -0
  642. data/lib/pangea/resources/aws_braket_local_simulator/types/validators.rb +91 -0
  643. data/lib/pangea/resources/aws_braket_local_simulator/types.rb +64 -263
  644. data/lib/pangea/resources/aws_budgets_budget/types/attributes.rb +68 -0
  645. data/lib/pangea/resources/aws_budgets_budget/types/enums.rb +60 -0
  646. data/lib/pangea/resources/aws_budgets_budget/types/helpers.rb +122 -0
  647. data/lib/pangea/resources/aws_budgets_budget/types/schemas.rb +175 -0
  648. data/lib/pangea/resources/aws_budgets_budget/types.rb +5 -319
  649. data/lib/pangea/resources/aws_budgets_budget_action/types/attributes.rb +104 -0
  650. data/lib/pangea/resources/aws_budgets_budget_action/types/definitions.rb +53 -0
  651. data/lib/pangea/resources/aws_budgets_budget_action/types.rb +6 -404
  652. data/lib/pangea/resources/aws_ce_cost_category/expression_builder.rb +84 -0
  653. data/lib/pangea/resources/aws_ce_cost_category/resource.rb +2 -54
  654. data/lib/pangea/resources/aws_ce_cost_category/types/attributes.rb +152 -0
  655. data/lib/pangea/resources/aws_ce_cost_category/types/expressions.rb +157 -0
  656. data/lib/pangea/resources/aws_ce_cost_category/types.rb +5 -386
  657. data/lib/pangea/resources/aws_cloudformation_stack/types/configs.rb +91 -0
  658. data/lib/pangea/resources/aws_cloudformation_stack/types/instance_methods.rb +79 -0
  659. data/lib/pangea/resources/aws_cloudformation_stack/types/validation.rb +88 -0
  660. data/lib/pangea/resources/aws_cloudformation_stack/types.rb +47 -206
  661. data/lib/pangea/resources/aws_cloudformation_stack_set/types/configs.rb +120 -0
  662. data/lib/pangea/resources/aws_cloudformation_stack_set/types/helpers.rb +89 -0
  663. data/lib/pangea/resources/aws_cloudformation_stack_set/types/validators.rb +120 -0
  664. data/lib/pangea/resources/aws_cloudformation_stack_set/types.rb +73 -283
  665. data/lib/pangea/resources/aws_cloudfront_distribution/builders/cache_behavior_builder.rb +86 -0
  666. data/lib/pangea/resources/aws_cloudfront_distribution/builders/origin_builder.rb +81 -0
  667. data/lib/pangea/resources/aws_cloudfront_distribution/builders/reference_builder.rb +62 -0
  668. data/lib/pangea/resources/aws_cloudfront_distribution/builders/settings_builder.rb +81 -0
  669. data/lib/pangea/resources/aws_cloudfront_distribution/resource.rb +23 -213
  670. data/lib/pangea/resources/aws_cloudfront_distribution/types/attributes.rb +47 -0
  671. data/lib/pangea/resources/aws_cloudfront_distribution/types/instance_methods.rb +59 -0
  672. data/lib/pangea/resources/aws_cloudfront_distribution/types/validation.rb +55 -0
  673. data/lib/pangea/resources/aws_cloudfront_distribution/types.rb +6 -402
  674. data/lib/pangea/resources/aws_cloudfront_response_headers_policy/types/attributes.rb +153 -0
  675. data/lib/pangea/resources/aws_cloudfront_response_headers_policy/types/configs.rb +81 -0
  676. data/lib/pangea/resources/aws_cloudfront_response_headers_policy/types.rb +6 -373
  677. data/lib/pangea/resources/aws_cloudtrail/types/attributes.rb +92 -0
  678. data/lib/pangea/resources/aws_cloudtrail/types/configs.rb +87 -0
  679. data/lib/pangea/resources/aws_cloudtrail/types/selectors.rb +42 -0
  680. data/lib/pangea/resources/aws_cloudtrail/types.rb +9 -352
  681. data/lib/pangea/resources/aws_cloudwatch_dashboard/types/cloudwatch_dashboard_attributes.rb +158 -0
  682. data/lib/pangea/resources/aws_cloudwatch_dashboard/types/dashboard_metric.rb +57 -0
  683. data/lib/pangea/resources/aws_cloudwatch_dashboard/types/dashboard_widget.rb +83 -0
  684. data/lib/pangea/resources/aws_cloudwatch_dashboard/types/dashboard_widget_properties.rb +75 -0
  685. data/lib/pangea/resources/aws_cloudwatch_dashboard/types.rb +6 -283
  686. data/lib/pangea/resources/aws_cloudwatch_event_target/resource.rb +51 -136
  687. data/lib/pangea/resources/aws_cloudwatch_event_target/target_builders.rb +97 -0
  688. data/lib/pangea/resources/aws_cloudwatch_event_target/types/dead_letter_config.rb +36 -0
  689. data/lib/pangea/resources/aws_cloudwatch_event_target/types/input_transformer.rb +40 -0
  690. data/lib/pangea/resources/aws_cloudwatch_event_target/types/retry_policy.rb +40 -0
  691. data/lib/pangea/resources/aws_cloudwatch_event_target/types/target_service_detection.rb +80 -0
  692. data/lib/pangea/resources/aws_cloudwatch_event_target/types/validators.rb +66 -0
  693. data/lib/pangea/resources/aws_cloudwatch_event_target/types.rb +60 -144
  694. data/lib/pangea/resources/aws_cloudwatch_metric_alarm/types/instance_methods.rb +94 -0
  695. data/lib/pangea/resources/aws_cloudwatch_metric_alarm/types/metric_query.rb +71 -0
  696. data/lib/pangea/resources/aws_cloudwatch_metric_alarm/types/validation.rb +83 -0
  697. data/lib/pangea/resources/aws_cloudwatch_metric_alarm/types.rb +36 -179
  698. data/lib/pangea/resources/aws_codeartifact_repository/types.rb +1 -1
  699. data/lib/pangea/resources/aws_codebuild_project/block_builders.rb +163 -0
  700. data/lib/pangea/resources/aws_codebuild_project/resource.rb +21 -154
  701. data/lib/pangea/resources/aws_codebuild_project/types/instance_methods.rb +74 -0
  702. data/lib/pangea/resources/aws_codebuild_project/types/schemas.rb +155 -0
  703. data/lib/pangea/resources/aws_codebuild_project/types/validation.rb +88 -0
  704. data/lib/pangea/resources/aws_codebuild_project/types.rb +58 -238
  705. data/lib/pangea/resources/aws_codecommit_repository/types.rb +2 -2
  706. data/lib/pangea/resources/aws_codedeploy_application/types.rb +1 -1
  707. data/lib/pangea/resources/aws_codedeploy_deployment_config/types.rb +1 -1
  708. data/lib/pangea/resources/aws_codedeploy_deployment_group/block_builders.rb +104 -0
  709. data/lib/pangea/resources/aws_codedeploy_deployment_group/resource.rb +5 -70
  710. data/lib/pangea/resources/aws_codedeploy_deployment_group/types/deployment.rb +65 -0
  711. data/lib/pangea/resources/aws_codedeploy_deployment_group/types/helpers.rb +85 -0
  712. data/lib/pangea/resources/aws_codedeploy_deployment_group/types/infrastructure.rb +78 -0
  713. data/lib/pangea/resources/aws_codedeploy_deployment_group/types/tag_filters.rb +43 -0
  714. data/lib/pangea/resources/aws_codedeploy_deployment_group/types.rb +55 -208
  715. data/lib/pangea/resources/aws_codepipeline/types/attributes.rb +130 -0
  716. data/lib/pangea/resources/aws_codepipeline/types/instance_methods.rb +85 -0
  717. data/lib/pangea/resources/aws_codepipeline/types/validation.rb +64 -0
  718. data/lib/pangea/resources/aws_codepipeline/types.rb +5 -194
  719. data/lib/pangea/resources/aws_codepipeline_webhook/types.rb +2 -2
  720. data/lib/pangea/resources/aws_cognito_identity_pool/types/attributes.rb +105 -0
  721. data/lib/pangea/resources/aws_cognito_identity_pool/types/providers.rb +38 -0
  722. data/lib/pangea/resources/aws_cognito_identity_pool/types/templates.rb +75 -0
  723. data/lib/pangea/resources/aws_cognito_identity_pool/types.rb +5 -340
  724. data/lib/pangea/resources/aws_cognito_identity_provider/types/attributes.rb +61 -0
  725. data/lib/pangea/resources/aws_cognito_identity_provider/types/templates.rb +69 -0
  726. data/lib/pangea/resources/aws_cognito_identity_provider/types/validation.rb +66 -0
  727. data/lib/pangea/resources/aws_cognito_identity_provider/types.rb +4 -476
  728. data/lib/pangea/resources/aws_cognito_user_pool/resource/dsl_builder/authentication_config.rb +63 -0
  729. data/lib/pangea/resources/aws_cognito_user_pool/resource/dsl_builder/messaging_config.rb +73 -0
  730. data/lib/pangea/resources/aws_cognito_user_pool/resource/dsl_builder/mfa_config.rb +57 -0
  731. data/lib/pangea/resources/aws_cognito_user_pool/resource/dsl_builder/schema_and_settings.rb +146 -0
  732. data/lib/pangea/resources/aws_cognito_user_pool/resource/dsl_builder.rb +42 -0
  733. data/lib/pangea/resources/aws_cognito_user_pool/resource.rb +49 -204
  734. data/lib/pangea/resources/aws_cognito_user_pool/types/attributes.rb +87 -0
  735. data/lib/pangea/resources/aws_cognito_user_pool/types/nested_types.rb +112 -0
  736. data/lib/pangea/resources/aws_cognito_user_pool/types/templates.rb +57 -0
  737. data/lib/pangea/resources/aws_cognito_user_pool/types.rb +8 -347
  738. data/lib/pangea/resources/aws_cognito_user_pool_client/types/attributes.rb +109 -0
  739. data/lib/pangea/resources/aws_cognito_user_pool_client/types/nested_types.rb +27 -0
  740. data/lib/pangea/resources/aws_cognito_user_pool_client/types/templates.rb +85 -0
  741. data/lib/pangea/resources/aws_cognito_user_pool_client/types.rb +8 -382
  742. data/lib/pangea/resources/aws_cognito_user_pool_domain/types/attributes.rb +124 -0
  743. data/lib/pangea/resources/aws_cognito_user_pool_domain/types/templates.rb +84 -0
  744. data/lib/pangea/resources/aws_cognito_user_pool_domain/types/validation.rb +73 -0
  745. data/lib/pangea/resources/aws_cognito_user_pool_domain/types.rb +4 -237
  746. data/lib/pangea/resources/aws_config_config_rule/types/cost_estimator.rb +77 -0
  747. data/lib/pangea/resources/aws_config_config_rule/types/validators.rb +94 -0
  748. data/lib/pangea/resources/aws_config_config_rule/types.rb +22 -150
  749. data/lib/pangea/resources/aws_config_remediation_configuration/types.rb +1 -1
  750. data/lib/pangea/resources/aws_customer_gateway/types.rb +1 -1
  751. data/lib/pangea/resources/aws_db_cluster_snapshot/types/configs.rb +117 -0
  752. data/lib/pangea/resources/aws_db_cluster_snapshot/types.rb +2 -96
  753. data/lib/pangea/resources/aws_db_instance/types/backup_attributes.rb +38 -0
  754. data/lib/pangea/resources/aws_db_instance/types/core_attributes.rb +60 -0
  755. data/lib/pangea/resources/aws_db_instance/types/engine_configs.rb +68 -0
  756. data/lib/pangea/resources/aws_db_instance/types/helpers.rb +92 -0
  757. data/lib/pangea/resources/aws_db_instance/types/monitoring_attributes.rb +38 -0
  758. data/lib/pangea/resources/aws_db_instance/types/network_attributes.rb +44 -0
  759. data/lib/pangea/resources/aws_db_instance/types/options_attributes.rb +44 -0
  760. data/lib/pangea/resources/aws_db_instance/types/storage_attributes.rb +44 -0
  761. data/lib/pangea/resources/aws_db_instance/types/validations.rb +85 -0
  762. data/lib/pangea/resources/aws_db_instance/types.rb +38 -228
  763. data/lib/pangea/resources/aws_db_parameter_group/types/db_parameter.rb +57 -0
  764. data/lib/pangea/resources/aws_db_parameter_group/types/db_parameter_configs.rb +82 -0
  765. data/lib/pangea/resources/aws_db_parameter_group/types/parameter_validators.rb +73 -0
  766. data/lib/pangea/resources/aws_db_parameter_group/types.rb +121 -259
  767. data/lib/pangea/resources/aws_db_snapshot/types.rb +1 -1
  768. data/lib/pangea/resources/aws_db_subnet_group/types.rb +1 -1
  769. data/lib/pangea/resources/aws_default_network_acl/types.rb +1 -1
  770. data/lib/pangea/resources/aws_default_route_table/types.rb +1 -1
  771. data/lib/pangea/resources/aws_default_security_group/types.rb +1 -1
  772. data/lib/pangea/resources/aws_default_vpc_dhcp_options/types.rb +1 -1
  773. data/lib/pangea/resources/aws_docdb_certificate/types.rb +1 -1
  774. data/lib/pangea/resources/aws_docdb_cluster/types.rb +1 -1
  775. data/lib/pangea/resources/aws_docdb_cluster_endpoint/types.rb +1 -1
  776. data/lib/pangea/resources/aws_docdb_cluster_instance/types.rb +1 -1
  777. data/lib/pangea/resources/aws_docdb_cluster_parameter_group/types.rb +1 -1
  778. data/lib/pangea/resources/aws_docdb_cluster_snapshot/types.rb +1 -1
  779. data/lib/pangea/resources/aws_docdb_event_subscription/types.rb +1 -1
  780. data/lib/pangea/resources/aws_docdb_global_cluster/types.rb +1 -1
  781. data/lib/pangea/resources/aws_docdb_subnet_group/types.rb +1 -1
  782. data/lib/pangea/resources/aws_dynamodb_global_table/types/configs.rb +105 -0
  783. data/lib/pangea/resources/aws_dynamodb_global_table/types/instance_methods.rb +68 -0
  784. data/lib/pangea/resources/aws_dynamodb_global_table/types.rb +87 -234
  785. data/lib/pangea/resources/aws_dynamodb_table/builders/config_builder.rb +153 -0
  786. data/lib/pangea/resources/aws_dynamodb_table/builders/index_builder.rb +62 -0
  787. data/lib/pangea/resources/aws_dynamodb_table/builders/reference_builder.rb +64 -0
  788. data/lib/pangea/resources/aws_dynamodb_table/builders/table_builder.rb +62 -0
  789. data/lib/pangea/resources/aws_dynamodb_table/resource.rb +8 -186
  790. data/lib/pangea/resources/aws_dynamodb_table/types/attributes.rb +150 -0
  791. data/lib/pangea/resources/aws_dynamodb_table/types/configs.rb +109 -0
  792. data/lib/pangea/resources/aws_dynamodb_table/types/instance_methods.rb +82 -0
  793. data/lib/pangea/resources/aws_dynamodb_table/types/validations.rb +131 -0
  794. data/lib/pangea/resources/aws_dynamodb_table/types.rb +5 -381
  795. data/lib/pangea/resources/aws_ebs_volume/types/attributes.rb +76 -0
  796. data/lib/pangea/resources/aws_ebs_volume/types/instance_methods.rb +121 -0
  797. data/lib/pangea/resources/aws_ebs_volume/types/validation.rb +114 -0
  798. data/lib/pangea/resources/aws_ebs_volume/types.rb +7 -228
  799. data/lib/pangea/resources/aws_ec2_ami_launch_permission/types.rb +1 -1
  800. data/lib/pangea/resources/aws_ec2_availability_zone_group/types.rb +1 -1
  801. data/lib/pangea/resources/aws_ec2_capacity_block_reservation/types.rb +1 -1
  802. data/lib/pangea/resources/aws_ec2_capacity_reservation/types.rb +1 -1
  803. data/lib/pangea/resources/aws_ec2_dedicated_host/types.rb +1 -1
  804. data/lib/pangea/resources/aws_ec2_fleet/types.rb +1 -1
  805. data/lib/pangea/resources/aws_ec2_host_resource_group_association/types.rb +1 -1
  806. data/lib/pangea/resources/aws_ec2_image_block_public_access/types.rb +1 -1
  807. data/lib/pangea/resources/aws_ec2_instance_metadata_defaults/types.rb +1 -1
  808. data/lib/pangea/resources/aws_ec2_serial_console_access/types.rb +1 -1
  809. data/lib/pangea/resources/aws_ec2_snapshot_block_public_access/types.rb +1 -1
  810. data/lib/pangea/resources/aws_ec2_spot_datafeed_subscription/types.rb +1 -1
  811. data/lib/pangea/resources/aws_ec2_spot_fleet_request/types.rb +1 -1
  812. data/lib/pangea/resources/aws_ec2_spot_instance_request/types.rb +1 -1
  813. data/lib/pangea/resources/aws_ec2_tag/types.rb +1 -1
  814. data/lib/pangea/resources/aws_ec2_transit_gateway_multicast_domain/types.rb +1 -1
  815. data/lib/pangea/resources/aws_ec2_transit_gateway_multicast_domain_association/types.rb +1 -1
  816. data/lib/pangea/resources/aws_ec2_transit_gateway_multicast_group_member/types.rb +1 -1
  817. data/lib/pangea/resources/aws_ec2_transit_gateway_route/types/network_analysis.rb +91 -0
  818. data/lib/pangea/resources/aws_ec2_transit_gateway_route/types/security_analysis.rb +144 -0
  819. data/lib/pangea/resources/aws_ec2_transit_gateway_route/types.rb +41 -190
  820. data/lib/pangea/resources/aws_ec2_transit_gateway_route_table_propagation/types/propagation_insights.rb +100 -0
  821. data/lib/pangea/resources/aws_ec2_transit_gateway_route_table_propagation/types/security_concerns.rb +67 -0
  822. data/lib/pangea/resources/aws_ec2_transit_gateway_route_table_propagation/types/troubleshooting_support.rb +68 -0
  823. data/lib/pangea/resources/aws_ec2_transit_gateway_route_table_propagation/types.rb +14 -169
  824. data/lib/pangea/resources/aws_ecr_lifecycle_policy/types/computed.rb +110 -0
  825. data/lib/pangea/resources/aws_ecr_lifecycle_policy/types/validation.rb +69 -0
  826. data/lib/pangea/resources/aws_ecr_lifecycle_policy/types.rb +42 -167
  827. data/lib/pangea/resources/aws_ecr_repository/types.rb +1 -1
  828. data/lib/pangea/resources/aws_ecs_capacity_provider/types.rb +1 -1
  829. data/lib/pangea/resources/aws_ecs_cluster/types.rb +1 -1
  830. data/lib/pangea/resources/aws_ecs_service/dsl_builders.rb +193 -0
  831. data/lib/pangea/resources/aws_ecs_service/reference_builder.rb +53 -0
  832. data/lib/pangea/resources/aws_ecs_service/resource.rb +21 -201
  833. data/lib/pangea/resources/aws_ecs_service/types/attributes.rb +56 -0
  834. data/lib/pangea/resources/aws_ecs_service/types/helpers.rb +34 -0
  835. data/lib/pangea/resources/aws_ecs_service/types/nested.rb +74 -0
  836. data/lib/pangea/resources/aws_ecs_service/types.rb +4 -324
  837. data/lib/pangea/resources/aws_ecs_task_definition/container_definitions.rb +191 -0
  838. data/lib/pangea/resources/aws_ecs_task_definition/resource.rb +107 -255
  839. data/lib/pangea/resources/aws_ecs_task_definition/types/container_definition.rb +121 -0
  840. data/lib/pangea/resources/aws_ecs_task_definition/types/task_definition.rb +100 -0
  841. data/lib/pangea/resources/aws_ecs_task_definition/types.rb +6 -427
  842. data/lib/pangea/resources/aws_ecs_task_definition/volumes.rb +105 -0
  843. data/lib/pangea/resources/aws_eip/types.rb +1 -1
  844. data/lib/pangea/resources/aws_eip_association/types.rb +1 -1
  845. data/lib/pangea/resources/aws_eks_access_entry/types.rb +1 -1
  846. data/lib/pangea/resources/aws_eks_node_group/builders/dsl_builder.rb +108 -0
  847. data/lib/pangea/resources/aws_eks_node_group/builders/reference_builder.rb +76 -0
  848. data/lib/pangea/resources/aws_eks_node_group/resource.rb +7 -114
  849. data/lib/pangea/resources/aws_eks_node_group/types/eks_node_group_attributes.rb +132 -0
  850. data/lib/pangea/resources/aws_eks_node_group/types/launch_template.rb +58 -0
  851. data/lib/pangea/resources/aws_eks_node_group/types/remote_access.rb +41 -0
  852. data/lib/pangea/resources/aws_eks_node_group/types/scaling_config.rb +62 -0
  853. data/lib/pangea/resources/aws_eks_node_group/types/taint.rb +43 -0
  854. data/lib/pangea/resources/aws_eks_node_group/types/update_config.rb +54 -0
  855. data/lib/pangea/resources/aws_eks_node_group/types.rb +8 -242
  856. data/lib/pangea/resources/aws_elasticache_cluster/types/configs.rb +69 -0
  857. data/lib/pangea/resources/aws_elasticache_cluster/types/helpers.rb +97 -0
  858. data/lib/pangea/resources/aws_elasticache_cluster/types/node_types.rb +51 -0
  859. data/lib/pangea/resources/aws_elasticache_cluster/types/validators.rb +114 -0
  860. data/lib/pangea/resources/aws_elasticache_cluster/types.rb +29 -196
  861. data/lib/pangea/resources/aws_elasticache_parameter_group/types/attributes.rb +132 -0
  862. data/lib/pangea/resources/aws_elasticache_parameter_group/types/configs.rb +102 -0
  863. data/lib/pangea/resources/aws_elasticache_parameter_group/types/parameter_helpers.rb +133 -0
  864. data/lib/pangea/resources/aws_elasticache_parameter_group/types.rb +4 -279
  865. data/lib/pangea/resources/aws_elasticache_subnet_group/types.rb +1 -1
  866. data/lib/pangea/resources/aws_elb_attachment/types.rb +1 -1
  867. data/lib/pangea/resources/aws_elb_service_account/types.rb +1 -1
  868. data/lib/pangea/resources/aws_elemental_data_plane_channel/types.rb +2 -2
  869. data/lib/pangea/resources/aws_emr_cluster/resource/dsl_builder/auto_scaling.rb +93 -0
  870. data/lib/pangea/resources/aws_emr_cluster/resource/dsl_builder/cluster_settings.rb +106 -0
  871. data/lib/pangea/resources/aws_emr_cluster/resource/dsl_builder/configurations.rb +75 -0
  872. data/lib/pangea/resources/aws_emr_cluster/resource/dsl_builder/ec2_attributes.rb +56 -0
  873. data/lib/pangea/resources/aws_emr_cluster/resource/dsl_builder/instance_groups.rb +101 -0
  874. data/lib/pangea/resources/aws_emr_cluster/resource/dsl_builder.rb +44 -0
  875. data/lib/pangea/resources/aws_emr_cluster/resource.rb +63 -279
  876. data/lib/pangea/resources/aws_emr_cluster/types/attributes.rb +97 -0
  877. data/lib/pangea/resources/aws_emr_cluster/types/class_methods.rb +114 -0
  878. data/lib/pangea/resources/aws_emr_cluster/types/instance_methods.rb +113 -0
  879. data/lib/pangea/resources/aws_emr_cluster/types/validation.rb +51 -0
  880. data/lib/pangea/resources/aws_emr_cluster/types.rb +5 -480
  881. data/lib/pangea/resources/aws_emr_instance_group/types/attributes.rb +90 -0
  882. data/lib/pangea/resources/aws_emr_instance_group/types/configs.rb +63 -0
  883. data/lib/pangea/resources/aws_emr_instance_group/types.rb +6 -408
  884. data/lib/pangea/resources/aws_emr_step/types/attributes.rb +92 -0
  885. data/lib/pangea/resources/aws_emr_step/types/step_builders.rb +90 -0
  886. data/lib/pangea/resources/aws_emr_step/types.rb +6 -377
  887. data/lib/pangea/resources/aws_eventbridge_bus/types.rb +1 -1
  888. data/lib/pangea/resources/aws_eventbridge_rule/types/attributes.rb +80 -0
  889. data/lib/pangea/resources/aws_eventbridge_rule/types/helpers.rb +101 -0
  890. data/lib/pangea/resources/aws_eventbridge_rule/types/templates.rb +131 -0
  891. data/lib/pangea/resources/aws_eventbridge_rule/types/validators.rb +87 -0
  892. data/lib/pangea/resources/aws_eventbridge_rule/types.rb +5 -313
  893. data/lib/pangea/resources/aws_eventbridge_target/batch_target_builder.rb +48 -0
  894. data/lib/pangea/resources/aws_eventbridge_target/ecs_target_builder.rb +101 -0
  895. data/lib/pangea/resources/aws_eventbridge_target/resource.rb +4 -76
  896. data/lib/pangea/resources/aws_eventbridge_target/types/attributes.rb +115 -0
  897. data/lib/pangea/resources/aws_eventbridge_target/types/configs.rb +75 -0
  898. data/lib/pangea/resources/aws_eventbridge_target/types/parameters.rb +58 -0
  899. data/lib/pangea/resources/aws_eventbridge_target/types.rb +4 -466
  900. data/lib/pangea/resources/aws_fsx_lustre_filesystem/types/helpers.rb +101 -0
  901. data/lib/pangea/resources/aws_fsx_lustre_filesystem/types.rb +61 -164
  902. data/lib/pangea/resources/aws_glue_catalog_table/types/format_helpers.rb +80 -0
  903. data/lib/pangea/resources/aws_glue_catalog_table/types/storage_descriptor.rb +60 -0
  904. data/lib/pangea/resources/aws_glue_catalog_table/types/table_helpers.rb +95 -0
  905. data/lib/pangea/resources/aws_glue_catalog_table/types/validators.rb +72 -0
  906. data/lib/pangea/resources/aws_glue_catalog_table/types.rb +55 -248
  907. data/lib/pangea/resources/aws_glue_job/types/attributes.rb +99 -0
  908. data/lib/pangea/resources/aws_glue_job/types/class_methods.rb +86 -0
  909. data/lib/pangea/resources/aws_glue_job/types/instance_methods.rb +97 -0
  910. data/lib/pangea/resources/aws_glue_job/types/validation.rb +68 -0
  911. data/lib/pangea/resources/aws_glue_job/types.rb +5 -268
  912. data/lib/pangea/resources/aws_glue_trigger/types/attributes.rb +91 -0
  913. data/lib/pangea/resources/aws_glue_trigger/types/helpers/class_methods.rb +109 -0
  914. data/lib/pangea/resources/aws_glue_trigger/types/helpers/instance_methods.rb +140 -0
  915. data/lib/pangea/resources/aws_glue_trigger/types/helpers.rb +35 -0
  916. data/lib/pangea/resources/aws_glue_trigger/types/validation.rb +97 -0
  917. data/lib/pangea/resources/aws_glue_trigger/types.rb +9 -306
  918. data/lib/pangea/resources/aws_ground_station/config.rb +145 -0
  919. data/lib/pangea/resources/aws_ground_station/contact.rb +48 -0
  920. data/lib/pangea/resources/aws_ground_station/dataflow_endpoint_group.rb +46 -0
  921. data/lib/pangea/resources/aws_ground_station/mission_profile.rb +50 -0
  922. data/lib/pangea/resources/aws_ground_station.rb +15 -362
  923. data/lib/pangea/resources/aws_iam_group/types/access_patterns.rb +82 -0
  924. data/lib/pangea/resources/aws_iam_group/types/attributes.rb +97 -0
  925. data/lib/pangea/resources/aws_iam_group/types/group_classification.rb +132 -0
  926. data/lib/pangea/resources/aws_iam_group/types/patterns.rb +96 -0
  927. data/lib/pangea/resources/aws_iam_group/types.rb +10 -394
  928. data/lib/pangea/resources/aws_iam_policy/types/attributes.rb +117 -0
  929. data/lib/pangea/resources/aws_iam_policy/types/templates.rb +56 -0
  930. data/lib/pangea/resources/aws_iam_policy/types.rb +7 -346
  931. data/lib/pangea/resources/aws_iam_role/types/trust_policies.rb +90 -0
  932. data/lib/pangea/resources/aws_iam_role/types.rb +103 -174
  933. data/lib/pangea/resources/aws_iam_role_policy_attachment/types/attachment_patterns.rb +75 -0
  934. data/lib/pangea/resources/aws_iam_role_policy_attachment/types/aws_managed_policies.rb +93 -0
  935. data/lib/pangea/resources/aws_iam_role_policy_attachment/types.rb +101 -222
  936. data/lib/pangea/resources/aws_iam_user/types/attributes.rb +45 -0
  937. data/lib/pangea/resources/aws_iam_user/types/helpers.rb +123 -0
  938. data/lib/pangea/resources/aws_iam_user/types/templates.rb +147 -0
  939. data/lib/pangea/resources/aws_iam_user/types/validators.rb +68 -0
  940. data/lib/pangea/resources/aws_iam_user/types.rb +5 -323
  941. data/lib/pangea/resources/aws_instance/types.rb +1 -1
  942. data/lib/pangea/resources/aws_internet_gateway/resource.rb +3 -9
  943. data/lib/pangea/resources/aws_iot_analytics_channel/types.rb +1 -1
  944. data/lib/pangea/resources/aws_iot_analytics_datastore/types.rb +1 -1
  945. data/lib/pangea/resources/aws_iot_certificate/types/helpers.rb +164 -0
  946. data/lib/pangea/resources/aws_iot_certificate/types/validators.rb +84 -0
  947. data/lib/pangea/resources/aws_iot_certificate/types.rb +46 -208
  948. data/lib/pangea/resources/aws_iot_device_defender_security_profile/types.rb +3 -3
  949. data/lib/pangea/resources/aws_iot_policy/types.rb +1 -1
  950. data/lib/pangea/resources/aws_iot_security_profile/types.rb +2 -2
  951. data/lib/pangea/resources/aws_iot_thing_type/types/analysis.rb +107 -0
  952. data/lib/pangea/resources/aws_iot_thing_type/types/properties.rb +64 -0
  953. data/lib/pangea/resources/aws_iot_thing_type/types/recommendations.rb +65 -0
  954. data/lib/pangea/resources/aws_iot_thing_type/types/templates.rb +69 -0
  955. data/lib/pangea/resources/aws_iot_thing_type/types.rb +35 -215
  956. data/lib/pangea/resources/aws_iot_topic_rule/types.rb +2 -2
  957. data/lib/pangea/resources/aws_iot_topic_rule_destination/types.rb +1 -1
  958. data/lib/pangea/resources/aws_iotanalytics_dataset/builders/action_builder.rb +76 -0
  959. data/lib/pangea/resources/aws_iotanalytics_dataset/resource.rb +2 -41
  960. data/lib/pangea/resources/aws_iotanalytics_dataset/types/action.rb +91 -0
  961. data/lib/pangea/resources/aws_iotanalytics_dataset/types/attributes.rb +81 -0
  962. data/lib/pangea/resources/aws_iotanalytics_dataset/types/content_delivery_rule.rb +67 -0
  963. data/lib/pangea/resources/aws_iotanalytics_dataset/types/trigger.rb +49 -0
  964. data/lib/pangea/resources/aws_iotanalytics_dataset/types.rb +6 -202
  965. data/lib/pangea/resources/aws_key_pair/types.rb +1 -1
  966. data/lib/pangea/resources/aws_kinesis_analytics_application/builders/application_code_builder.rb +62 -0
  967. data/lib/pangea/resources/aws_kinesis_analytics_application/builders/flink_builder.rb +76 -0
  968. data/lib/pangea/resources/aws_kinesis_analytics_application/builders/sql_builder.rb +197 -0
  969. data/lib/pangea/resources/aws_kinesis_analytics_application/resource.rb +67 -243
  970. data/lib/pangea/resources/aws_kinesis_analytics_application/types/computed.rb +131 -0
  971. data/lib/pangea/resources/aws_kinesis_analytics_application/types/configs.rb +86 -0
  972. data/lib/pangea/resources/aws_kinesis_analytics_application/types/sql_configs.rb +113 -0
  973. data/lib/pangea/resources/aws_kinesis_analytics_application/types/validation.rb +109 -0
  974. data/lib/pangea/resources/aws_kinesis_analytics_application/types.rb +25 -280
  975. data/lib/pangea/resources/aws_kinesis_firehose_delivery_stream/destination_builders.rb +108 -0
  976. data/lib/pangea/resources/aws_kinesis_firehose_delivery_stream/resource.rb +20 -210
  977. data/lib/pangea/resources/aws_kinesis_firehose_delivery_stream/s3_builders.rb +127 -0
  978. data/lib/pangea/resources/aws_kinesis_firehose_delivery_stream/types/computed_properties.rb +65 -0
  979. data/lib/pangea/resources/aws_kinesis_firehose_delivery_stream/types/validation.rb +73 -0
  980. data/lib/pangea/resources/aws_kinesis_firehose_delivery_stream/types.rb +121 -242
  981. data/lib/pangea/resources/aws_kinesis_stream/types.rb +1 -1
  982. data/lib/pangea/resources/aws_kinesis_video_stream/types/kms_validation.rb +52 -0
  983. data/lib/pangea/resources/aws_kinesis_video_stream/types/media_type_helpers.rb +58 -0
  984. data/lib/pangea/resources/aws_kinesis_video_stream/types/storage_estimation.rb +75 -0
  985. data/lib/pangea/resources/aws_kinesis_video_stream/types.rb +60 -161
  986. data/lib/pangea/resources/aws_lambda_function/block_builders.rb +112 -0
  987. data/lib/pangea/resources/aws_lambda_function/resource.rb +13 -78
  988. data/lib/pangea/resources/aws_lambda_function/types/helpers.rb +58 -0
  989. data/lib/pangea/resources/aws_lambda_function/types/validators.rb +99 -0
  990. data/lib/pangea/resources/aws_lambda_function/types.rb +16 -156
  991. data/lib/pangea/resources/aws_launch_configuration/types.rb +1 -1
  992. data/lib/pangea/resources/aws_launch_template/types/block_device_mapping.rb +57 -0
  993. data/lib/pangea/resources/aws_launch_template/types/iam_instance_profile.rb +48 -0
  994. data/lib/pangea/resources/aws_launch_template/types/network_interface.rb +43 -0
  995. data/lib/pangea/resources/aws_launch_template/types/tag_specification.rb +43 -0
  996. data/lib/pangea/resources/aws_launch_template/types.rb +25 -111
  997. data/lib/pangea/resources/aws_lb/types.rb +1 -1
  998. data/lib/pangea/resources/aws_lb_cookie_stickiness_policy/types.rb +1 -1
  999. data/lib/pangea/resources/aws_lb_listener/types.rb +1 -1
  1000. data/lib/pangea/resources/aws_lb_listener_rule/action_builders.rb +123 -0
  1001. data/lib/pangea/resources/aws_lb_listener_rule/resource.rb +3 -88
  1002. data/lib/pangea/resources/aws_lb_listener_rule/types.rb +1 -1
  1003. data/lib/pangea/resources/aws_lb_ssl_negotiation_policy/types.rb +1 -1
  1004. data/lib/pangea/resources/aws_lb_target_group_attachment/types.rb +1 -1
  1005. data/lib/pangea/resources/aws_lb_trust_store/types.rb +1 -1
  1006. data/lib/pangea/resources/aws_lb_trust_store_revocation/types.rb +1 -1
  1007. data/lib/pangea/resources/aws_licensemanager_association/types.rb +1 -1
  1008. data/lib/pangea/resources/aws_licensemanager_grant/types.rb +1 -1
  1009. data/lib/pangea/resources/aws_licensemanager_grant_accepter/types.rb +1 -1
  1010. data/lib/pangea/resources/aws_licensemanager_license_configuration/types.rb +1 -1
  1011. data/lib/pangea/resources/aws_licensemanager_license_grant_accepter/types.rb +1 -1
  1012. data/lib/pangea/resources/aws_licensemanager_report_generator/types.rb +2 -2
  1013. data/lib/pangea/resources/aws_licensemanager_token/types.rb +2 -2
  1014. data/lib/pangea/resources/aws_lightsail/compute.rb +83 -0
  1015. data/lib/pangea/resources/aws_lightsail/database.rb +66 -0
  1016. data/lib/pangea/resources/aws_lightsail/load_balancer.rb +68 -0
  1017. data/lib/pangea/resources/aws_lightsail/networking.rb +118 -0
  1018. data/lib/pangea/resources/aws_lightsail/storage.rb +101 -0
  1019. data/lib/pangea/resources/aws_lightsail.rb +20 -499
  1020. data/lib/pangea/resources/aws_load_balancer_backend_server_policy/types.rb +1 -1
  1021. data/lib/pangea/resources/aws_load_balancer_listener_policy/types.rb +1 -1
  1022. data/lib/pangea/resources/aws_load_balancer_policy/types.rb +1 -1
  1023. data/lib/pangea/resources/aws_local_zones/data_sources.rb +133 -0
  1024. data/lib/pangea/resources/aws_local_zones/resources.rb +90 -0
  1025. data/lib/pangea/resources/aws_local_zones.rb +9 -207
  1026. data/lib/pangea/resources/aws_managedblockchain_accessor/types/blockchain_helpers.rb +76 -0
  1027. data/lib/pangea/resources/aws_managedblockchain_accessor/types/cost_helpers.rb +68 -0
  1028. data/lib/pangea/resources/aws_managedblockchain_accessor/types/network_helpers.rb +95 -0
  1029. data/lib/pangea/resources/aws_managedblockchain_accessor/types.rb +58 -218
  1030. data/lib/pangea/resources/aws_managedblockchain_ethereum_node/types/attributes.rb +84 -0
  1031. data/lib/pangea/resources/aws_managedblockchain_ethereum_node/types/helpers.rb +97 -0
  1032. data/lib/pangea/resources/aws_managedblockchain_ethereum_node/types.rb +4 -346
  1033. data/lib/pangea/resources/aws_managedblockchain_member/types/instance_methods.rb +102 -0
  1034. data/lib/pangea/resources/aws_managedblockchain_member/types/validation.rb +80 -0
  1035. data/lib/pangea/resources/aws_managedblockchain_member/types.rb +49 -189
  1036. data/lib/pangea/resources/aws_managedblockchain_network/types/helpers.rb +107 -0
  1037. data/lib/pangea/resources/aws_managedblockchain_network/types/validation.rb +91 -0
  1038. data/lib/pangea/resources/aws_managedblockchain_network/types.rb +73 -223
  1039. data/lib/pangea/resources/aws_managedblockchain_node/types/attributes.rb +87 -0
  1040. data/lib/pangea/resources/aws_managedblockchain_node/types/cost_and_specs.rb +75 -0
  1041. data/lib/pangea/resources/aws_managedblockchain_node/types/instance_methods.rb +96 -0
  1042. data/lib/pangea/resources/aws_managedblockchain_node/types/validation.rb +56 -0
  1043. data/lib/pangea/resources/aws_managedblockchain_node/types.rb +5 -235
  1044. data/lib/pangea/resources/aws_media_convert_queue/types.rb +2 -2
  1045. data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder/configurations.rb +74 -0
  1046. data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder/destinations.rb +67 -0
  1047. data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder/encoder_settings/audio_descriptions.rb +101 -0
  1048. data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder/encoder_settings/output_groups.rb +163 -0
  1049. data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder/encoder_settings/video_descriptions.rb +86 -0
  1050. data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder/encoder_settings.rb +52 -0
  1051. data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder/input_attachments.rb +131 -0
  1052. data/lib/pangea/resources/aws_media_live_channel/resource/dsl_builder.rb +42 -0
  1053. data/lib/pangea/resources/aws_media_live_channel/resource.rb +22 -527
  1054. data/lib/pangea/resources/aws_media_live_channel/types/audio_codec_settings.rb +103 -0
  1055. data/lib/pangea/resources/aws_media_live_channel/types/caption_settings.rb +112 -0
  1056. data/lib/pangea/resources/aws_media_live_channel/types/channel_config.rb +77 -0
  1057. data/lib/pangea/resources/aws_media_live_channel/types/encoder_config.rb +108 -0
  1058. data/lib/pangea/resources/aws_media_live_channel/types/helpers.rb +58 -0
  1059. data/lib/pangea/resources/aws_media_live_channel/types/hls_group_settings.rb +113 -0
  1060. data/lib/pangea/resources/aws_media_live_channel/types/input_settings.rb +106 -0
  1061. data/lib/pangea/resources/aws_media_live_channel/types/output_group_settings.rb +102 -0
  1062. data/lib/pangea/resources/aws_media_live_channel/types/output_groups.rb +43 -0
  1063. data/lib/pangea/resources/aws_media_live_channel/types/output_settings.rb +153 -0
  1064. data/lib/pangea/resources/aws_media_live_channel/types/schedule_settings.rb +191 -0
  1065. data/lib/pangea/resources/aws_media_live_channel/types/video_codec_h265_mpeg2.rb +111 -0
  1066. data/lib/pangea/resources/aws_media_live_channel/types/video_codec_settings.rb +89 -0
  1067. data/lib/pangea/resources/aws_media_live_channel/types.rb +98 -961
  1068. data/lib/pangea/resources/aws_media_live_input/types/helpers.rb +100 -0
  1069. data/lib/pangea/resources/aws_media_live_input/types/validation.rb +86 -0
  1070. data/lib/pangea/resources/aws_media_live_input/types.rb +92 -218
  1071. data/lib/pangea/resources/aws_media_package_channel/types.rb +2 -2
  1072. data/lib/pangea/resources/aws_media_package_origin_endpoint/types.rb +7 -7
  1073. data/lib/pangea/resources/aws_media_store_container/types.rb +1 -1
  1074. data/lib/pangea/resources/aws_memorydb_acl/types.rb +1 -1
  1075. data/lib/pangea/resources/aws_memorydb_cluster/types.rb +1 -1
  1076. data/lib/pangea/resources/aws_memorydb_cluster_endpoint/types.rb +1 -1
  1077. data/lib/pangea/resources/aws_memorydb_multi_region_cluster/types.rb +1 -1
  1078. data/lib/pangea/resources/aws_memorydb_parameter_group/types.rb +1 -1
  1079. data/lib/pangea/resources/aws_memorydb_snapshot/types.rb +1 -1
  1080. data/lib/pangea/resources/aws_memorydb_subnet_group/types.rb +1 -1
  1081. data/lib/pangea/resources/aws_memorydb_user/types.rb +2 -2
  1082. data/lib/pangea/resources/aws_minimal/requires/compute_network_resources.rb +77 -0
  1083. data/lib/pangea/resources/aws_minimal/requires/database_resources.rb +76 -0
  1084. data/lib/pangea/resources/aws_minimal/requires/extended_services.rb +74 -0
  1085. data/lib/pangea/resources/aws_minimal/requires/service_modules.rb +60 -0
  1086. data/lib/pangea/resources/aws_minimal.rb +13 -228
  1087. data/lib/pangea/resources/aws_neptune_cluster/types.rb +2 -2
  1088. data/lib/pangea/resources/aws_neptune_cluster_endpoint/types.rb +1 -1
  1089. data/lib/pangea/resources/aws_neptune_cluster_instance/types.rb +1 -1
  1090. data/lib/pangea/resources/aws_neptune_cluster_parameter_group/types.rb +1 -1
  1091. data/lib/pangea/resources/aws_neptune_cluster_snapshot/types.rb +1 -1
  1092. data/lib/pangea/resources/aws_neptune_event_subscription/types.rb +1 -1
  1093. data/lib/pangea/resources/aws_neptune_parameter_group/types.rb +1 -1
  1094. data/lib/pangea/resources/aws_neptune_subnet_group/types.rb +1 -1
  1095. data/lib/pangea/resources/aws_network_acl/types.rb +1 -1
  1096. data/lib/pangea/resources/aws_network_acl_rule/types.rb +1 -1
  1097. data/lib/pangea/resources/aws_network_interface/types.rb +2 -2
  1098. data/lib/pangea/resources/aws_organizations_organization/types.rb +2 -2
  1099. data/lib/pangea/resources/aws_outposts/outpost.rb +64 -0
  1100. data/lib/pangea/resources/aws_outposts/resources.rb +173 -0
  1101. data/lib/pangea/resources/aws_outposts/site.rb +75 -0
  1102. data/lib/pangea/resources/aws_outposts.rb +10 -343
  1103. data/lib/pangea/resources/aws_placement_group/types.rb +1 -1
  1104. data/lib/pangea/resources/aws_proxy_protocol_policy/types.rb +1 -1
  1105. data/lib/pangea/resources/aws_qldb_stream/types/stream_helpers.rb +134 -0
  1106. data/lib/pangea/resources/aws_qldb_stream/types.rb +66 -172
  1107. data/lib/pangea/resources/aws_ram_invitation_accepter/types.rb +1 -1
  1108. data/lib/pangea/resources/aws_ram_managed_permission/types.rb +1 -1
  1109. data/lib/pangea/resources/aws_ram_permission/types.rb +1 -1
  1110. data/lib/pangea/resources/aws_ram_permission_association/types.rb +1 -1
  1111. data/lib/pangea/resources/aws_ram_principal_association/types.rb +1 -1
  1112. data/lib/pangea/resources/aws_ram_resource_association/types.rb +1 -1
  1113. data/lib/pangea/resources/aws_ram_resource_share/types.rb +1 -1
  1114. data/lib/pangea/resources/aws_ram_resource_share_accepter/types.rb +1 -1
  1115. data/lib/pangea/resources/aws_ram_resource_share_invitation/types.rb +1 -1
  1116. data/lib/pangea/resources/aws_ram_sharing_with_organization/types.rb +1 -1
  1117. data/lib/pangea/resources/aws_rds_cluster/types/attributes.rb +84 -0
  1118. data/lib/pangea/resources/aws_rds_cluster/types/configs.rb +44 -0
  1119. data/lib/pangea/resources/aws_rds_cluster/types/nested_types.rb +45 -0
  1120. data/lib/pangea/resources/aws_rds_cluster/types/validation.rb +26 -0
  1121. data/lib/pangea/resources/aws_rds_cluster/types.rb +5 -460
  1122. data/lib/pangea/resources/aws_rds_cluster_endpoint/types/configs.rb +97 -0
  1123. data/lib/pangea/resources/aws_rds_cluster_endpoint/types/members.rb +36 -0
  1124. data/lib/pangea/resources/aws_rds_cluster_endpoint/types.rb +104 -193
  1125. data/lib/pangea/resources/aws_rds_cluster_instance/types/attributes.rb +59 -0
  1126. data/lib/pangea/resources/aws_rds_cluster_instance/types/configs.rb +58 -0
  1127. data/lib/pangea/resources/aws_rds_cluster_instance/types/instance_methods.rb +106 -0
  1128. data/lib/pangea/resources/aws_rds_cluster_instance/types.rb +6 -425
  1129. data/lib/pangea/resources/aws_rds_cluster_parameter_group/types/attributes.rb +101 -0
  1130. data/lib/pangea/resources/aws_rds_cluster_parameter_group/types/configs.rb +102 -0
  1131. data/lib/pangea/resources/aws_rds_cluster_parameter_group/types/parameter.rb +36 -0
  1132. data/lib/pangea/resources/aws_rds_cluster_parameter_group/types.rb +8 -349
  1133. data/lib/pangea/resources/aws_rds_global_cluster/types/attributes.rb +90 -0
  1134. data/lib/pangea/resources/aws_rds_global_cluster/types/backup_config.rb +52 -0
  1135. data/lib/pangea/resources/aws_rds_global_cluster/types/configs.rb +47 -0
  1136. data/lib/pangea/resources/aws_rds_global_cluster/types.rb +8 -413
  1137. data/lib/pangea/resources/aws_rds_proxy/types/attributes.rb +73 -0
  1138. data/lib/pangea/resources/aws_rds_proxy/types/configs.rb +43 -0
  1139. data/lib/pangea/resources/aws_rds_proxy/types/nested_types.rb +61 -0
  1140. data/lib/pangea/resources/aws_rds_proxy/types.rb +9 -398
  1141. data/lib/pangea/resources/aws_redshift_cluster/types/capacity_calculator.rb +88 -0
  1142. data/lib/pangea/resources/aws_redshift_cluster/types/cost_estimator.rb +66 -0
  1143. data/lib/pangea/resources/aws_redshift_cluster/types/feature_checks.rb +46 -0
  1144. data/lib/pangea/resources/aws_redshift_cluster/types/validators.rb +73 -0
  1145. data/lib/pangea/resources/aws_redshift_cluster/types/workload_parameters.rb +67 -0
  1146. data/lib/pangea/resources/aws_redshift_cluster/types.rb +114 -284
  1147. data/lib/pangea/resources/aws_redshift_parameter_group/types/class_methods.rb +114 -0
  1148. data/lib/pangea/resources/aws_redshift_parameter_group/types/instance_methods.rb +88 -0
  1149. data/lib/pangea/resources/aws_redshift_parameter_group/types/validation.rb +53 -0
  1150. data/lib/pangea/resources/aws_redshift_parameter_group/types.rb +35 -188
  1151. data/lib/pangea/resources/aws_redshift_snapshot_schedule/types/attributes.rb +46 -0
  1152. data/lib/pangea/resources/aws_redshift_snapshot_schedule/types/instance_methods.rb +92 -0
  1153. data/lib/pangea/resources/aws_redshift_snapshot_schedule/types/templates.rb +53 -0
  1154. data/lib/pangea/resources/aws_redshift_snapshot_schedule/types/validation.rb +71 -0
  1155. data/lib/pangea/resources/aws_redshift_snapshot_schedule/types.rb +7 -205
  1156. data/lib/pangea/resources/aws_resources/analytics.rb +22 -0
  1157. data/lib/pangea/resources/aws_resources/compute.rb +31 -0
  1158. data/lib/pangea/resources/aws_resources/core.rb +35 -0
  1159. data/lib/pangea/resources/aws_resources/database.rb +27 -0
  1160. data/lib/pangea/resources/aws_resources/devops.rb +19 -0
  1161. data/lib/pangea/resources/aws_resources/governance.rb +20 -0
  1162. data/lib/pangea/resources/aws_resources/integration.rb +24 -0
  1163. data/lib/pangea/resources/aws_resources/management.rb +33 -0
  1164. data/lib/pangea/resources/aws_resources/ml.rb +15 -0
  1165. data/lib/pangea/resources/aws_resources/security.rb +30 -0
  1166. data/lib/pangea/resources/aws_resources/specialty.rb +67 -0
  1167. data/lib/pangea/resources/aws_resources/storage.rb +23 -0
  1168. data/lib/pangea/resources/aws_resources.rb +15 -338
  1169. data/lib/pangea/resources/aws_route/types.rb +1 -1
  1170. data/lib/pangea/resources/aws_route53_delegation_set/types.rb +1 -1
  1171. data/lib/pangea/resources/aws_route53_health_check/types/attributes.rb +193 -0
  1172. data/lib/pangea/resources/aws_route53_health_check/types/configs.rb +84 -0
  1173. data/lib/pangea/resources/aws_route53_health_check/types.rb +6 -375
  1174. data/lib/pangea/resources/aws_route53_query_log/types.rb +1 -1
  1175. data/lib/pangea/resources/aws_route53_record/types/attributes.rb +149 -0
  1176. data/lib/pangea/resources/aws_route53_record/types/configs.rb +124 -0
  1177. data/lib/pangea/resources/aws_route53_record/types/instance_methods.rb +80 -0
  1178. data/lib/pangea/resources/aws_route53_record/types/validation.rb +82 -0
  1179. data/lib/pangea/resources/aws_route53_record/types.rb +6 -383
  1180. data/lib/pangea/resources/aws_route53_zone/types/attributes.rb +85 -0
  1181. data/lib/pangea/resources/aws_route53_zone/types/configs.rb +73 -0
  1182. data/lib/pangea/resources/aws_route53_zone/types/instance_methods.rb +90 -0
  1183. data/lib/pangea/resources/aws_route53_zone/types/validation.rb +42 -0
  1184. data/lib/pangea/resources/aws_route53_zone/types.rb +5 -234
  1185. data/lib/pangea/resources/aws_s3_access_point/types.rb +1 -1
  1186. data/lib/pangea/resources/aws_s3_bucket/builders/configuration_builder.rb +105 -0
  1187. data/lib/pangea/resources/aws_s3_bucket/builders/lifecycle_builder.rb +101 -0
  1188. data/lib/pangea/resources/aws_s3_bucket/resource.rb +56 -175
  1189. data/lib/pangea/resources/aws_s3_bucket/types/cors_rule.rb +37 -0
  1190. data/lib/pangea/resources/aws_s3_bucket/types/lifecycle_rule.rb +57 -0
  1191. data/lib/pangea/resources/aws_s3_bucket/types/server_side_encryption.rb +51 -0
  1192. data/lib/pangea/resources/aws_s3_bucket/types.rb +130 -162
  1193. data/lib/pangea/resources/aws_s3_bucket_inventory/types/helpers.rb +113 -0
  1194. data/lib/pangea/resources/aws_s3_bucket_inventory/types.rb +3 -99
  1195. data/lib/pangea/resources/aws_s3_bucket_lifecycle_configuration/types/attributes.rb +55 -0
  1196. data/lib/pangea/resources/aws_s3_bucket_lifecycle_configuration/types/expiration.rb +39 -0
  1197. data/lib/pangea/resources/aws_s3_bucket_lifecycle_configuration/types/filter.rb +54 -0
  1198. data/lib/pangea/resources/aws_s3_bucket_lifecycle_configuration/types/rule.rb +49 -0
  1199. data/lib/pangea/resources/aws_s3_bucket_lifecycle_configuration/types/transition.rb +51 -0
  1200. data/lib/pangea/resources/aws_s3_bucket_lifecycle_configuration/types.rb +14 -202
  1201. data/lib/pangea/resources/aws_s3_bucket_notification/types/helpers.rb +76 -0
  1202. data/lib/pangea/resources/aws_s3_bucket_notification/types/notification_config.rb +74 -0
  1203. data/lib/pangea/resources/aws_s3_bucket_notification/types/s3_events.rb +54 -0
  1204. data/lib/pangea/resources/aws_s3_bucket_notification/types/validators.rb +64 -0
  1205. data/lib/pangea/resources/aws_s3_bucket_notification/types.rb +26 -188
  1206. data/lib/pangea/resources/aws_s3_bucket_object_lock_configuration/types/instance_methods.rb +130 -0
  1207. data/lib/pangea/resources/aws_s3_bucket_object_lock_configuration/types/validation.rb +75 -0
  1208. data/lib/pangea/resources/aws_s3_bucket_object_lock_configuration/types.rb +39 -202
  1209. data/lib/pangea/resources/aws_s3_bucket_replication_configuration/types/destination.rb +84 -0
  1210. data/lib/pangea/resources/aws_s3_bucket_replication_configuration/types/filter.rb +47 -0
  1211. data/lib/pangea/resources/aws_s3_bucket_replication_configuration/types/helpers.rb +108 -0
  1212. data/lib/pangea/resources/aws_s3_bucket_replication_configuration/types/rule.rb +78 -0
  1213. data/lib/pangea/resources/aws_s3_bucket_replication_configuration/types/validators.rb +117 -0
  1214. data/lib/pangea/resources/aws_s3_bucket_replication_configuration/types.rb +22 -272
  1215. data/lib/pangea/resources/aws_s3_bucket_website_configuration/types/attributes.rb +57 -0
  1216. data/lib/pangea/resources/aws_s3_bucket_website_configuration/types/documents.rb +61 -0
  1217. data/lib/pangea/resources/aws_s3_bucket_website_configuration/types/redirect.rb +41 -0
  1218. data/lib/pangea/resources/aws_s3_bucket_website_configuration/types/routing_rules.rb +99 -0
  1219. data/lib/pangea/resources/aws_s3_bucket_website_configuration/types.rb +7 -385
  1220. data/lib/pangea/resources/aws_s3_multi_region_access_point/types.rb +1 -1
  1221. data/lib/pangea/resources/aws_s3_object/types/attributes.rb +112 -0
  1222. data/lib/pangea/resources/aws_s3_object/types/instance_methods.rb +112 -0
  1223. data/lib/pangea/resources/aws_s3_object/types/validation.rb +57 -0
  1224. data/lib/pangea/resources/aws_s3_object/types.rb +4 -198
  1225. data/lib/pangea/resources/aws_sagemaker_domain/types/app_settings_types.rb +91 -0
  1226. data/lib/pangea/resources/aws_sagemaker_domain/types/base_types.rb +70 -0
  1227. data/lib/pangea/resources/aws_sagemaker_domain/types/user_settings_types.rb +45 -0
  1228. data/lib/pangea/resources/aws_sagemaker_domain/types.rb +80 -207
  1229. data/lib/pangea/resources/aws_sagemaker_endpoint/reference_attributes.rb +119 -0
  1230. data/lib/pangea/resources/aws_sagemaker_endpoint/resource.rb +2 -80
  1231. data/lib/pangea/resources/aws_sagemaker_endpoint/types/computed_properties.rb +100 -0
  1232. data/lib/pangea/resources/aws_sagemaker_endpoint/types/deployment_analysis.rb +108 -0
  1233. data/lib/pangea/resources/aws_sagemaker_endpoint/types/deployment_config.rb +54 -0
  1234. data/lib/pangea/resources/aws_sagemaker_endpoint/types.rb +62 -235
  1235. data/lib/pangea/resources/aws_sagemaker_endpoint_configuration/reference_attributes.rb +130 -0
  1236. data/lib/pangea/resources/aws_sagemaker_endpoint_configuration/resource.rb +5 -45
  1237. data/lib/pangea/resources/aws_sagemaker_endpoint_configuration/types/attributes.rb +155 -0
  1238. data/lib/pangea/resources/aws_sagemaker_endpoint_configuration/types/variant_types.rb +73 -0
  1239. data/lib/pangea/resources/aws_sagemaker_endpoint_configuration/types.rb +8 -347
  1240. data/lib/pangea/resources/aws_sagemaker_model/types/attributes.rb +62 -0
  1241. data/lib/pangea/resources/aws_sagemaker_model/types/helpers.rb +73 -0
  1242. data/lib/pangea/resources/aws_sagemaker_model/types/validators.rb +70 -0
  1243. data/lib/pangea/resources/aws_sagemaker_model/types.rb +4 -327
  1244. data/lib/pangea/resources/aws_sagemaker_notebook_instance/types/helpers.rb +73 -0
  1245. data/lib/pangea/resources/aws_sagemaker_notebook_instance/types/pricing.rb +118 -0
  1246. data/lib/pangea/resources/aws_sagemaker_notebook_instance/types/security.rb +81 -0
  1247. data/lib/pangea/resources/aws_sagemaker_notebook_instance/types/validators.rb +97 -0
  1248. data/lib/pangea/resources/aws_sagemaker_notebook_instance/types.rb +29 -240
  1249. data/lib/pangea/resources/aws_sagemaker_training_job/types/attributes.rb +86 -0
  1250. data/lib/pangea/resources/aws_sagemaker_training_job/types/configs.rb +38 -0
  1251. data/lib/pangea/resources/aws_sagemaker_training_job/types/enums.rb +27 -0
  1252. data/lib/pangea/resources/aws_sagemaker_training_job/types/validation.rb +70 -0
  1253. data/lib/pangea/resources/aws_sagemaker_training_job/types.rb +5 -466
  1254. data/lib/pangea/resources/aws_sagemaker_user_profile/types/attributes.rb +68 -0
  1255. data/lib/pangea/resources/aws_sagemaker_user_profile/types/helpers.rb +67 -0
  1256. data/lib/pangea/resources/aws_sagemaker_user_profile/types/validators.rb +60 -0
  1257. data/lib/pangea/resources/aws_sagemaker_user_profile/types.rb +4 -327
  1258. data/lib/pangea/resources/aws_security_group/types.rb +3 -3
  1259. data/lib/pangea/resources/aws_sfn_state_machine/types/attributes.rb +51 -0
  1260. data/lib/pangea/resources/aws_sfn_state_machine/types/builders.rb +88 -0
  1261. data/lib/pangea/resources/aws_sfn_state_machine/types/validators.rb +86 -0
  1262. data/lib/pangea/resources/aws_sfn_state_machine/types.rb +5 -344
  1263. data/lib/pangea/resources/aws_snow_family/datasync.rb +124 -0
  1264. data/lib/pangea/resources/aws_snow_family/snowball.rb +95 -0
  1265. data/lib/pangea/resources/aws_snow_family/snowcone.rb +82 -0
  1266. data/lib/pangea/resources/aws_snow_family/snowmobile.rb +51 -0
  1267. data/lib/pangea/resources/aws_snow_family.rb +10 -392
  1268. data/lib/pangea/resources/aws_sns_subscription/types/helpers.rb +73 -0
  1269. data/lib/pangea/resources/aws_sns_subscription/types/validators.rb +144 -0
  1270. data/lib/pangea/resources/aws_sns_subscription/types.rb +28 -191
  1271. data/lib/pangea/resources/aws_sns_topic/types.rb +1 -1
  1272. data/lib/pangea/resources/aws_sqs_queue/types.rb +1 -1
  1273. data/lib/pangea/resources/aws_ssm_document/types/attributes.rb +101 -0
  1274. data/lib/pangea/resources/aws_ssm_document/types/configs.rb +56 -0
  1275. data/lib/pangea/resources/aws_ssm_document/types.rb +6 -405
  1276. data/lib/pangea/resources/aws_ssm_maintenance_window/types/attributes.rb +188 -0
  1277. data/lib/pangea/resources/aws_ssm_maintenance_window/types/configs.rb +88 -0
  1278. data/lib/pangea/resources/aws_ssm_maintenance_window/types.rb +6 -362
  1279. data/lib/pangea/resources/aws_ssm_parameter/types/configs.rb +118 -0
  1280. data/lib/pangea/resources/aws_ssm_parameter/types/helpers.rb +101 -0
  1281. data/lib/pangea/resources/aws_ssm_parameter/types/validation.rb +83 -0
  1282. data/lib/pangea/resources/aws_ssm_parameter/types.rb +32 -250
  1283. data/lib/pangea/resources/aws_ssm_patch_baseline/types/attributes.rb +75 -0
  1284. data/lib/pangea/resources/aws_ssm_patch_baseline/types/configs.rb +94 -0
  1285. data/lib/pangea/resources/aws_ssm_patch_baseline/types/instance_methods.rb +97 -0
  1286. data/lib/pangea/resources/aws_ssm_patch_baseline/types/validation.rb +99 -0
  1287. data/lib/pangea/resources/aws_ssm_patch_baseline/types.rb +7 -428
  1288. data/lib/pangea/resources/aws_subnet/resource.rb +7 -13
  1289. data/lib/pangea/resources/aws_subnet/types.rb +1 -1
  1290. data/lib/pangea/resources/aws_timestream_access_policy/types.rb +1 -1
  1291. data/lib/pangea/resources/aws_timestream_batch_load_task/types.rb +4 -4
  1292. data/lib/pangea/resources/aws_timestream_database/types.rb +1 -1
  1293. data/lib/pangea/resources/aws_timestream_influx_db_instance/types.rb +1 -1
  1294. data/lib/pangea/resources/aws_timestream_scheduled_query/types.rb +5 -5
  1295. data/lib/pangea/resources/aws_timestream_table/types.rb +4 -4
  1296. data/lib/pangea/resources/aws_timestream_table_retention_properties/types.rb +1 -1
  1297. data/lib/pangea/resources/aws_volume_attachment/types.rb +1 -1
  1298. data/lib/pangea/resources/aws_vpc_dhcp_options_association/types.rb +1 -1
  1299. data/lib/pangea/resources/aws_vpc_endpoint/types.rb +1 -1
  1300. data/lib/pangea/resources/aws_vpc_endpoint_connection_accepter/types.rb +1 -1
  1301. data/lib/pangea/resources/aws_vpc_endpoint_connection_notification/types.rb +1 -1
  1302. data/lib/pangea/resources/aws_vpc_endpoint_route_table_association/types.rb +1 -1
  1303. data/lib/pangea/resources/aws_vpc_endpoint_service/types.rb +1 -1
  1304. data/lib/pangea/resources/aws_vpc_endpoint_service_allowed_principal/types.rb +1 -1
  1305. data/lib/pangea/resources/aws_vpc_endpoint_subnet_association/types.rb +1 -1
  1306. data/lib/pangea/resources/aws_vpc_network_performance_metric_subscription/types.rb +1 -1
  1307. data/lib/pangea/resources/aws_vpc_peering_connection/types.rb +3 -3
  1308. data/lib/pangea/resources/aws_vpc_peering_connection_accepter/types.rb +1 -1
  1309. data/lib/pangea/resources/aws_vpc_peering_connection_options/types.rb +1 -1
  1310. data/lib/pangea/resources/aws_vpc_security_group_egress_rule/types.rb +1 -1
  1311. data/lib/pangea/resources/aws_vpc_security_group_ingress_rule/types.rb +1 -1
  1312. data/lib/pangea/resources/aws_vpn_connection/types.rb +1 -1
  1313. data/lib/pangea/resources/aws_vpn_gateway/types.rb +1 -1
  1314. data/lib/pangea/resources/aws_wafv2_regex_pattern_set/types/configs.rb +116 -0
  1315. data/lib/pangea/resources/aws_wafv2_regex_pattern_set/types/helpers.rb +106 -0
  1316. data/lib/pangea/resources/aws_wafv2_regex_pattern_set/types.rb +66 -226
  1317. data/lib/pangea/resources/aws_wafv2_rule_group/resource/actions.rb +83 -0
  1318. data/lib/pangea/resources/aws_wafv2_rule_group/resource/dsl_builder.rb +107 -0
  1319. data/lib/pangea/resources/aws_wafv2_rule_group/resource/field_to_match.rb +45 -0
  1320. data/lib/pangea/resources/aws_wafv2_rule_group/resource/statements.rb +137 -0
  1321. data/lib/pangea/resources/aws_wafv2_rule_group/resource.rb +127 -379
  1322. data/lib/pangea/resources/aws_wafv2_rule_group/types/actions.rb +78 -0
  1323. data/lib/pangea/resources/aws_wafv2_rule_group/types/computed.rb +65 -0
  1324. data/lib/pangea/resources/aws_wafv2_rule_group/types/rule_schema.rb +53 -0
  1325. data/lib/pangea/resources/aws_wafv2_rule_group/types/schemas.rb +74 -0
  1326. data/lib/pangea/resources/aws_wafv2_rule_group/types/validators.rb +121 -0
  1327. data/lib/pangea/resources/aws_wafv2_rule_group/types.rb +14 -231
  1328. data/lib/pangea/resources/aws_wafv2_web_acl/resource/dsl_builder/default_action.rb +60 -0
  1329. data/lib/pangea/resources/aws_wafv2_web_acl/resource/dsl_builder/field_to_match.rb +65 -0
  1330. data/lib/pangea/resources/aws_wafv2_web_acl/resource/dsl_builder/rules.rb +89 -0
  1331. data/lib/pangea/resources/aws_wafv2_web_acl/resource/dsl_builder/statements.rb +166 -0
  1332. data/lib/pangea/resources/aws_wafv2_web_acl/resource/dsl_builder.rb +42 -0
  1333. data/lib/pangea/resources/aws_wafv2_web_acl/resource.rb +48 -450
  1334. data/lib/pangea/resources/aws_wafv2_web_acl/types/default_action.rb +57 -0
  1335. data/lib/pangea/resources/aws_wafv2_web_acl/types/rule.rb +60 -0
  1336. data/lib/pangea/resources/aws_wafv2_web_acl/types/rule_action.rb +76 -0
  1337. data/lib/pangea/resources/aws_wafv2_web_acl/types/statement.rb +176 -0
  1338. data/lib/pangea/resources/aws_wafv2_web_acl/types/visibility_config.rb +35 -0
  1339. data/lib/pangea/resources/aws_wafv2_web_acl/types/web_acl_attributes.rb +158 -0
  1340. data/lib/pangea/resources/aws_wafv2_web_acl/types.rb +8 -526
  1341. data/lib/pangea/resources/aws_wavelength/application_deployment.rb +78 -0
  1342. data/lib/pangea/resources/aws_wavelength/carrier_gateway.rb +62 -0
  1343. data/lib/pangea/resources/aws_wavelength/deployment.rb +68 -0
  1344. data/lib/pangea/resources/aws_wavelength/edge_location.rb +66 -0
  1345. data/lib/pangea/resources/aws_wavelength/network_interface.rb +77 -0
  1346. data/lib/pangea/resources/aws_wavelength/workload.rb +74 -0
  1347. data/lib/pangea/resources/aws_wavelength.rb +11 -307
  1348. data/lib/pangea/resources/aws_workspaces_bundle/types/compute.rb +70 -0
  1349. data/lib/pangea/resources/aws_workspaces_bundle/types/storage.rb +71 -0
  1350. data/lib/pangea/resources/aws_workspaces_bundle/types.rb +40 -165
  1351. data/lib/pangea/resources/aws_workspaces_directory/types/self_service_permissions_type.rb +54 -0
  1352. data/lib/pangea/resources/aws_workspaces_directory/types/workspace_access_properties_type.rb +68 -0
  1353. data/lib/pangea/resources/aws_workspaces_directory/types/workspace_creation_properties_type.rb +61 -0
  1354. data/lib/pangea/resources/aws_workspaces_directory/types.rb +13 -168
  1355. data/lib/pangea/resources/builders/output_builder.rb +158 -0
  1356. data/lib/pangea/resources/cloudflare_access_rule/resource.rb +71 -0
  1357. data/lib/pangea/resources/cloudflare_access_rule/types.rb +93 -0
  1358. data/lib/pangea/resources/cloudflare_account/resource.rb +28 -0
  1359. data/lib/pangea/resources/cloudflare_account/types.rb +12 -0
  1360. data/lib/pangea/resources/cloudflare_account_dns_settings/resource.rb +27 -0
  1361. data/lib/pangea/resources/cloudflare_account_dns_settings/types.rb +11 -0
  1362. data/lib/pangea/resources/cloudflare_account_dns_settings_internal_view/resource.rb +27 -0
  1363. data/lib/pangea/resources/cloudflare_account_dns_settings_internal_view/types.rb +11 -0
  1364. data/lib/pangea/resources/cloudflare_account_member/resource.rb +29 -0
  1365. data/lib/pangea/resources/cloudflare_account_member/types.rb +13 -0
  1366. data/lib/pangea/resources/cloudflare_account_subscription/resource.rb +27 -0
  1367. data/lib/pangea/resources/cloudflare_account_subscription/types.rb +11 -0
  1368. data/lib/pangea/resources/cloudflare_account_token/resource.rb +27 -0
  1369. data/lib/pangea/resources/cloudflare_account_token/types.rb +11 -0
  1370. data/lib/pangea/resources/cloudflare_address_map/resource.rb +26 -0
  1371. data/lib/pangea/resources/cloudflare_address_map/types.rb +10 -0
  1372. data/lib/pangea/resources/cloudflare_api_shield/resource.rb +27 -0
  1373. data/lib/pangea/resources/cloudflare_api_shield/types.rb +11 -0
  1374. data/lib/pangea/resources/cloudflare_api_shield_discovery_operation/resource.rb +27 -0
  1375. data/lib/pangea/resources/cloudflare_api_shield_discovery_operation/types.rb +11 -0
  1376. data/lib/pangea/resources/cloudflare_api_shield_operation/resource.rb +29 -0
  1377. data/lib/pangea/resources/cloudflare_api_shield_operation/types.rb +13 -0
  1378. data/lib/pangea/resources/cloudflare_api_shield_operation_schema_validation_settings/resource.rb +27 -0
  1379. data/lib/pangea/resources/cloudflare_api_shield_operation_schema_validation_settings/types.rb +11 -0
  1380. data/lib/pangea/resources/cloudflare_api_shield_schema/resource.rb +30 -0
  1381. data/lib/pangea/resources/cloudflare_api_shield_schema/types.rb +14 -0
  1382. data/lib/pangea/resources/cloudflare_api_shield_schema_validation_settings/resource.rb +27 -0
  1383. data/lib/pangea/resources/cloudflare_api_shield_schema_validation_settings/types.rb +11 -0
  1384. data/lib/pangea/resources/cloudflare_api_token/resource.rb +33 -0
  1385. data/lib/pangea/resources/cloudflare_api_token/types.rb +14 -0
  1386. data/lib/pangea/resources/cloudflare_argo/resource.rb +91 -0
  1387. data/lib/pangea/resources/cloudflare_argo/types.rb +92 -0
  1388. data/lib/pangea/resources/cloudflare_authenticated_origin_pulls/resource.rb +29 -0
  1389. data/lib/pangea/resources/cloudflare_authenticated_origin_pulls/types.rb +13 -0
  1390. data/lib/pangea/resources/cloudflare_authenticated_origin_pulls_certificate/resource.rb +33 -0
  1391. data/lib/pangea/resources/cloudflare_authenticated_origin_pulls_certificate/types.rb +13 -0
  1392. data/lib/pangea/resources/cloudflare_authenticated_origin_pulls_settings/resource.rb +26 -0
  1393. data/lib/pangea/resources/cloudflare_authenticated_origin_pulls_settings/types.rb +10 -0
  1394. data/lib/pangea/resources/cloudflare_bot_management/resource.rb +31 -0
  1395. data/lib/pangea/resources/cloudflare_bot_management/types.rb +15 -0
  1396. data/lib/pangea/resources/cloudflare_byo_ip_prefix/resource.rb +27 -0
  1397. data/lib/pangea/resources/cloudflare_byo_ip_prefix/types.rb +11 -0
  1398. data/lib/pangea/resources/cloudflare_calls_sfu_app/resource.rb +27 -0
  1399. data/lib/pangea/resources/cloudflare_calls_sfu_app/types.rb +11 -0
  1400. data/lib/pangea/resources/cloudflare_calls_turn_app/resource.rb +27 -0
  1401. data/lib/pangea/resources/cloudflare_calls_turn_app/types.rb +11 -0
  1402. data/lib/pangea/resources/cloudflare_certificate_pack/resource.rb +26 -0
  1403. data/lib/pangea/resources/cloudflare_certificate_pack/types.rb +10 -0
  1404. data/lib/pangea/resources/cloudflare_cloud_connector_rules/resource.rb +27 -0
  1405. data/lib/pangea/resources/cloudflare_cloud_connector_rules/types.rb +11 -0
  1406. data/lib/pangea/resources/cloudflare_cloudforce_one_request/resource.rb +27 -0
  1407. data/lib/pangea/resources/cloudflare_cloudforce_one_request/types.rb +11 -0
  1408. data/lib/pangea/resources/cloudflare_cloudforce_one_request_asset/resource.rb +27 -0
  1409. data/lib/pangea/resources/cloudflare_cloudforce_one_request_asset/types.rb +11 -0
  1410. data/lib/pangea/resources/cloudflare_cloudforce_one_request_message/resource.rb +27 -0
  1411. data/lib/pangea/resources/cloudflare_cloudforce_one_request_message/types.rb +11 -0
  1412. data/lib/pangea/resources/cloudflare_cloudforce_one_request_priority/resource.rb +27 -0
  1413. data/lib/pangea/resources/cloudflare_cloudforce_one_request_priority/types.rb +11 -0
  1414. data/lib/pangea/resources/cloudflare_content_scanning/resource.rb +27 -0
  1415. data/lib/pangea/resources/cloudflare_content_scanning/types.rb +11 -0
  1416. data/lib/pangea/resources/cloudflare_content_scanning_expression/resource.rb +27 -0
  1417. data/lib/pangea/resources/cloudflare_content_scanning_expression/types.rb +11 -0
  1418. data/lib/pangea/resources/cloudflare_custom_hostname/resource.rb +157 -0
  1419. data/lib/pangea/resources/cloudflare_custom_hostname/types/ssl_types.rb +145 -0
  1420. data/lib/pangea/resources/cloudflare_custom_hostname/types.rb +107 -0
  1421. data/lib/pangea/resources/cloudflare_custom_hostname_fallback_origin/resource.rb +27 -0
  1422. data/lib/pangea/resources/cloudflare_custom_hostname_fallback_origin/types.rb +11 -0
  1423. data/lib/pangea/resources/cloudflare_custom_pages/resource.rb +27 -0
  1424. data/lib/pangea/resources/cloudflare_custom_pages/types.rb +11 -0
  1425. data/lib/pangea/resources/cloudflare_custom_ssl/resource.rb +36 -0
  1426. data/lib/pangea/resources/cloudflare_custom_ssl/types.rb +16 -0
  1427. data/lib/pangea/resources/cloudflare_d1_database/resource.rb +92 -0
  1428. data/lib/pangea/resources/cloudflare_d1_database/types.rb +110 -0
  1429. data/lib/pangea/resources/cloudflare_dns_firewall/resource.rb +27 -0
  1430. data/lib/pangea/resources/cloudflare_dns_firewall/types.rb +11 -0
  1431. data/lib/pangea/resources/cloudflare_dns_zone_transfers_acl/resource.rb +27 -0
  1432. data/lib/pangea/resources/cloudflare_dns_zone_transfers_acl/types.rb +11 -0
  1433. data/lib/pangea/resources/cloudflare_dns_zone_transfers_incoming/resource.rb +27 -0
  1434. data/lib/pangea/resources/cloudflare_dns_zone_transfers_incoming/types.rb +11 -0
  1435. data/lib/pangea/resources/cloudflare_dns_zone_transfers_outgoing/resource.rb +26 -0
  1436. data/lib/pangea/resources/cloudflare_dns_zone_transfers_outgoing/types.rb +10 -0
  1437. data/lib/pangea/resources/cloudflare_dns_zone_transfers_peer/resource.rb +26 -0
  1438. data/lib/pangea/resources/cloudflare_dns_zone_transfers_peer/types.rb +10 -0
  1439. data/lib/pangea/resources/cloudflare_dns_zone_transfers_tsig/resource.rb +26 -0
  1440. data/lib/pangea/resources/cloudflare_dns_zone_transfers_tsig/types.rb +10 -0
  1441. data/lib/pangea/resources/cloudflare_email_routing_address/resource.rb +26 -0
  1442. data/lib/pangea/resources/cloudflare_email_routing_address/types.rb +10 -0
  1443. data/lib/pangea/resources/cloudflare_email_routing_catch_all/resource.rb +26 -0
  1444. data/lib/pangea/resources/cloudflare_email_routing_catch_all/types.rb +10 -0
  1445. data/lib/pangea/resources/cloudflare_email_routing_dns/resource.rb +27 -0
  1446. data/lib/pangea/resources/cloudflare_email_routing_dns/types.rb +11 -0
  1447. data/lib/pangea/resources/cloudflare_email_routing_rule/resource.rb +26 -0
  1448. data/lib/pangea/resources/cloudflare_email_routing_rule/types.rb +10 -0
  1449. data/lib/pangea/resources/cloudflare_email_routing_settings/resource.rb +26 -0
  1450. data/lib/pangea/resources/cloudflare_email_routing_settings/types.rb +10 -0
  1451. data/lib/pangea/resources/cloudflare_email_security_block_sender/resource.rb +27 -0
  1452. data/lib/pangea/resources/cloudflare_email_security_block_sender/types.rb +11 -0
  1453. data/lib/pangea/resources/cloudflare_email_security_impersonation_registry/resource.rb +27 -0
  1454. data/lib/pangea/resources/cloudflare_email_security_impersonation_registry/types.rb +11 -0
  1455. data/lib/pangea/resources/cloudflare_email_security_trusted_domains/resource.rb +27 -0
  1456. data/lib/pangea/resources/cloudflare_email_security_trusted_domains/types.rb +11 -0
  1457. data/lib/pangea/resources/cloudflare_filter/resource.rb +64 -0
  1458. data/lib/pangea/resources/cloudflare_filter/types.rb +54 -0
  1459. data/lib/pangea/resources/cloudflare_firewall_rule/resource.rb +70 -0
  1460. data/lib/pangea/resources/cloudflare_firewall_rule/types.rb +64 -0
  1461. data/lib/pangea/resources/cloudflare_healthcheck/resource.rb +138 -0
  1462. data/lib/pangea/resources/cloudflare_healthcheck/types.rb +192 -0
  1463. data/lib/pangea/resources/cloudflare_hostname_tls_setting/resource.rb +26 -0
  1464. data/lib/pangea/resources/cloudflare_hostname_tls_setting/types.rb +10 -0
  1465. data/lib/pangea/resources/cloudflare_hyperdrive_config/resource.rb +176 -0
  1466. data/lib/pangea/resources/cloudflare_hyperdrive_config/types/attributes.rb +125 -0
  1467. data/lib/pangea/resources/cloudflare_hyperdrive_config/types/caching.rb +52 -0
  1468. data/lib/pangea/resources/cloudflare_hyperdrive_config/types/enums.rb +37 -0
  1469. data/lib/pangea/resources/cloudflare_hyperdrive_config/types/mtls.rb +52 -0
  1470. data/lib/pangea/resources/cloudflare_hyperdrive_config/types/origin.rb +89 -0
  1471. data/lib/pangea/resources/cloudflare_hyperdrive_config/types.rb +23 -0
  1472. data/lib/pangea/resources/cloudflare_image/resource.rb +27 -0
  1473. data/lib/pangea/resources/cloudflare_image/types.rb +11 -0
  1474. data/lib/pangea/resources/cloudflare_image_variant/resource.rb +26 -0
  1475. data/lib/pangea/resources/cloudflare_image_variant/types.rb +10 -0
  1476. data/lib/pangea/resources/cloudflare_keyless_certificate/resource.rb +26 -0
  1477. data/lib/pangea/resources/cloudflare_keyless_certificate/types.rb +10 -0
  1478. data/lib/pangea/resources/cloudflare_leaked_credential_check/resource.rb +27 -0
  1479. data/lib/pangea/resources/cloudflare_leaked_credential_check/types.rb +11 -0
  1480. data/lib/pangea/resources/cloudflare_leaked_credential_check_rule/resource.rb +27 -0
  1481. data/lib/pangea/resources/cloudflare_leaked_credential_check_rule/types.rb +11 -0
  1482. data/lib/pangea/resources/cloudflare_list/resource.rb +57 -0
  1483. data/lib/pangea/resources/cloudflare_list/types.rb +49 -0
  1484. data/lib/pangea/resources/cloudflare_list_item/resource.rb +130 -0
  1485. data/lib/pangea/resources/cloudflare_list_item/types.rb +183 -0
  1486. data/lib/pangea/resources/cloudflare_load_balancer/resource.rb +97 -0
  1487. data/lib/pangea/resources/cloudflare_load_balancer/types.rb +75 -0
  1488. data/lib/pangea/resources/cloudflare_load_balancer_monitor/resource.rb +78 -0
  1489. data/lib/pangea/resources/cloudflare_load_balancer_monitor/types.rb +62 -0
  1490. data/lib/pangea/resources/cloudflare_load_balancer_pool/resource.rb +78 -0
  1491. data/lib/pangea/resources/cloudflare_load_balancer_pool/types.rb +81 -0
  1492. data/lib/pangea/resources/cloudflare_logpull_retention/resource.rb +27 -0
  1493. data/lib/pangea/resources/cloudflare_logpull_retention/types.rb +11 -0
  1494. data/lib/pangea/resources/cloudflare_logpush_job/resource.rb +40 -0
  1495. data/lib/pangea/resources/cloudflare_logpush_job/types.rb +24 -0
  1496. data/lib/pangea/resources/cloudflare_logpush_ownership_challenge/resource.rb +27 -0
  1497. data/lib/pangea/resources/cloudflare_logpush_ownership_challenge/types.rb +11 -0
  1498. data/lib/pangea/resources/cloudflare_magic_network_monitoring_configuration/resource.rb +27 -0
  1499. data/lib/pangea/resources/cloudflare_magic_network_monitoring_configuration/types.rb +11 -0
  1500. data/lib/pangea/resources/cloudflare_magic_network_monitoring_rule/resource.rb +27 -0
  1501. data/lib/pangea/resources/cloudflare_magic_network_monitoring_rule/types.rb +11 -0
  1502. data/lib/pangea/resources/cloudflare_magic_transit_connector/resource.rb +27 -0
  1503. data/lib/pangea/resources/cloudflare_magic_transit_connector/types.rb +11 -0
  1504. data/lib/pangea/resources/cloudflare_magic_transit_site/resource.rb +27 -0
  1505. data/lib/pangea/resources/cloudflare_magic_transit_site/types.rb +11 -0
  1506. data/lib/pangea/resources/cloudflare_magic_transit_site_acl/resource.rb +27 -0
  1507. data/lib/pangea/resources/cloudflare_magic_transit_site_acl/types.rb +11 -0
  1508. data/lib/pangea/resources/cloudflare_magic_transit_site_lan/resource.rb +27 -0
  1509. data/lib/pangea/resources/cloudflare_magic_transit_site_lan/types.rb +11 -0
  1510. data/lib/pangea/resources/cloudflare_magic_transit_site_wan/resource.rb +27 -0
  1511. data/lib/pangea/resources/cloudflare_magic_transit_site_wan/types.rb +11 -0
  1512. data/lib/pangea/resources/cloudflare_magic_wan_gre_tunnel/resource.rb +27 -0
  1513. data/lib/pangea/resources/cloudflare_magic_wan_gre_tunnel/types.rb +11 -0
  1514. data/lib/pangea/resources/cloudflare_magic_wan_ipsec_tunnel/resource.rb +27 -0
  1515. data/lib/pangea/resources/cloudflare_magic_wan_ipsec_tunnel/types.rb +11 -0
  1516. data/lib/pangea/resources/cloudflare_magic_wan_static_route/resource.rb +27 -0
  1517. data/lib/pangea/resources/cloudflare_magic_wan_static_route/types.rb +11 -0
  1518. data/lib/pangea/resources/cloudflare_managed_transforms/resource.rb +36 -0
  1519. data/lib/pangea/resources/cloudflare_managed_transforms/types.rb +12 -0
  1520. data/lib/pangea/resources/cloudflare_mtls_certificate/resource.rb +34 -0
  1521. data/lib/pangea/resources/cloudflare_mtls_certificate/types.rb +14 -0
  1522. data/lib/pangea/resources/cloudflare_notification_policy/resource.rb +34 -0
  1523. data/lib/pangea/resources/cloudflare_notification_policy/types.rb +18 -0
  1524. data/lib/pangea/resources/cloudflare_notification_policy_webhooks/resource.rb +27 -0
  1525. data/lib/pangea/resources/cloudflare_notification_policy_webhooks/types.rb +11 -0
  1526. data/lib/pangea/resources/cloudflare_observatory_scheduled_test/resource.rb +27 -0
  1527. data/lib/pangea/resources/cloudflare_observatory_scheduled_test/types.rb +11 -0
  1528. data/lib/pangea/resources/cloudflare_organization/resource.rb +27 -0
  1529. data/lib/pangea/resources/cloudflare_organization/types.rb +11 -0
  1530. data/lib/pangea/resources/cloudflare_organization_profile/resource.rb +27 -0
  1531. data/lib/pangea/resources/cloudflare_organization_profile/types.rb +11 -0
  1532. data/lib/pangea/resources/cloudflare_origin_ca_certificate/resource.rb +97 -0
  1533. data/lib/pangea/resources/cloudflare_origin_ca_certificate/types.rb +125 -0
  1534. data/lib/pangea/resources/cloudflare_page_rule/resource.rb +78 -0
  1535. data/lib/pangea/resources/cloudflare_page_rule/types.rb +71 -0
  1536. data/lib/pangea/resources/cloudflare_page_shield_policy/resource.rb +27 -0
  1537. data/lib/pangea/resources/cloudflare_page_shield_policy/types.rb +11 -0
  1538. data/lib/pangea/resources/cloudflare_pages_domain/resource.rb +28 -0
  1539. data/lib/pangea/resources/cloudflare_pages_domain/types.rb +12 -0
  1540. data/lib/pangea/resources/cloudflare_pages_project/resource/deployment_config.rb +80 -0
  1541. data/lib/pangea/resources/cloudflare_pages_project/resource/main.rb +75 -0
  1542. data/lib/pangea/resources/cloudflare_pages_project/resource.rb +19 -0
  1543. data/lib/pangea/resources/cloudflare_pages_project/types/attributes.rb +51 -0
  1544. data/lib/pangea/resources/cloudflare_pages_project/types/bindings.rb +38 -0
  1545. data/lib/pangea/resources/cloudflare_pages_project/types/build_config.rb +55 -0
  1546. data/lib/pangea/resources/cloudflare_pages_project/types/deployment_config.rb +83 -0
  1547. data/lib/pangea/resources/cloudflare_pages_project/types.rb +27 -0
  1548. data/lib/pangea/resources/cloudflare_queue/resource.rb +108 -0
  1549. data/lib/pangea/resources/cloudflare_queue/types.rb +132 -0
  1550. data/lib/pangea/resources/cloudflare_queue_consumer/resource.rb +31 -0
  1551. data/lib/pangea/resources/cloudflare_queue_consumer/types.rb +15 -0
  1552. data/lib/pangea/resources/cloudflare_r2_bucket/resource.rb +91 -0
  1553. data/lib/pangea/resources/cloudflare_r2_bucket/types.rb +101 -0
  1554. data/lib/pangea/resources/cloudflare_r2_bucket_cors/resource.rb +130 -0
  1555. data/lib/pangea/resources/cloudflare_r2_bucket_cors/types/attributes.rb +105 -0
  1556. data/lib/pangea/resources/cloudflare_r2_bucket_cors/types/cors_allowed.rb +59 -0
  1557. data/lib/pangea/resources/cloudflare_r2_bucket_cors/types/cors_method.rb +34 -0
  1558. data/lib/pangea/resources/cloudflare_r2_bucket_cors/types/cors_rule.rb +74 -0
  1559. data/lib/pangea/resources/cloudflare_r2_bucket_cors/types.rb +22 -0
  1560. data/lib/pangea/resources/cloudflare_r2_bucket_event_notification/resource.rb +31 -0
  1561. data/lib/pangea/resources/cloudflare_r2_bucket_event_notification/types.rb +15 -0
  1562. data/lib/pangea/resources/cloudflare_r2_bucket_lifecycle/resource.rb +31 -0
  1563. data/lib/pangea/resources/cloudflare_r2_bucket_lifecycle/types.rb +26 -0
  1564. data/lib/pangea/resources/cloudflare_r2_bucket_lock/resource.rb +29 -0
  1565. data/lib/pangea/resources/cloudflare_r2_bucket_lock/types.rb +13 -0
  1566. data/lib/pangea/resources/cloudflare_r2_bucket_sippy/resource.rb +26 -0
  1567. data/lib/pangea/resources/cloudflare_r2_bucket_sippy/types.rb +10 -0
  1568. data/lib/pangea/resources/cloudflare_r2_custom_domain/resource.rb +28 -0
  1569. data/lib/pangea/resources/cloudflare_r2_custom_domain/types.rb +12 -0
  1570. data/lib/pangea/resources/cloudflare_r2_managed_domain/resource.rb +26 -0
  1571. data/lib/pangea/resources/cloudflare_r2_managed_domain/types.rb +10 -0
  1572. data/lib/pangea/resources/cloudflare_rate_limit/resource.rb +129 -0
  1573. data/lib/pangea/resources/cloudflare_rate_limit/types.rb +143 -0
  1574. data/lib/pangea/resources/cloudflare_record/resource.rb +91 -0
  1575. data/lib/pangea/resources/cloudflare_record/types.rb +114 -0
  1576. data/lib/pangea/resources/cloudflare_regional_hostname/resource.rb +27 -0
  1577. data/lib/pangea/resources/cloudflare_regional_hostname/types.rb +11 -0
  1578. data/lib/pangea/resources/cloudflare_regional_tiered_cache/resource.rb +82 -0
  1579. data/lib/pangea/resources/cloudflare_regional_tiered_cache/types.rb +73 -0
  1580. data/lib/pangea/resources/cloudflare_registrar_domain/resource.rb +27 -0
  1581. data/lib/pangea/resources/cloudflare_registrar_domain/types.rb +11 -0
  1582. data/lib/pangea/resources/cloudflare_ruleset/resource.rb +113 -0
  1583. data/lib/pangea/resources/cloudflare_ruleset/types/ruleset_rule.rb +84 -0
  1584. data/lib/pangea/resources/cloudflare_ruleset/types.rb +155 -0
  1585. data/lib/pangea/resources/cloudflare_schema_validation_operation_settings/resource.rb +27 -0
  1586. data/lib/pangea/resources/cloudflare_schema_validation_operation_settings/types.rb +11 -0
  1587. data/lib/pangea/resources/cloudflare_schema_validation_schemas/resource.rb +27 -0
  1588. data/lib/pangea/resources/cloudflare_schema_validation_schemas/types.rb +11 -0
  1589. data/lib/pangea/resources/cloudflare_schema_validation_settings/resource.rb +27 -0
  1590. data/lib/pangea/resources/cloudflare_schema_validation_settings/types.rb +11 -0
  1591. data/lib/pangea/resources/cloudflare_snippet/resource.rb +27 -0
  1592. data/lib/pangea/resources/cloudflare_snippet/types.rb +11 -0
  1593. data/lib/pangea/resources/cloudflare_snippet_rules/resource.rb +27 -0
  1594. data/lib/pangea/resources/cloudflare_snippet_rules/types.rb +11 -0
  1595. data/lib/pangea/resources/cloudflare_spectrum_application/resource.rb +122 -0
  1596. data/lib/pangea/resources/cloudflare_spectrum_application/types.rb +147 -0
  1597. data/lib/pangea/resources/cloudflare_static_route/resource.rb +119 -0
  1598. data/lib/pangea/resources/cloudflare_static_route/types.rb +131 -0
  1599. data/lib/pangea/resources/cloudflare_stream/resource.rb +35 -0
  1600. data/lib/pangea/resources/cloudflare_stream/types.rb +15 -0
  1601. data/lib/pangea/resources/cloudflare_stream_audio_track/resource.rb +27 -0
  1602. data/lib/pangea/resources/cloudflare_stream_audio_track/types.rb +11 -0
  1603. data/lib/pangea/resources/cloudflare_stream_caption_language/resource.rb +27 -0
  1604. data/lib/pangea/resources/cloudflare_stream_caption_language/types.rb +11 -0
  1605. data/lib/pangea/resources/cloudflare_stream_download/resource.rb +27 -0
  1606. data/lib/pangea/resources/cloudflare_stream_download/types.rb +11 -0
  1607. data/lib/pangea/resources/cloudflare_stream_key/resource.rb +27 -0
  1608. data/lib/pangea/resources/cloudflare_stream_key/types.rb +11 -0
  1609. data/lib/pangea/resources/cloudflare_stream_live_input/resource.rb +27 -0
  1610. data/lib/pangea/resources/cloudflare_stream_live_input/types.rb +11 -0
  1611. data/lib/pangea/resources/cloudflare_stream_watermark/resource.rb +27 -0
  1612. data/lib/pangea/resources/cloudflare_stream_watermark/types.rb +11 -0
  1613. data/lib/pangea/resources/cloudflare_stream_webhook/resource.rb +27 -0
  1614. data/lib/pangea/resources/cloudflare_stream_webhook/types.rb +11 -0
  1615. data/lib/pangea/resources/cloudflare_tiered_cache/resource.rb +83 -0
  1616. data/lib/pangea/resources/cloudflare_tiered_cache/types.rb +74 -0
  1617. data/lib/pangea/resources/cloudflare_total_tls/resource.rb +26 -0
  1618. data/lib/pangea/resources/cloudflare_total_tls/types.rb +10 -0
  1619. data/lib/pangea/resources/cloudflare_turnstile_widget/resource.rb +34 -0
  1620. data/lib/pangea/resources/cloudflare_turnstile_widget/types.rb +15 -0
  1621. data/lib/pangea/resources/cloudflare_url_normalization_settings/resource.rb +27 -0
  1622. data/lib/pangea/resources/cloudflare_url_normalization_settings/types.rb +11 -0
  1623. data/lib/pangea/resources/cloudflare_user/resource.rb +27 -0
  1624. data/lib/pangea/resources/cloudflare_user/types.rb +11 -0
  1625. data/lib/pangea/resources/cloudflare_user_agent_blocking_rule/resource.rb +27 -0
  1626. data/lib/pangea/resources/cloudflare_user_agent_blocking_rule/types.rb +11 -0
  1627. data/lib/pangea/resources/cloudflare_waiting_room/resource.rb +122 -0
  1628. data/lib/pangea/resources/cloudflare_waiting_room/types.rb +171 -0
  1629. data/lib/pangea/resources/cloudflare_waiting_room_event/resource.rb +118 -0
  1630. data/lib/pangea/resources/cloudflare_waiting_room_event/types.rb +153 -0
  1631. data/lib/pangea/resources/cloudflare_waiting_room_rules/resource.rb +40 -0
  1632. data/lib/pangea/resources/cloudflare_waiting_room_rules/types.rb +32 -0
  1633. data/lib/pangea/resources/cloudflare_waiting_room_settings/resource.rb +27 -0
  1634. data/lib/pangea/resources/cloudflare_waiting_room_settings/types.rb +11 -0
  1635. data/lib/pangea/resources/cloudflare_web3_hostname/resource.rb +27 -0
  1636. data/lib/pangea/resources/cloudflare_web3_hostname/types.rb +11 -0
  1637. data/lib/pangea/resources/cloudflare_web_analytics_rule/resource.rb +27 -0
  1638. data/lib/pangea/resources/cloudflare_web_analytics_rule/types.rb +11 -0
  1639. data/lib/pangea/resources/cloudflare_web_analytics_site/resource.rb +33 -0
  1640. data/lib/pangea/resources/cloudflare_web_analytics_site/types.rb +13 -0
  1641. data/lib/pangea/resources/cloudflare_worker/resource.rb +27 -0
  1642. data/lib/pangea/resources/cloudflare_worker/types.rb +11 -0
  1643. data/lib/pangea/resources/cloudflare_worker_route/resource.rb +62 -0
  1644. data/lib/pangea/resources/cloudflare_worker_route/types.rb +50 -0
  1645. data/lib/pangea/resources/cloudflare_worker_script/resource.rb +90 -0
  1646. data/lib/pangea/resources/cloudflare_worker_script/types.rb +109 -0
  1647. data/lib/pangea/resources/cloudflare_worker_version/resource.rb +27 -0
  1648. data/lib/pangea/resources/cloudflare_worker_version/types.rb +11 -0
  1649. data/lib/pangea/resources/cloudflare_workers_cron_trigger/resource.rb +94 -0
  1650. data/lib/pangea/resources/cloudflare_workers_cron_trigger/types.rb +102 -0
  1651. data/lib/pangea/resources/cloudflare_workers_custom_domain/resource.rb +93 -0
  1652. data/lib/pangea/resources/cloudflare_workers_custom_domain/types.rb +93 -0
  1653. data/lib/pangea/resources/cloudflare_workers_deployment/resource.rb +28 -0
  1654. data/lib/pangea/resources/cloudflare_workers_deployment/types.rb +12 -0
  1655. data/lib/pangea/resources/cloudflare_workers_for_platforms_dispatch_namespace/resource.rb +27 -0
  1656. data/lib/pangea/resources/cloudflare_workers_for_platforms_dispatch_namespace/types.rb +11 -0
  1657. data/lib/pangea/resources/cloudflare_workers_kv/resource.rb +98 -0
  1658. data/lib/pangea/resources/cloudflare_workers_kv/types.rb +103 -0
  1659. data/lib/pangea/resources/cloudflare_workers_kv_namespace/resource.rb +84 -0
  1660. data/lib/pangea/resources/cloudflare_workers_kv_namespace/types.rb +74 -0
  1661. data/lib/pangea/resources/cloudflare_workers_script_subdomain/resource.rb +27 -0
  1662. data/lib/pangea/resources/cloudflare_workers_script_subdomain/types.rb +11 -0
  1663. data/lib/pangea/resources/cloudflare_workflow/resource.rb +27 -0
  1664. data/lib/pangea/resources/cloudflare_workflow/types.rb +11 -0
  1665. data/lib/pangea/resources/cloudflare_zero_trust_access_application/block_builders.rb +116 -0
  1666. data/lib/pangea/resources/cloudflare_zero_trust_access_application/resource.rb +161 -0
  1667. data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/attributes.rb +102 -0
  1668. data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/cors_headers.rb +37 -0
  1669. data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/destination.rb +37 -0
  1670. data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/enums.rb +31 -0
  1671. data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/footer_link.rb +31 -0
  1672. data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/landing_page_design.rb +34 -0
  1673. data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/saas_app.rb +44 -0
  1674. data/lib/pangea/resources/cloudflare_zero_trust_access_application/types/scim_config.rb +35 -0
  1675. data/lib/pangea/resources/cloudflare_zero_trust_access_application/types.rb +26 -0
  1676. data/lib/pangea/resources/cloudflare_zero_trust_access_custom_page/resource.rb +26 -0
  1677. data/lib/pangea/resources/cloudflare_zero_trust_access_custom_page/types.rb +10 -0
  1678. data/lib/pangea/resources/cloudflare_zero_trust_access_group/resource.rb +31 -0
  1679. data/lib/pangea/resources/cloudflare_zero_trust_access_group/types.rb +15 -0
  1680. data/lib/pangea/resources/cloudflare_zero_trust_access_identity_provider/resource.rb +31 -0
  1681. data/lib/pangea/resources/cloudflare_zero_trust_access_identity_provider/types.rb +15 -0
  1682. data/lib/pangea/resources/cloudflare_zero_trust_access_infrastructure_target/resource.rb +26 -0
  1683. data/lib/pangea/resources/cloudflare_zero_trust_access_infrastructure_target/types.rb +10 -0
  1684. data/lib/pangea/resources/cloudflare_zero_trust_access_key_configuration/resource.rb +26 -0
  1685. data/lib/pangea/resources/cloudflare_zero_trust_access_key_configuration/types.rb +10 -0
  1686. data/lib/pangea/resources/cloudflare_zero_trust_access_mtls_certificate/resource.rb +26 -0
  1687. data/lib/pangea/resources/cloudflare_zero_trust_access_mtls_certificate/types.rb +10 -0
  1688. data/lib/pangea/resources/cloudflare_zero_trust_access_mtls_hostname_settings/resource.rb +26 -0
  1689. data/lib/pangea/resources/cloudflare_zero_trust_access_mtls_hostname_settings/types.rb +10 -0
  1690. data/lib/pangea/resources/cloudflare_zero_trust_access_policy/resource.rb +39 -0
  1691. data/lib/pangea/resources/cloudflare_zero_trust_access_policy/types.rb +23 -0
  1692. data/lib/pangea/resources/cloudflare_zero_trust_access_service_token/resource.rb +26 -0
  1693. data/lib/pangea/resources/cloudflare_zero_trust_access_service_token/types.rb +10 -0
  1694. data/lib/pangea/resources/cloudflare_zero_trust_access_short_lived_certificate/resource.rb +26 -0
  1695. data/lib/pangea/resources/cloudflare_zero_trust_access_short_lived_certificate/types.rb +10 -0
  1696. data/lib/pangea/resources/cloudflare_zero_trust_access_tag/resource.rb +26 -0
  1697. data/lib/pangea/resources/cloudflare_zero_trust_access_tag/types.rb +10 -0
  1698. data/lib/pangea/resources/cloudflare_zero_trust_device_custom_profile/resource.rb +26 -0
  1699. data/lib/pangea/resources/cloudflare_zero_trust_device_custom_profile/types.rb +10 -0
  1700. data/lib/pangea/resources/cloudflare_zero_trust_device_custom_profile_local_domain_fallback/resource.rb +26 -0
  1701. data/lib/pangea/resources/cloudflare_zero_trust_device_custom_profile_local_domain_fallback/types.rb +10 -0
  1702. data/lib/pangea/resources/cloudflare_zero_trust_device_default_profile/resource.rb +26 -0
  1703. data/lib/pangea/resources/cloudflare_zero_trust_device_default_profile/types.rb +10 -0
  1704. data/lib/pangea/resources/cloudflare_zero_trust_device_default_profile_certificates/resource.rb +26 -0
  1705. data/lib/pangea/resources/cloudflare_zero_trust_device_default_profile_certificates/types.rb +10 -0
  1706. data/lib/pangea/resources/cloudflare_zero_trust_device_default_profile_local_domain_fallback/resource.rb +26 -0
  1707. data/lib/pangea/resources/cloudflare_zero_trust_device_default_profile_local_domain_fallback/types.rb +10 -0
  1708. data/lib/pangea/resources/cloudflare_zero_trust_device_managed_networks/resource.rb +26 -0
  1709. data/lib/pangea/resources/cloudflare_zero_trust_device_managed_networks/types.rb +10 -0
  1710. data/lib/pangea/resources/cloudflare_zero_trust_device_posture_integration/resource.rb +26 -0
  1711. data/lib/pangea/resources/cloudflare_zero_trust_device_posture_integration/types.rb +10 -0
  1712. data/lib/pangea/resources/cloudflare_zero_trust_device_posture_rule/resource.rb +26 -0
  1713. data/lib/pangea/resources/cloudflare_zero_trust_device_posture_rule/types.rb +10 -0
  1714. data/lib/pangea/resources/cloudflare_zero_trust_device_settings/resource.rb +26 -0
  1715. data/lib/pangea/resources/cloudflare_zero_trust_device_settings/types.rb +10 -0
  1716. data/lib/pangea/resources/cloudflare_zero_trust_dex_test/resource.rb +26 -0
  1717. data/lib/pangea/resources/cloudflare_zero_trust_dex_test/types.rb +10 -0
  1718. data/lib/pangea/resources/cloudflare_zero_trust_dlp_custom_entry/resource.rb +26 -0
  1719. data/lib/pangea/resources/cloudflare_zero_trust_dlp_custom_entry/types.rb +10 -0
  1720. data/lib/pangea/resources/cloudflare_zero_trust_dlp_custom_profile/resource.rb +26 -0
  1721. data/lib/pangea/resources/cloudflare_zero_trust_dlp_custom_profile/types.rb +10 -0
  1722. data/lib/pangea/resources/cloudflare_zero_trust_dlp_dataset/resource.rb +26 -0
  1723. data/lib/pangea/resources/cloudflare_zero_trust_dlp_dataset/types.rb +10 -0
  1724. data/lib/pangea/resources/cloudflare_zero_trust_dlp_entry/resource.rb +26 -0
  1725. data/lib/pangea/resources/cloudflare_zero_trust_dlp_entry/types.rb +10 -0
  1726. data/lib/pangea/resources/cloudflare_zero_trust_dlp_integration_entry/resource.rb +26 -0
  1727. data/lib/pangea/resources/cloudflare_zero_trust_dlp_integration_entry/types.rb +10 -0
  1728. data/lib/pangea/resources/cloudflare_zero_trust_dlp_predefined_entry/resource.rb +26 -0
  1729. data/lib/pangea/resources/cloudflare_zero_trust_dlp_predefined_entry/types.rb +10 -0
  1730. data/lib/pangea/resources/cloudflare_zero_trust_dlp_predefined_profile/resource.rb +26 -0
  1731. data/lib/pangea/resources/cloudflare_zero_trust_dlp_predefined_profile/types.rb +10 -0
  1732. data/lib/pangea/resources/cloudflare_zero_trust_dns_location/resource.rb +26 -0
  1733. data/lib/pangea/resources/cloudflare_zero_trust_dns_location/types.rb +10 -0
  1734. data/lib/pangea/resources/cloudflare_zero_trust_gateway_certificate/resource.rb +26 -0
  1735. data/lib/pangea/resources/cloudflare_zero_trust_gateway_certificate/types.rb +10 -0
  1736. data/lib/pangea/resources/cloudflare_zero_trust_gateway_logging/resource.rb +26 -0
  1737. data/lib/pangea/resources/cloudflare_zero_trust_gateway_logging/types.rb +10 -0
  1738. data/lib/pangea/resources/cloudflare_zero_trust_gateway_policy/resource.rb +34 -0
  1739. data/lib/pangea/resources/cloudflare_zero_trust_gateway_policy/types.rb +18 -0
  1740. data/lib/pangea/resources/cloudflare_zero_trust_gateway_proxy_endpoint/resource.rb +26 -0
  1741. data/lib/pangea/resources/cloudflare_zero_trust_gateway_proxy_endpoint/types.rb +10 -0
  1742. data/lib/pangea/resources/cloudflare_zero_trust_gateway_settings/resource.rb +26 -0
  1743. data/lib/pangea/resources/cloudflare_zero_trust_gateway_settings/types.rb +10 -0
  1744. data/lib/pangea/resources/cloudflare_zero_trust_list/resource.rb +26 -0
  1745. data/lib/pangea/resources/cloudflare_zero_trust_list/types.rb +10 -0
  1746. data/lib/pangea/resources/cloudflare_zero_trust_network_hostname_route/resource.rb +26 -0
  1747. data/lib/pangea/resources/cloudflare_zero_trust_network_hostname_route/types.rb +10 -0
  1748. data/lib/pangea/resources/cloudflare_zero_trust_organization/resource.rb +26 -0
  1749. data/lib/pangea/resources/cloudflare_zero_trust_organization/types.rb +10 -0
  1750. data/lib/pangea/resources/cloudflare_zero_trust_risk_behavior/resource.rb +26 -0
  1751. data/lib/pangea/resources/cloudflare_zero_trust_risk_behavior/types.rb +10 -0
  1752. data/lib/pangea/resources/cloudflare_zero_trust_risk_scoring_integration/resource.rb +26 -0
  1753. data/lib/pangea/resources/cloudflare_zero_trust_risk_scoring_integration/types.rb +10 -0
  1754. data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared/resource.rb +33 -0
  1755. data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared/types.rb +13 -0
  1756. data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared_config/resource.rb +28 -0
  1757. data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared_config/types.rb +12 -0
  1758. data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared_route/resource.rb +30 -0
  1759. data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared_route/types.rb +14 -0
  1760. data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared_virtual_network/resource.rb +26 -0
  1761. data/lib/pangea/resources/cloudflare_zero_trust_tunnel_cloudflared_virtual_network/types.rb +10 -0
  1762. data/lib/pangea/resources/cloudflare_zero_trust_tunnel_warp_connector/resource.rb +26 -0
  1763. data/lib/pangea/resources/cloudflare_zero_trust_tunnel_warp_connector/types.rb +10 -0
  1764. data/lib/pangea/resources/cloudflare_zone/resource.rb +71 -0
  1765. data/lib/pangea/resources/cloudflare_zone/types.rb +62 -0
  1766. data/lib/pangea/resources/cloudflare_zone_cache_reserve/resource.rb +27 -0
  1767. data/lib/pangea/resources/cloudflare_zone_cache_reserve/types.rb +11 -0
  1768. data/lib/pangea/resources/cloudflare_zone_cache_variants/resource.rb +27 -0
  1769. data/lib/pangea/resources/cloudflare_zone_cache_variants/types.rb +11 -0
  1770. data/lib/pangea/resources/cloudflare_zone_dns_settings/resource.rb +27 -0
  1771. data/lib/pangea/resources/cloudflare_zone_dns_settings/types.rb +11 -0
  1772. data/lib/pangea/resources/cloudflare_zone_dnssec/resource.rb +96 -0
  1773. data/lib/pangea/resources/cloudflare_zone_dnssec/types.rb +81 -0
  1774. data/lib/pangea/resources/cloudflare_zone_hold/resource.rb +26 -0
  1775. data/lib/pangea/resources/cloudflare_zone_hold/types.rb +10 -0
  1776. data/lib/pangea/resources/cloudflare_zone_lockdown/resource.rb +27 -0
  1777. data/lib/pangea/resources/cloudflare_zone_lockdown/types.rb +11 -0
  1778. data/lib/pangea/resources/cloudflare_zone_settings_override/resource.rb +80 -0
  1779. data/lib/pangea/resources/cloudflare_zone_settings_override/types.rb +64 -0
  1780. data/lib/pangea/resources/cloudflare_zone_subscription/resource.rb +26 -0
  1781. data/lib/pangea/resources/cloudflare_zone_subscription/types.rb +10 -0
  1782. data/lib/pangea/resources/composition/auto_scaling_web_tier.rb +179 -0
  1783. data/lib/pangea/resources/composition/composite_auto_scaling_reference.rb +63 -0
  1784. data/lib/pangea/resources/composition/composite_vpc_reference.rb +73 -0
  1785. data/lib/pangea/resources/composition/composite_web_server_reference.rb +46 -0
  1786. data/lib/pangea/resources/composition/helpers.rb +75 -0
  1787. data/lib/pangea/resources/composition/vpc_with_subnets.rb +143 -0
  1788. data/lib/pangea/resources/composition/web_server.rb +72 -0
  1789. data/lib/pangea/resources/composition.rb +14 -510
  1790. data/lib/pangea/resources/event_driven_example/dynamodb_tables.rb +103 -0
  1791. data/lib/pangea/resources/event_driven_example/eventbridge_buses.rb +68 -0
  1792. data/lib/pangea/resources/event_driven_example/eventbridge_rules.rb +94 -0
  1793. data/lib/pangea/resources/event_driven_example/eventbridge_targets.rb +123 -0
  1794. data/lib/pangea/resources/event_driven_example.rb +48 -254
  1795. data/lib/pangea/resources/hcloud_certificate/resource.rb +50 -0
  1796. data/lib/pangea/resources/hcloud_certificate/types.rb +26 -0
  1797. data/lib/pangea/resources/hcloud_firewall/resource.rb +57 -0
  1798. data/lib/pangea/resources/hcloud_firewall/types.rb +25 -0
  1799. data/lib/pangea/resources/hcloud_firewall_attachment/resource.rb +40 -0
  1800. data/lib/pangea/resources/hcloud_firewall_attachment/types.rb +22 -0
  1801. data/lib/pangea/resources/hcloud_floating_ip/resource.rb +52 -0
  1802. data/lib/pangea/resources/hcloud_floating_ip/types.rb +28 -0
  1803. data/lib/pangea/resources/hcloud_floating_ip_assignment/resource.rb +40 -0
  1804. data/lib/pangea/resources/hcloud_floating_ip_assignment/types.rb +22 -0
  1805. data/lib/pangea/resources/hcloud_load_balancer/resource.rb +57 -0
  1806. data/lib/pangea/resources/hcloud_load_balancer/types.rb +28 -0
  1807. data/lib/pangea/resources/hcloud_load_balancer_network/resource.rb +43 -0
  1808. data/lib/pangea/resources/hcloud_load_balancer_network/types.rb +26 -0
  1809. data/lib/pangea/resources/hcloud_load_balancer_service/resource.rb +70 -0
  1810. data/lib/pangea/resources/hcloud_load_balancer_service/types.rb +29 -0
  1811. data/lib/pangea/resources/hcloud_load_balancer_target/resource.rb +45 -0
  1812. data/lib/pangea/resources/hcloud_load_balancer_target/types.rb +28 -0
  1813. data/lib/pangea/resources/hcloud_managed_certificate/resource.rb +49 -0
  1814. data/lib/pangea/resources/hcloud_managed_certificate/types.rb +25 -0
  1815. data/lib/pangea/resources/hcloud_network/resource.rb +48 -0
  1816. data/lib/pangea/resources/hcloud_network/types.rb +25 -0
  1817. data/lib/pangea/resources/hcloud_network_route/resource.rb +42 -0
  1818. data/lib/pangea/resources/hcloud_network_route/types.rb +23 -0
  1819. data/lib/pangea/resources/hcloud_network_subnet/resource.rb +44 -0
  1820. data/lib/pangea/resources/hcloud_network_subnet/types.rb +27 -0
  1821. data/lib/pangea/resources/hcloud_placement_group/resource.rb +48 -0
  1822. data/lib/pangea/resources/hcloud_placement_group/types.rb +25 -0
  1823. data/lib/pangea/resources/hcloud_primary_ip/resource.rb +52 -0
  1824. data/lib/pangea/resources/hcloud_primary_ip/types.rb +29 -0
  1825. data/lib/pangea/resources/hcloud_rdns/resource.rb +42 -0
  1826. data/lib/pangea/resources/hcloud_rdns/types.rb +23 -0
  1827. data/lib/pangea/resources/hcloud_server/resource.rb +91 -0
  1828. data/lib/pangea/resources/hcloud_server/types.rb +58 -0
  1829. data/lib/pangea/resources/hcloud_server_network/resource.rb +43 -0
  1830. data/lib/pangea/resources/hcloud_server_network/types.rb +26 -0
  1831. data/lib/pangea/resources/hcloud_snapshot/resource.rb +41 -0
  1832. data/lib/pangea/resources/hcloud_snapshot/types.rb +25 -0
  1833. data/lib/pangea/resources/hcloud_ssh_key/resource.rb +73 -0
  1834. data/lib/pangea/resources/hcloud_ssh_key/types.rb +38 -0
  1835. data/lib/pangea/resources/hcloud_uploaded_certificate/resource.rb +44 -0
  1836. data/lib/pangea/resources/hcloud_uploaded_certificate/types.rb +26 -0
  1837. data/lib/pangea/resources/hcloud_volume/resource.rb +53 -0
  1838. data/lib/pangea/resources/hcloud_volume/types.rb +28 -0
  1839. data/lib/pangea/resources/hcloud_volume_attachment/resource.rb +41 -0
  1840. data/lib/pangea/resources/hcloud_volume_attachment/types.rb +25 -0
  1841. data/lib/pangea/resources/hcloud_zone/resource.rb +40 -0
  1842. data/lib/pangea/resources/hcloud_zone/types.rb +24 -0
  1843. data/lib/pangea/resources/hcloud_zone_rrset/resource.rb +44 -0
  1844. data/lib/pangea/resources/hcloud_zone_rrset/types.rb +27 -0
  1845. data/lib/pangea/resources/network_helpers.rb +75 -0
  1846. data/lib/pangea/resources/reference/instance_computed_attributes.rb +78 -0
  1847. data/lib/pangea/resources/reference/subnet_computed_attributes.rb +60 -0
  1848. data/lib/pangea/resources/reference/vpc_computed_attributes.rb +89 -0
  1849. data/lib/pangea/resources/reference.rb +43 -206
  1850. data/lib/pangea/resources/types/aws/compute.rb +103 -0
  1851. data/lib/pangea/resources/types/aws/core.rb +132 -0
  1852. data/lib/pangea/resources/types/aws/database.rb +37 -0
  1853. data/lib/pangea/resources/types/aws/iot.rb +181 -0
  1854. data/lib/pangea/resources/types/aws/iot_analytics.rb +57 -0
  1855. data/lib/pangea/resources/types/aws/load_balancer.rb +99 -0
  1856. data/lib/pangea/resources/types/aws/monitoring.rb +52 -0
  1857. data/lib/pangea/resources/types/aws/networking.rb +74 -0
  1858. data/lib/pangea/resources/types/aws/security.rb +138 -0
  1859. data/lib/pangea/resources/types/aws/storage.rb +60 -0
  1860. data/lib/pangea/resources/types/cloudflare/core.rb +130 -0
  1861. data/lib/pangea/resources/types/cloudflare/load_balancing.rb +104 -0
  1862. data/lib/pangea/resources/types/cloudflare/security.rb +107 -0
  1863. data/lib/pangea/resources/types/cloudflare/workers.rb +60 -0
  1864. data/lib/pangea/resources/types/core.rb +38 -0
  1865. data/lib/pangea/resources/types/hetzner/core.rb +136 -0
  1866. data/lib/pangea/resources/types/index.rb +38 -0
  1867. data/lib/pangea/resources/types.rb +2 -1216
  1868. data/lib/pangea/resources/validators/shared/aws_validators.rb +66 -0
  1869. data/lib/pangea/resources/validators/shared/format_validators.rb +79 -0
  1870. data/lib/pangea/resources/validators/shared/network_validators.rb +106 -0
  1871. data/lib/pangea/resources/validators/shared_validators.rb +49 -0
  1872. data/lib/pangea/utilities/ip_discovery.rb +109 -0
  1873. data/lib/pangea/utilities.rb +1 -0
  1874. data/lib/pangea/validation/base_validator.rb +104 -0
  1875. data/lib/pangea/validation/common_validation_rules.rb +92 -0
  1876. data/lib/pangea/validation/resource_validator.rb +36 -0
  1877. data/lib/pangea/validation/validator_manager.rb +200 -0
  1878. data/lib/pangea/validation/validators/aws_compute_validators.rb +66 -0
  1879. data/lib/pangea/validation/validators/aws_database_validators.rb +100 -0
  1880. data/lib/pangea/validation/validators/aws_network_validators.rb +135 -0
  1881. data/lib/pangea/validation.rb +2 -0
  1882. data/lib/pangea/version.rb +1 -1
  1883. data/lib/pangea.rb +8 -4
  1884. data/pangea.gemspec +4 -2
  1885. data/pkgs/products/pangea/deploy/configmap.yaml +67 -0
  1886. data/pkgs/products/pangea/deploy/crds/infrastructuretemplates.yaml +395 -0
  1887. data/pkgs/products/pangea/deploy/crds/pangeanamespaces.yaml +286 -0
  1888. data/pkgs/products/pangea/deploy/kustomization.yaml +54 -0
  1889. data/pkgs/products/pangea/deploy/namespace.yaml +6 -0
  1890. data/pkgs/products/pangea/deploy/operator-deployment.yaml +138 -0
  1891. data/pkgs/products/pangea/deploy/operator-service.yaml +23 -0
  1892. data/pkgs/products/pangea/deploy/rbac/role.yaml +106 -0
  1893. data/pkgs/products/pangea/deploy/rbac/rolebinding.yaml +15 -0
  1894. data/pkgs/products/pangea/deploy/rbac/serviceaccount.yaml +7 -0
  1895. data/pkgs/products/pangea/deploy/web-deployment.yaml +64 -0
  1896. data/pkgs/products/pangea/deploy/web-service.yaml +19 -0
  1897. data/synthesizer-tests.yaml +72 -0
  1898. metadata +1509 -309
  1899. data/CLAUDE.md +0 -626
  1900. data/OPEN_SOURCE_READINESS.md +0 -170
  1901. data/audit_results/vpc_resources_audit.json +0 -219
  1902. data/examples/basic-web-app/pangea.yaml +0 -36
  1903. data/examples/cicd-pipeline/pangea.yaml +0 -35
  1904. data/examples/data-processing/pangea.yaml +0 -57
  1905. data/examples/disaster-recovery/pangea.yaml +0 -62
  1906. data/examples/global-multi-region/pangea.yaml +0 -61
  1907. data/examples/microservices-platform/pangea.yaml +0 -35
  1908. data/examples/ml-platform/pangea.yaml +0 -58
  1909. data/examples/multi-environment/pangea.yaml +0 -71
  1910. data/examples/multi-tier-architecture/pangea.yaml +0 -49
  1911. data/examples/security-focused/pangea.yaml +0 -60
  1912. data/lib/pangea/architectures/CLAUDE.md +0 -425
  1913. data/lib/pangea/components/CLAUDE.md +0 -350
  1914. data/lib/pangea/components/application_load_balancer/CLAUDE.md +0 -224
  1915. data/lib/pangea/components/carbon_aware_compute/CLAUDE.md +0 -295
  1916. data/lib/pangea/components/green_data_lifecycle/CLAUDE.md +0 -353
  1917. data/lib/pangea/components/public_private_subnets/CLAUDE.md +0 -547
  1918. data/lib/pangea/components/secure_vpc/CLAUDE.md +0 -366
  1919. data/lib/pangea/components/spot_instance_carbon_optimizer/CLAUDE.md +0 -469
  1920. data/lib/pangea/components/sustainable_ml_training/CLAUDE.md +0 -653
  1921. data/lib/pangea/components/web_security_group/CLAUDE.md +0 -690
  1922. data/lib/pangea/components/web_tier_subnets/CLAUDE.md +0 -572
  1923. data/lib/pangea/resources/CLAUDE.md +0 -607
  1924. data/lib/pangea/resources/DATABASE_SERVICES_CLAUDE.md +0 -577
  1925. data/lib/pangea/resources/aws/audit_manager/CLAUDE.md +0 -778
  1926. data/lib/pangea/resources/aws/batch/CLAUDE.md +0 -965
  1927. data/lib/pangea/resources/aws/cloudformation/CLAUDE.md +0 -98
  1928. data/lib/pangea/resources/aws/detective/CLAUDE.md +0 -668
  1929. data/lib/pangea/resources/aws/extended_resources_CLAUDE.md +0 -470
  1930. data/lib/pangea/resources/aws/media_services_CLAUDE.md +0 -494
  1931. data/lib/pangea/resources/aws/opensearch.disabled/CLAUDE.md +0 -480
  1932. data/lib/pangea/resources/aws/security_lake/CLAUDE.md +0 -932
  1933. data/lib/pangea/resources/aws_acm_certificate/CLAUDE.md +0 -290
  1934. data/lib/pangea/resources/aws_acm_certificate_validation/CLAUDE.md +0 -437
  1935. data/lib/pangea/resources/aws_ami/CLAUDE.md +0 -253
  1936. data/lib/pangea/resources/aws_api_gateway_deployment/CLAUDE.md +0 -270
  1937. data/lib/pangea/resources/aws_api_gateway_integration/CLAUDE.md +0 -304
  1938. data/lib/pangea/resources/aws_api_gateway_method/CLAUDE.md +0 -235
  1939. data/lib/pangea/resources/aws_api_gateway_resource/CLAUDE.md +0 -215
  1940. data/lib/pangea/resources/aws_api_gateway_rest_api/CLAUDE.md +0 -152
  1941. data/lib/pangea/resources/aws_api_gateway_stage/CLAUDE.md +0 -308
  1942. data/lib/pangea/resources/aws_appstream_fleet/CLAUDE.md +0 -468
  1943. data/lib/pangea/resources/aws_appsync_datasource/CLAUDE.md +0 -479
  1944. data/lib/pangea/resources/aws_appsync_graphql_api/CLAUDE.md +0 -325
  1945. data/lib/pangea/resources/aws_appsync_resolver/CLAUDE.md +0 -459
  1946. data/lib/pangea/resources/aws_athena_database/CLAUDE.md +0 -276
  1947. data/lib/pangea/resources/aws_athena_named_query/CLAUDE.md +0 -385
  1948. data/lib/pangea/resources/aws_athena_workgroup/CLAUDE.md +0 -315
  1949. data/lib/pangea/resources/aws_autoscaling_attachment/CLAUDE.md +0 -226
  1950. data/lib/pangea/resources/aws_autoscaling_group/CLAUDE.md +0 -263
  1951. data/lib/pangea/resources/aws_autoscaling_lifecycle_hook/CLAUDE.md +0 -357
  1952. data/lib/pangea/resources/aws_autoscaling_notification/CLAUDE.md +0 -405
  1953. data/lib/pangea/resources/aws_autoscaling_policy/CLAUDE.md +0 -278
  1954. data/lib/pangea/resources/aws_autoscaling_schedule/CLAUDE.md +0 -219
  1955. data/lib/pangea/resources/aws_autoscaling_tag/CLAUDE.md +0 -443
  1956. data/lib/pangea/resources/aws_batch_compute_environment/CLAUDE.md +0 -571
  1957. data/lib/pangea/resources/aws_batch_job_definition/CLAUDE.md +0 -714
  1958. data/lib/pangea/resources/aws_batch_job_queue/CLAUDE.md +0 -585
  1959. data/lib/pangea/resources/aws_braket_device/CLAUDE.md +0 -331
  1960. data/lib/pangea/resources/aws_braket_quantum_task/CLAUDE.md +0 -188
  1961. data/lib/pangea/resources/aws_budgets_budget/CLAUDE.md +0 -304
  1962. data/lib/pangea/resources/aws_budgets_budget_action/CLAUDE.md +0 -357
  1963. data/lib/pangea/resources/aws_cloudformation_stack/CLAUDE.md +0 -244
  1964. data/lib/pangea/resources/aws_cloudformation_stack_set/CLAUDE.md +0 -309
  1965. data/lib/pangea/resources/aws_cloudfront_distribution/CLAUDE.md +0 -62
  1966. data/lib/pangea/resources/aws_cloudwatch_composite_alarm/CLAUDE.md +0 -288
  1967. data/lib/pangea/resources/aws_cloudwatch_dashboard/CLAUDE.md +0 -342
  1968. data/lib/pangea/resources/aws_cloudwatch_event_rule/CLAUDE.md +0 -568
  1969. data/lib/pangea/resources/aws_cloudwatch_event_target/CLAUDE.md +0 -625
  1970. data/lib/pangea/resources/aws_cloudwatch_log_destination/CLAUDE.md +0 -388
  1971. data/lib/pangea/resources/aws_cloudwatch_log_destination_policy/CLAUDE.md +0 -479
  1972. data/lib/pangea/resources/aws_cloudwatch_log_group/CLAUDE.md +0 -175
  1973. data/lib/pangea/resources/aws_cloudwatch_log_metric_filter/CLAUDE.md +0 -502
  1974. data/lib/pangea/resources/aws_cloudwatch_log_stream/CLAUDE.md +0 -260
  1975. data/lib/pangea/resources/aws_cloudwatch_log_subscription_filter/CLAUDE.md +0 -473
  1976. data/lib/pangea/resources/aws_cloudwatch_metric_alarm/CLAUDE.md +0 -317
  1977. data/lib/pangea/resources/aws_codeartifact_domain/CLAUDE.md +0 -54
  1978. data/lib/pangea/resources/aws_codeartifact_repository/CLAUDE.md +0 -55
  1979. data/lib/pangea/resources/aws_codebuild_project/CLAUDE.md +0 -304
  1980. data/lib/pangea/resources/aws_codecommit_repository/CLAUDE.md +0 -150
  1981. data/lib/pangea/resources/aws_codedeploy_application/CLAUDE.md +0 -312
  1982. data/lib/pangea/resources/aws_codedeploy_deployment_config/CLAUDE.md +0 -354
  1983. data/lib/pangea/resources/aws_codedeploy_deployment_group/CLAUDE.md +0 -342
  1984. data/lib/pangea/resources/aws_codepipeline/CLAUDE.md +0 -592
  1985. data/lib/pangea/resources/aws_codepipeline_webhook/CLAUDE.md +0 -449
  1986. data/lib/pangea/resources/aws_codestar_connection/CLAUDE.md +0 -55
  1987. data/lib/pangea/resources/aws_cognito_identity_pool/CLAUDE.md +0 -712
  1988. data/lib/pangea/resources/aws_cognito_user_pool/CLAUDE.md +0 -431
  1989. data/lib/pangea/resources/aws_cognito_user_pool_client/CLAUDE.md +0 -542
  1990. data/lib/pangea/resources/aws_cognito_user_pool_domain/CLAUDE.md +0 -524
  1991. data/lib/pangea/resources/aws_config_config_rule/CLAUDE.md +0 -381
  1992. data/lib/pangea/resources/aws_config_configuration_recorder/CLAUDE.md +0 -247
  1993. data/lib/pangea/resources/aws_config_delivery_channel/CLAUDE.md +0 -290
  1994. data/lib/pangea/resources/aws_customer_gateway/CLAUDE.md +0 -458
  1995. data/lib/pangea/resources/aws_db_instance/CLAUDE.md +0 -407
  1996. data/lib/pangea/resources/aws_db_parameter_group/CLAUDE.md +0 -285
  1997. data/lib/pangea/resources/aws_db_subnet_group/CLAUDE.md +0 -189
  1998. data/lib/pangea/resources/aws_device_farm_project/CLAUDE.md +0 -299
  1999. data/lib/pangea/resources/aws_docdb_certificate/CLAUDE.md +0 -96
  2000. data/lib/pangea/resources/aws_docdb_cluster/CLAUDE.md +0 -96
  2001. data/lib/pangea/resources/aws_docdb_cluster_endpoint/CLAUDE.md +0 -96
  2002. data/lib/pangea/resources/aws_docdb_cluster_instance/CLAUDE.md +0 -96
  2003. data/lib/pangea/resources/aws_docdb_cluster_parameter_group/CLAUDE.md +0 -96
  2004. data/lib/pangea/resources/aws_docdb_cluster_snapshot/CLAUDE.md +0 -96
  2005. data/lib/pangea/resources/aws_docdb_event_subscription/CLAUDE.md +0 -96
  2006. data/lib/pangea/resources/aws_docdb_global_cluster/CLAUDE.md +0 -96
  2007. data/lib/pangea/resources/aws_docdb_subnet_group/CLAUDE.md +0 -96
  2008. data/lib/pangea/resources/aws_dynamodb_global_table/CLAUDE.md +0 -184
  2009. data/lib/pangea/resources/aws_dynamodb_table/CLAUDE.md +0 -130
  2010. data/lib/pangea/resources/aws_ebs_volume/CLAUDE.md +0 -275
  2011. data/lib/pangea/resources/aws_ec2_transit_gateway/CLAUDE.md +0 -220
  2012. data/lib/pangea/resources/aws_ec2_transit_gateway_route/CLAUDE.md +0 -458
  2013. data/lib/pangea/resources/aws_ec2_transit_gateway_route_table/CLAUDE.md +0 -384
  2014. data/lib/pangea/resources/aws_ec2_transit_gateway_route_table_association/CLAUDE.md +0 -409
  2015. data/lib/pangea/resources/aws_ec2_transit_gateway_route_table_propagation/CLAUDE.md +0 -433
  2016. data/lib/pangea/resources/aws_ec2_transit_gateway_vpc_attachment/CLAUDE.md +0 -326
  2017. data/lib/pangea/resources/aws_ecr_lifecycle_policy/CLAUDE.md +0 -56
  2018. data/lib/pangea/resources/aws_ecr_replication_configuration/CLAUDE.md +0 -55
  2019. data/lib/pangea/resources/aws_ecr_repository/CLAUDE.md +0 -54
  2020. data/lib/pangea/resources/aws_ecr_repository_policy/CLAUDE.md +0 -55
  2021. data/lib/pangea/resources/aws_ecs_cluster/CLAUDE.md +0 -218
  2022. data/lib/pangea/resources/aws_ecs_cluster_capacity_providers/CLAUDE.md +0 -191
  2023. data/lib/pangea/resources/aws_ecs_service/CLAUDE.md +0 -256
  2024. data/lib/pangea/resources/aws_ecs_task_definition/CLAUDE.md +0 -281
  2025. data/lib/pangea/resources/aws_ecs_task_definition/types_old.rb +0 -439
  2026. data/lib/pangea/resources/aws_efs_access_point/CLAUDE.md +0 -504
  2027. data/lib/pangea/resources/aws_efs_file_system/CLAUDE.md +0 -279
  2028. data/lib/pangea/resources/aws_efs_mount_target/CLAUDE.md +0 -361
  2029. data/lib/pangea/resources/aws_eip/CLAUDE.md +0 -325
  2030. data/lib/pangea/resources/aws_eip_association/CLAUDE.md +0 -96
  2031. data/lib/pangea/resources/aws_eks_addon/CLAUDE.md +0 -271
  2032. data/lib/pangea/resources/aws_eks_cluster/CLAUDE.md +0 -198
  2033. data/lib/pangea/resources/aws_eks_fargate_profile/CLAUDE.md +0 -266
  2034. data/lib/pangea/resources/aws_eks_node_group/CLAUDE.md +0 -258
  2035. data/lib/pangea/resources/aws_elasticache_cluster/CLAUDE.md +0 -240
  2036. data/lib/pangea/resources/aws_elasticache_parameter_group/CLAUDE.md +0 -334
  2037. data/lib/pangea/resources/aws_elasticache_subnet_group/CLAUDE.md +0 -286
  2038. data/lib/pangea/resources/aws_emr_cluster/CLAUDE.md +0 -660
  2039. data/lib/pangea/resources/aws_emr_instance_group/CLAUDE.md +0 -586
  2040. data/lib/pangea/resources/aws_emr_step/CLAUDE.md +0 -560
  2041. data/lib/pangea/resources/aws_eventbridge_bus/CLAUDE.md +0 -208
  2042. data/lib/pangea/resources/aws_eventbridge_rule/CLAUDE.md +0 -232
  2043. data/lib/pangea/resources/aws_eventbridge_target/CLAUDE.md +0 -260
  2044. data/lib/pangea/resources/aws_extended_resources_CLAUDE.md +0 -395
  2045. data/lib/pangea/resources/aws_fsx_lustre_filesystem/CLAUDE.md +0 -383
  2046. data/lib/pangea/resources/aws_gamelift_alias/CLAUDE.md +0 -261
  2047. data/lib/pangea/resources/aws_gamelift_build/CLAUDE.md +0 -233
  2048. data/lib/pangea/resources/aws_gamelift_fleet/CLAUDE.md +0 -191
  2049. data/lib/pangea/resources/aws_gamelift_game_session_queue/CLAUDE.md +0 -282
  2050. data/lib/pangea/resources/aws_gamelift_matchmaking_configuration/CLAUDE.md +0 -288
  2051. data/lib/pangea/resources/aws_glue_catalog_database/CLAUDE.md +0 -161
  2052. data/lib/pangea/resources/aws_glue_catalog_table/CLAUDE.md +0 -387
  2053. data/lib/pangea/resources/aws_glue_job/CLAUDE.md +0 -398
  2054. data/lib/pangea/resources/aws_glue_trigger/CLAUDE.md +0 -454
  2055. data/lib/pangea/resources/aws_iam_group/CLAUDE.md +0 -351
  2056. data/lib/pangea/resources/aws_iam_policy/CLAUDE.md +0 -278
  2057. data/lib/pangea/resources/aws_iam_role/CLAUDE.md +0 -419
  2058. data/lib/pangea/resources/aws_iam_role_policy_attachment/CLAUDE.md +0 -331
  2059. data/lib/pangea/resources/aws_iam_user/CLAUDE.md +0 -312
  2060. data/lib/pangea/resources/aws_instance/CLAUDE.md +0 -396
  2061. data/lib/pangea/resources/aws_internet_gateway/CLAUDE.md +0 -157
  2062. data/lib/pangea/resources/aws_iot_analytics_channel/CLAUDE.md +0 -3
  2063. data/lib/pangea/resources/aws_iot_analytics_datastore/CLAUDE.md +0 -3
  2064. data/lib/pangea/resources/aws_iot_certificate/CLAUDE.md +0 -361
  2065. data/lib/pangea/resources/aws_iot_device_defender_security_profile/CLAUDE.md +0 -3
  2066. data/lib/pangea/resources/aws_iot_policy/CLAUDE.md +0 -27
  2067. data/lib/pangea/resources/aws_iot_security_profile/CLAUDE.md +0 -3
  2068. data/lib/pangea/resources/aws_iot_thing/CLAUDE.md +0 -397
  2069. data/lib/pangea/resources/aws_iot_thing_type/CLAUDE.md +0 -526
  2070. data/lib/pangea/resources/aws_iot_topic_rule/CLAUDE.md +0 -11
  2071. data/lib/pangea/resources/aws_iot_topic_rule_destination/CLAUDE.md +0 -5
  2072. data/lib/pangea/resources/aws_key_pair/CLAUDE.md +0 -357
  2073. data/lib/pangea/resources/aws_kinesis_analytics_application/CLAUDE.md +0 -630
  2074. data/lib/pangea/resources/aws_kinesis_firehose_delivery_stream/CLAUDE.md +0 -532
  2075. data/lib/pangea/resources/aws_kinesis_stream/CLAUDE.md +0 -255
  2076. data/lib/pangea/resources/aws_kinesis_video_stream/CLAUDE.md +0 -595
  2077. data/lib/pangea/resources/aws_lambda_event_source_mapping/CLAUDE.md +0 -316
  2078. data/lib/pangea/resources/aws_lambda_function/CLAUDE.md +0 -255
  2079. data/lib/pangea/resources/aws_lambda_layer_version/CLAUDE.md +0 -322
  2080. data/lib/pangea/resources/aws_lambda_permission/CLAUDE.md +0 -276
  2081. data/lib/pangea/resources/aws_launch_template/CLAUDE.md +0 -269
  2082. data/lib/pangea/resources/aws_lb/CLAUDE.md +0 -411
  2083. data/lib/pangea/resources/aws_lb_listener/CLAUDE.md +0 -310
  2084. data/lib/pangea/resources/aws_lb_listener_certificate/CLAUDE.md +0 -463
  2085. data/lib/pangea/resources/aws_lb_listener_rule/CLAUDE.md +0 -502
  2086. data/lib/pangea/resources/aws_lb_target_group/CLAUDE.md +0 -271
  2087. data/lib/pangea/resources/aws_lb_target_group_attachment/CLAUDE.md +0 -560
  2088. data/lib/pangea/resources/aws_licensemanager_association/CLAUDE.md +0 -96
  2089. data/lib/pangea/resources/aws_licensemanager_grant/CLAUDE.md +0 -96
  2090. data/lib/pangea/resources/aws_licensemanager_grant_accepter/CLAUDE.md +0 -96
  2091. data/lib/pangea/resources/aws_licensemanager_license_configuration/CLAUDE.md +0 -96
  2092. data/lib/pangea/resources/aws_licensemanager_license_grant_accepter/CLAUDE.md +0 -96
  2093. data/lib/pangea/resources/aws_licensemanager_report_generator/CLAUDE.md +0 -96
  2094. data/lib/pangea/resources/aws_licensemanager_token/CLAUDE.md +0 -96
  2095. data/lib/pangea/resources/aws_managedblockchain_member/CLAUDE.md +0 -478
  2096. data/lib/pangea/resources/aws_managedblockchain_network/CLAUDE.md +0 -487
  2097. data/lib/pangea/resources/aws_managedblockchain_node/CLAUDE.md +0 -505
  2098. data/lib/pangea/resources/aws_media_live_channel/CLAUDE.md +0 -881
  2099. data/lib/pangea/resources/aws_media_live_input/CLAUDE.md +0 -729
  2100. data/lib/pangea/resources/aws_media_package_channel/CLAUDE.md +0 -698
  2101. data/lib/pangea/resources/aws_memorydb_acl/CLAUDE.md +0 -96
  2102. data/lib/pangea/resources/aws_memorydb_cluster/CLAUDE.md +0 -96
  2103. data/lib/pangea/resources/aws_memorydb_cluster_endpoint/CLAUDE.md +0 -96
  2104. data/lib/pangea/resources/aws_memorydb_multi_region_cluster/CLAUDE.md +0 -96
  2105. data/lib/pangea/resources/aws_memorydb_parameter_group/CLAUDE.md +0 -96
  2106. data/lib/pangea/resources/aws_memorydb_snapshot/CLAUDE.md +0 -96
  2107. data/lib/pangea/resources/aws_memorydb_subnet_group/CLAUDE.md +0 -96
  2108. data/lib/pangea/resources/aws_memorydb_user/CLAUDE.md +0 -96
  2109. data/lib/pangea/resources/aws_mobile_analytics_app/CLAUDE.md +0 -262
  2110. data/lib/pangea/resources/aws_nat_gateway/CLAUDE.md +0 -209
  2111. data/lib/pangea/resources/aws_neptune_cluster/CLAUDE.md +0 -96
  2112. data/lib/pangea/resources/aws_neptune_cluster_endpoint/CLAUDE.md +0 -96
  2113. data/lib/pangea/resources/aws_neptune_cluster_instance/CLAUDE.md +0 -96
  2114. data/lib/pangea/resources/aws_neptune_cluster_parameter_group/CLAUDE.md +0 -96
  2115. data/lib/pangea/resources/aws_neptune_cluster_snapshot/CLAUDE.md +0 -96
  2116. data/lib/pangea/resources/aws_neptune_event_subscription/CLAUDE.md +0 -96
  2117. data/lib/pangea/resources/aws_neptune_parameter_group/CLAUDE.md +0 -96
  2118. data/lib/pangea/resources/aws_neptune_subnet_group/CLAUDE.md +0 -96
  2119. data/lib/pangea/resources/aws_network_acl/CLAUDE.md +0 -96
  2120. data/lib/pangea/resources/aws_network_acl_rule/CLAUDE.md +0 -297
  2121. data/lib/pangea/resources/aws_network_interface/CLAUDE.md +0 -310
  2122. data/lib/pangea/resources/aws_pinpoint_app/CLAUDE.md +0 -363
  2123. data/lib/pangea/resources/aws_qldb_ledger/CLAUDE.md +0 -734
  2124. data/lib/pangea/resources/aws_qldb_stream/CLAUDE.md +0 -845
  2125. data/lib/pangea/resources/aws_ram_invitation_accepter/CLAUDE.md +0 -96
  2126. data/lib/pangea/resources/aws_ram_managed_permission/CLAUDE.md +0 -96
  2127. data/lib/pangea/resources/aws_ram_permission/CLAUDE.md +0 -96
  2128. data/lib/pangea/resources/aws_ram_permission_association/CLAUDE.md +0 -96
  2129. data/lib/pangea/resources/aws_ram_principal_association/CLAUDE.md +0 -96
  2130. data/lib/pangea/resources/aws_ram_resource_association/CLAUDE.md +0 -96
  2131. data/lib/pangea/resources/aws_ram_resource_share/CLAUDE.md +0 -96
  2132. data/lib/pangea/resources/aws_ram_resource_share_accepter/CLAUDE.md +0 -96
  2133. data/lib/pangea/resources/aws_ram_resource_share_invitation/CLAUDE.md +0 -96
  2134. data/lib/pangea/resources/aws_ram_sharing_with_organization/CLAUDE.md +0 -96
  2135. data/lib/pangea/resources/aws_rds_cluster/CLAUDE.md +0 -361
  2136. data/lib/pangea/resources/aws_rds_cluster_endpoint/CLAUDE.md +0 -279
  2137. data/lib/pangea/resources/aws_rds_cluster_instance/CLAUDE.md +0 -378
  2138. data/lib/pangea/resources/aws_rds_cluster_parameter_group/CLAUDE.md +0 -344
  2139. data/lib/pangea/resources/aws_rds_global_cluster/CLAUDE.md +0 -362
  2140. data/lib/pangea/resources/aws_redshift_cluster/CLAUDE.md +0 -358
  2141. data/lib/pangea/resources/aws_redshift_parameter_group/CLAUDE.md +0 -352
  2142. data/lib/pangea/resources/aws_redshift_snapshot_schedule/CLAUDE.md +0 -395
  2143. data/lib/pangea/resources/aws_redshift_subnet_group/CLAUDE.md +0 -274
  2144. data/lib/pangea/resources/aws_route/CLAUDE.md +0 -96
  2145. data/lib/pangea/resources/aws_route53_health_check/CLAUDE.md +0 -408
  2146. data/lib/pangea/resources/aws_route53_record/CLAUDE.md +0 -414
  2147. data/lib/pangea/resources/aws_route53_zone/CLAUDE.md +0 -363
  2148. data/lib/pangea/resources/aws_route_table/CLAUDE.md +0 -224
  2149. data/lib/pangea/resources/aws_route_table_association/CLAUDE.md +0 -401
  2150. data/lib/pangea/resources/aws_s3_access_point/CLAUDE.md +0 -211
  2151. data/lib/pangea/resources/aws_s3_bucket/CLAUDE.md +0 -140
  2152. data/lib/pangea/resources/aws_s3_bucket_cors_configuration/CLAUDE.md +0 -262
  2153. data/lib/pangea/resources/aws_s3_bucket_encryption/CLAUDE.md +0 -465
  2154. data/lib/pangea/resources/aws_s3_bucket_inventory/CLAUDE.md +0 -430
  2155. data/lib/pangea/resources/aws_s3_bucket_lifecycle_configuration/CLAUDE.md +0 -221
  2156. data/lib/pangea/resources/aws_s3_bucket_notification/CLAUDE.md +0 -358
  2157. data/lib/pangea/resources/aws_s3_bucket_object_lock_configuration/CLAUDE.md +0 -561
  2158. data/lib/pangea/resources/aws_s3_bucket_policy/CLAUDE.md +0 -234
  2159. data/lib/pangea/resources/aws_s3_bucket_public_access_block/CLAUDE.md +0 -528
  2160. data/lib/pangea/resources/aws_s3_bucket_replication_configuration/CLAUDE.md +0 -628
  2161. data/lib/pangea/resources/aws_s3_bucket_versioning/CLAUDE.md +0 -340
  2162. data/lib/pangea/resources/aws_s3_bucket_website_configuration/CLAUDE.md +0 -355
  2163. data/lib/pangea/resources/aws_s3_object/CLAUDE.md +0 -535
  2164. data/lib/pangea/resources/aws_sagemaker_domain/CLAUDE.md +0 -253
  2165. data/lib/pangea/resources/aws_secretsmanager_secret/CLAUDE.md +0 -528
  2166. data/lib/pangea/resources/aws_sfn_activity/CLAUDE.md +0 -571
  2167. data/lib/pangea/resources/aws_sfn_state_machine/CLAUDE.md +0 -464
  2168. data/lib/pangea/resources/aws_sns_subscription/CLAUDE.md +0 -289
  2169. data/lib/pangea/resources/aws_sns_topic/CLAUDE.md +0 -249
  2170. data/lib/pangea/resources/aws_sqs_queue/CLAUDE.md +0 -190
  2171. data/lib/pangea/resources/aws_sqs_queue_policy/CLAUDE.md +0 -227
  2172. data/lib/pangea/resources/aws_ssm_document/CLAUDE.md +0 -410
  2173. data/lib/pangea/resources/aws_ssm_maintenance_window/CLAUDE.md +0 -412
  2174. data/lib/pangea/resources/aws_ssm_parameter/CLAUDE.md +0 -355
  2175. data/lib/pangea/resources/aws_ssm_patch_baseline/CLAUDE.md +0 -509
  2176. data/lib/pangea/resources/aws_subnet/CLAUDE.md +0 -301
  2177. data/lib/pangea/resources/aws_timestream_access_policy/CLAUDE.md +0 -96
  2178. data/lib/pangea/resources/aws_timestream_batch_load_task/CLAUDE.md +0 -96
  2179. data/lib/pangea/resources/aws_timestream_database/CLAUDE.md +0 -96
  2180. data/lib/pangea/resources/aws_timestream_influx_db_instance/CLAUDE.md +0 -96
  2181. data/lib/pangea/resources/aws_timestream_scheduled_query/CLAUDE.md +0 -96
  2182. data/lib/pangea/resources/aws_timestream_table/CLAUDE.md +0 -96
  2183. data/lib/pangea/resources/aws_timestream_table_retention_properties/CLAUDE.md +0 -96
  2184. data/lib/pangea/resources/aws_volume_attachment/CLAUDE.md +0 -326
  2185. data/lib/pangea/resources/aws_vpc/CLAUDE.md +0 -184
  2186. data/lib/pangea/resources/aws_vpc_endpoint/CLAUDE.md +0 -483
  2187. data/lib/pangea/resources/aws_vpc_endpoint_service/CLAUDE.md +0 -313
  2188. data/lib/pangea/resources/aws_vpc_peering_connection/CLAUDE.md +0 -361
  2189. data/lib/pangea/resources/aws_vpc_peering_connection_accepter/CLAUDE.md +0 -248
  2190. data/lib/pangea/resources/aws_vpn_connection/CLAUDE.md +0 -420
  2191. data/lib/pangea/resources/aws_vpn_gateway/CLAUDE.md +0 -411
  2192. data/lib/pangea/resources/aws_wafv2_web_acl/CLAUDE.md +0 -788
  2193. data/lib/pangea/resources/aws_workspaces_bundle/CLAUDE.md +0 -412
  2194. data/lib/pangea/resources/aws_workspaces_directory/CLAUDE.md +0 -365
  2195. data/lib/pangea/resources/aws_workspaces_ip_group/CLAUDE.md +0 -421
  2196. data/lib/pangea/resources/aws_workspaces_workspace/CLAUDE.md +0 -322
  2197. data/pangea_test.yml +0 -19
  2198. data/shell.nix +0 -13
@@ -13,21 +13,61 @@
13
13
  # See the License for the specific language governing permissions and
14
14
  # limitations under the License.
15
15
 
16
-
17
16
  require 'pangea/components/base'
18
17
  require 'pangea/components/siem_security_platform/types'
18
+ require_relative 'modules/helpers'
19
+ require_relative 'modules/security'
20
+ require_relative 'modules/storage'
21
+ require_relative 'modules/ingestion'
22
+ require_relative 'modules/processing'
23
+ require_relative 'modules/threat_detection'
24
+ require_relative 'modules/incident_response'
25
+ require_relative 'modules/monitoring'
26
+ require_relative 'modules/integrations'
19
27
 
20
28
  module Pangea
21
29
  module Components
22
30
  module SiemSecurityPlatform
31
+ include Helpers
32
+ include Security
33
+ include Storage
34
+ include Ingestion
35
+ include Processing
36
+ include ThreatDetection
37
+ include IncidentResponse
38
+ include Monitoring
39
+ include Integrations
40
+
23
41
  # SIEM Security Platform Component
24
42
  # Implements comprehensive security information and event management
25
43
  def siem_security_platform(name, attributes = {})
26
- # Validate attributes
27
44
  attrs = Attributes.new(attributes)
28
-
29
- # Component resources
30
- resources = {
45
+ resources = initialize_resources
46
+
47
+ # Create resources in dependency order
48
+ create_security_resources(name, attrs, resources)
49
+ create_storage_resources(name, attrs, resources)
50
+ create_ingestion_resources(name, attrs, resources)
51
+ create_processing_resources(name, attrs, resources)
52
+ create_threat_detection_resources(name, attrs, resources)
53
+ create_incident_response_resources(name, attrs, resources)
54
+ create_monitoring_resources(name, attrs, resources)
55
+ create_integration_resources(name, attrs, resources)
56
+
57
+ # Create component reference with outputs
58
+ create_component_reference(
59
+ 'siem_security_platform',
60
+ name,
61
+ attrs.to_h,
62
+ resources,
63
+ build_outputs(name, attrs, resources)
64
+ )
65
+ end
66
+
67
+ private
68
+
69
+ def initialize_resources
70
+ {
31
71
  opensearch_domain: nil,
32
72
  firehose_streams: {},
33
73
  lambda_functions: {},
@@ -43,2835 +83,28 @@ module Pangea
43
83
  secrets: {},
44
84
  alarms: {}
45
85
  }
46
-
47
- # Create KMS key for encryption
48
- kms_key_name = component_resource_name(name, :kms_key)
49
- resources[:kms_keys][:main] = aws_kms_key(kms_key_name, {
50
- description: "SIEM encryption key for #{name}",
51
- key_policy: generate_kms_policy(name),
52
- tags: component_tags('siem_security_platform', name, attrs.tags)
53
- })
54
-
55
- aws_kms_alias(:"#{kms_key_name}_alias", {
56
- name: "alias/siem-#{name}",
57
- target_key_id: resources[:kms_keys][:main].id
58
- })
59
-
60
- # Create security group for OpenSearch
61
- sg_name = component_resource_name(name, :opensearch_sg)
62
- resources[:security_groups][:opensearch] = aws_security_group(sg_name, {
63
- name: "siem-opensearch-#{name}",
64
- description: "Security group for SIEM OpenSearch domain",
65
- vpc_id: attrs.vpc_ref,
66
- tags: component_tags('siem_security_platform', name, attrs.tags)
67
- })
68
-
69
- # Allow HTTPS access
70
- aws_vpc_security_group_ingress_rule(:"#{sg_name}_https", {
71
- security_group_id: resources[:security_groups][:opensearch].id,
72
- description: "Allow HTTPS for OpenSearch",
73
- from_port: 443,
74
- to_port: 443,
75
- ip_protocol: 'tcp',
76
- cidr_ipv4: '10.0.0.0/8'
77
- })
78
-
79
- # Create OpenSearch domain
80
- domain_name = attrs.opensearch_config[:domain_name]
81
- resources[:opensearch_domain] = aws_opensearch_domain(:"#{name}_opensearch", {
82
- domain_name: domain_name,
83
- engine_version: attrs.opensearch_config[:engine_version],
84
-
85
- cluster_config: {
86
- instance_type: attrs.opensearch_config[:instance_type],
87
- instance_count: attrs.opensearch_config[:instance_count],
88
- dedicated_master_enabled: attrs.opensearch_config[:dedicated_master_enabled],
89
- dedicated_master_type: attrs.opensearch_config[:dedicated_master_type],
90
- dedicated_master_count: attrs.opensearch_config[:dedicated_master_count],
91
- zone_awareness_enabled: attrs.opensearch_config[:zone_awareness_enabled],
92
- zone_awareness_config: attrs.opensearch_config[:zone_awareness_enabled] ? {
93
- availability_zone_count: attrs.opensearch_config[:availability_zone_count]
94
- } : nil
95
- },
96
-
97
- ebs_options: {
98
- ebs_enabled: attrs.opensearch_config[:ebs_enabled],
99
- volume_type: attrs.opensearch_config[:volume_type],
100
- volume_size: attrs.opensearch_config[:volume_size],
101
- iops: attrs.opensearch_config[:iops],
102
- throughput: attrs.opensearch_config[:throughput]
103
- },
104
-
105
- vpc_options: {
106
- subnet_ids: attrs.subnet_refs.take(attrs.opensearch_config[:availability_zone_count] || 3),
107
- security_group_ids: [resources[:security_groups][:opensearch].id]
108
- },
109
-
110
- encrypt_at_rest: attrs.security_config[:enable_encryption_at_rest] ? {
111
- enabled: true,
112
- kms_key_id: resources[:kms_keys][:main].id
113
- } : nil,
114
-
115
- node_to_node_encryption: {
116
- enabled: attrs.security_config[:enable_encryption_in_transit]
117
- },
118
-
119
- advanced_security_options: attrs.security_config[:enable_fine_grained_access] ? {
120
- enabled: true,
121
- internal_user_database_enabled: false,
122
- master_user_options: {
123
- master_user_arn: attrs.security_config[:master_user_arn]
124
- }
125
- } : nil,
126
-
127
- log_publishing_options: {
128
- ES_APPLICATION_LOGS: {
129
- enabled: true,
130
- cloudwatch_log_group_arn: create_log_group(name, 'es-application', attrs, resources)
131
- },
132
- SEARCH_SLOW_LOGS: attrs.security_config[:enable_slow_logs] ? {
133
- enabled: true,
134
- cloudwatch_log_group_arn: create_log_group(name, 'es-slow', attrs, resources)
135
- } : nil,
136
- AUDIT_LOGS: attrs.security_config[:enable_audit_logs] ? {
137
- enabled: true,
138
- cloudwatch_log_group_arn: create_log_group(name, 'es-audit', attrs, resources)
139
- } : nil
140
- },
141
-
142
- tags: component_tags('siem_security_platform', name, attrs.tags)
143
- })
144
-
145
- # Create S3 bucket for Firehose backup
146
- backup_bucket_name = component_resource_name(name, :backup_bucket)
147
- resources[:s3_buckets][:backup] = create_secure_bucket(
148
- backup_bucket_name,
149
- "siem-backup-#{name}",
150
- attrs,
151
- resources
152
- )
153
-
154
- # Create Firehose delivery streams for each log source
155
- attrs.log_sources.each do |source|
156
- create_firehose_stream(name, source, attrs, resources)
157
- end
158
-
159
- # Create Lambda functions for data processing
160
- create_processing_lambdas(name, attrs, resources)
161
-
162
- # Create correlation engine
163
- create_correlation_engine(name, attrs, resources)
164
-
165
- # Create threat detection components
166
- create_threat_detection(name, attrs, resources)
167
-
168
- # Create incident response automation
169
- create_incident_response(name, attrs, resources)
170
-
171
- # Create monitoring and alerting
172
- create_monitoring(name, attrs, resources)
173
-
174
- # Create dashboards
175
- create_dashboards(name, attrs, resources)
176
-
177
- # Set up integrations
178
- attrs.integrations.each do |integration|
179
- create_integration(name, integration, attrs, resources)
180
- end
181
-
182
- # Component outputs
183
- outputs = {
184
- opensearch_domain_endpoint: resources[:opensearch_domain].endpoint,
185
- opensearch_domain_arn: resources[:opensearch_domain].arn,
186
- opensearch_dashboard_url: "https://#{resources[:opensearch_domain].endpoint}/_dashboards/",
187
- firehose_streams: resources[:firehose_streams].transform_values { |stream| stream.arn },
86
+ end
87
+
88
+ def build_outputs(name, attrs, resources)
89
+ {
90
+ opensearch_domain_endpoint: resources[:opensearch_domain]&.endpoint,
91
+ opensearch_domain_arn: resources[:opensearch_domain]&.arn,
92
+ opensearch_dashboard_url: opensearch_dashboard_url(resources),
93
+ firehose_streams: resources[:firehose_streams].transform_values(&:arn),
188
94
  correlation_engine_arn: resources[:step_functions][:correlation_engine]&.arn,
189
95
  incident_response_arn: resources[:step_functions][:incident_response]&.arn,
190
96
  security_score: calculate_siem_security_score(attrs),
191
97
  compliance_status: generate_siem_compliance_status(attrs)
192
98
  }
193
-
194
- # Create component reference
195
- create_component_reference(
196
- 'siem_security_platform',
197
- name,
198
- attrs.to_h,
199
- resources,
200
- outputs
201
- )
202
- end
203
-
204
- private
205
-
206
- def generate_kms_policy(name)
207
- JSON.pretty_generate({
208
- Version: "2012-10-17",
209
- Statement: [
210
- {
211
- Sid: "Enable IAM User Permissions",
212
- Effect: "Allow",
213
- Principal: {
214
- AWS: "arn:aws:iam::#{aws_account_id}:root"
215
- },
216
- Action: "kms:*",
217
- Resource: "*"
218
- },
219
- {
220
- Sid: "Allow use of the key for SIEM services",
221
- Effect: "Allow",
222
- Principal: {
223
- Service: [
224
- "es.amazonaws.com",
225
- "firehose.amazonaws.com",
226
- "lambda.amazonaws.com",
227
- "logs.amazonaws.com"
228
- ]
229
- },
230
- Action: [
231
- "kms:Decrypt",
232
- "kms:GenerateDataKey"
233
- ],
234
- Resource: "*"
235
- }
236
- ]
237
- })
238
- end
239
-
240
- def create_log_group(name, type, attrs, resources)
241
- log_group_name = component_resource_name(name, :log_group, type)
242
- log_group = aws_cloudwatch_log_group(log_group_name, {
243
- name: "/aws/siem/#{name}/#{type}",
244
- retention_in_days: attrs.incident_response[:retention_days],
245
- kms_key_id: resources[:kms_keys][:main].arn,
246
- tags: component_tags('siem_security_platform', name, attrs.tags)
247
- })
248
-
249
- resources[:cloudwatch_logs][type] = log_group
250
- log_group.arn
251
- end
252
-
253
- def create_secure_bucket(bucket_name, bucket_id, attrs, resources)
254
- bucket = aws_s3_bucket(bucket_name, {
255
- bucket: bucket_id,
256
- tags: component_tags('siem_security_platform', name, attrs.tags)
257
- })
258
-
259
- # Enable versioning
260
- aws_s3_bucket_versioning(:"#{bucket_name}_versioning", {
261
- bucket: bucket.id,
262
- versioning_configuration: {
263
- status: "Enabled"
264
- }
265
- })
266
-
267
- # Enable encryption
268
- aws_s3_bucket_server_side_encryption_configuration(:"#{bucket_name}_encryption", {
269
- bucket: bucket.id,
270
- rule: {
271
- apply_server_side_encryption_by_default: {
272
- sse_algorithm: "aws:kms",
273
- kms_master_key_id: resources[:kms_keys][:main].id
274
- },
275
- bucket_key_enabled: true
276
- }
277
- })
278
-
279
- # Block public access
280
- aws_s3_bucket_public_access_block(:"#{bucket_name}_pab", {
281
- bucket: bucket.id,
282
- block_public_acls: true,
283
- block_public_policy: true,
284
- ignore_public_acls: true,
285
- restrict_public_buckets: true
286
- })
287
-
288
- # Add lifecycle rules
289
- aws_s3_bucket_lifecycle_configuration(:"#{bucket_name}_lifecycle", {
290
- bucket: bucket.id,
291
- rule: [
292
- {
293
- id: "transition-to-glacier",
294
- status: "Enabled",
295
- transition: [
296
- {
297
- days: 90,
298
- storage_class: "GLACIER"
299
- }
300
- ],
301
- expiration: {
302
- days: attrs.compliance_config[:audit_trail_retention]
303
- }
304
- }
305
- ]
306
- })
307
-
308
- bucket
309
- end
310
-
311
- def create_firehose_stream(name, source, attrs, resources)
312
- stream_name = component_resource_name(name, :firehose, source[:name])
313
-
314
- # Create IAM role for Firehose
315
- role_name = component_resource_name(name, :firehose_role, source[:name])
316
- resources[:iam_roles][:"firehose_#{source[:name]}"] = create_firehose_role(
317
- role_name,
318
- attrs,
319
- resources
320
- )
321
-
322
- # Create processing Lambda if transformation is needed
323
- processor_arn = nil
324
- if attrs.firehose_config[:enable_data_transformation] || source[:transformation]
325
- processor_arn = create_stream_processor(name, source, attrs, resources)
326
- end
327
-
328
- resources[:firehose_streams][source[:name]] = aws_kinesis_firehose_delivery_stream(stream_name, {
329
- name: "siem-#{name}-#{source[:name]}",
330
- destination: "opensearch",
331
-
332
- opensearch_configuration: {
333
- domain_arn: resources[:opensearch_domain].arn,
334
- index_name: "siem-#{source[:type]}",
335
- index_rotation_period: "OneDay",
336
- type_name: "_doc",
337
- role_arn: resources[:iam_roles][:"firehose_#{source[:name]}"].arn,
338
-
339
- buffering_hints: {
340
- interval_in_seconds: attrs.firehose_config[:buffer_interval],
341
- size_in_mbs: attrs.firehose_config[:buffer_size]
342
- },
343
-
344
- cloudwatch_logging_options: {
345
- enabled: true,
346
- log_group_name: "/aws/kinesisfirehose/siem-#{name}",
347
- log_stream_name: source[:name]
348
- },
349
-
350
- processing_configuration: processor_arn ? {
351
- enabled: true,
352
- processors: [{
353
- type: "Lambda",
354
- parameters: [{
355
- parameter_name: "LambdaArn",
356
- parameter_value: processor_arn
357
- }]
358
- }]
359
- } : nil,
360
-
361
- s3_configuration: {
362
- bucket_arn: resources[:s3_buckets][:backup].arn,
363
- prefix: "#{source[:type]}/year=!{timestamp:yyyy}/month=!{timestamp:MM}/day=!{timestamp:dd}/",
364
- error_output_prefix: "#{attrs.firehose_config[:error_output_prefix]}#{source[:type]}/",
365
- compression_format: attrs.firehose_config[:compression_format],
366
- role_arn: resources[:iam_roles][:"firehose_#{source[:name]}"].arn
367
- },
368
-
369
- vpc_config: {
370
- subnet_ids: attrs.subnet_refs,
371
- security_group_ids: [resources[:security_groups][:opensearch].id],
372
- role_arn: resources[:iam_roles][:"firehose_#{source[:name]}"].arn
373
- }
374
- },
375
-
376
- tags: component_tags('siem_security_platform', name, attrs.tags.merge(
377
- LogSource: source[:name]
378
- ))
379
- })
380
-
381
- # Configure log source subscription
382
- configure_log_source_subscription(name, source, attrs, resources)
383
- end
384
-
385
- def create_firehose_role(role_name, attrs, resources)
386
- role = aws_iam_role(role_name, {
387
- name: role_name.to_s,
388
- assume_role_policy: JSON.pretty_generate({
389
- Version: "2012-10-17",
390
- Statement: [{
391
- Action: "sts:AssumeRole",
392
- Effect: "Allow",
393
- Principal: {
394
- Service: "firehose.amazonaws.com"
395
- }
396
- }]
397
- }),
398
- tags: component_tags('siem_security_platform', name, attrs.tags)
399
- })
400
-
401
- # Create and attach policy
402
- policy_name = :"#{role_name}_policy"
403
- policy = aws_iam_role_policy(policy_name, {
404
- role: role.id,
405
- policy: JSON.pretty_generate({
406
- Version: "2012-10-17",
407
- Statement: [
408
- {
409
- Effect: "Allow",
410
- Action: [
411
- "es:ESHttpPost",
412
- "es:ESHttpPut"
413
- ],
414
- Resource: [
415
- resources[:opensearch_domain].arn,
416
- "#{resources[:opensearch_domain].arn}/*"
417
- ]
418
- },
419
- {
420
- Effect: "Allow",
421
- Action: [
422
- "s3:GetObject",
423
- "s3:PutObject"
424
- ],
425
- Resource: "#{resources[:s3_buckets][:backup].arn}/*"
426
- },
427
- {
428
- Effect: "Allow",
429
- Action: [
430
- "kms:Decrypt",
431
- "kms:GenerateDataKey"
432
- ],
433
- Resource: resources[:kms_keys][:main].arn
434
- },
435
- {
436
- Effect: "Allow",
437
- Action: [
438
- "logs:CreateLogGroup",
439
- "logs:CreateLogStream",
440
- "logs:PutLogEvents"
441
- ],
442
- Resource: "*"
443
- },
444
- {
445
- Effect: "Allow",
446
- Action: [
447
- "lambda:InvokeFunction"
448
- ],
449
- Resource: "arn:aws:lambda:*:*:function:siem-*"
450
- }
451
- ]
452
- })
453
- })
454
-
455
- role
456
- end
457
-
458
- def create_stream_processor(name, source, attrs, resources)
459
- processor_name = component_resource_name(name, :processor, source[:name])
460
-
461
- # Create Lambda function
462
- lambda_function = aws_lambda_function(processor_name, {
463
- function_name: "siem-processor-#{name}-#{source[:name]}",
464
- runtime: "python3.11",
465
- handler: "index.lambda_handler",
466
- role: create_lambda_execution_role(name, "processor-#{source[:name]}", attrs, resources),
467
- timeout: 300,
468
- memory_size: 512,
469
-
470
- environment: {
471
- variables: {
472
- LOG_SOURCE_TYPE: source[:type],
473
- LOG_FORMAT: source[:format],
474
- ENABLE_ENRICHMENT: source[:enrichment].to_s,
475
- THREAT_INTEL_TABLE: resources[:dynamodb_tables]&.dig(:threat_intel)&.name || ""
476
- }
477
- },
478
-
479
- code: {
480
- zip_file: generate_processor_code(source)
481
- },
482
-
483
- tags: component_tags('siem_security_platform', name, attrs.tags)
484
- })
485
-
486
- resources[:lambda_functions][:"processor_#{source[:name]}"] = lambda_function
487
- lambda_function.arn
488
- end
489
-
490
- def generate_processor_code(source)
491
- <<~PYTHON
492
- import json
493
- import base64
494
- import os
495
- import boto3
496
- from datetime import datetime
497
- import re
498
- import ipaddress
499
-
500
- def lambda_handler(event, context):
501
- output_records = []
502
-
503
- for record in event['records']:
504
- # Decode the data
505
- payload = base64.b64decode(record['data']).decode('utf-8')
506
-
507
- try:
508
- # Parse based on format
509
- parsed_data = parse_log_data(payload, os.environ['LOG_FORMAT'])
510
-
511
- # Add metadata
512
- parsed_data['@timestamp'] = datetime.utcnow().isoformat()
513
- parsed_data['log_source'] = os.environ['LOG_SOURCE_TYPE']
514
- parsed_data['processing_timestamp'] = datetime.utcnow().isoformat()
515
-
516
- # Enrich data if enabled
517
- if os.environ.get('ENABLE_ENRICHMENT', 'false').lower() == 'true':
518
- parsed_data = enrich_data(parsed_data)
519
-
520
- # Normalize fields
521
- parsed_data = normalize_fields(parsed_data)
522
-
523
- # Convert back to JSON
524
- output_data = json.dumps(parsed_data) + '\\n'
525
-
526
- output_records.append({
527
- 'recordId': record['recordId'],
528
- 'result': 'Ok',
529
- 'data': base64.b64encode(output_data.encode('utf-8')).decode('utf-8')
530
- })
531
-
532
- except Exception as e:
533
- # Send failed records to error output
534
- output_records.append({
535
- 'recordId': record['recordId'],
536
- 'result': 'ProcessingFailed',
537
- 'data': record['data']
538
- })
539
-
540
- return {'records': output_records}
541
-
542
- def parse_log_data(data, format_type):
543
- if format_type == 'json':
544
- return json.loads(data)
545
- elif format_type == 'csv':
546
- # Implement CSV parsing
547
- return parse_csv(data)
548
- elif format_type == 'syslog':
549
- # Implement syslog parsing
550
- return parse_syslog(data)
551
- else:
552
- return {'raw_data': data}
553
-
554
- def enrich_data(data):
555
- # Add GeoIP enrichment
556
- if 'source_ip' in data:
557
- data['source_geo'] = lookup_geoip(data['source_ip'])
558
-
559
- # Add threat intelligence enrichment
560
- if 'source_ip' in data or 'domain' in data:
561
- data['threat_intel'] = check_threat_intel(data)
562
-
563
- # Add user context
564
- if 'user_id' in data:
565
- data['user_context'] = get_user_context(data['user_id'])
566
-
567
- return data
568
-
569
- def normalize_fields(data):
570
- # Normalize common field names
571
- field_mappings = {
572
- 'src_ip': 'source_ip',
573
- 'dst_ip': 'destination_ip',
574
- 'src_port': 'source_port',
575
- 'dst_port': 'destination_port',
576
- 'username': 'user_name',
577
- 'userid': 'user_id'
578
- }
579
-
580
- for old_field, new_field in field_mappings.items():
581
- if old_field in data:
582
- data[new_field] = data.pop(old_field)
583
-
584
- return data
585
-
586
- def parse_csv(data):
587
- # Implement CSV parsing logic
588
- return {'raw': data}
589
-
590
- def parse_syslog(data):
591
- # Implement syslog parsing logic
592
- return {'raw': data}
593
-
594
- def lookup_geoip(ip):
595
- # Implement GeoIP lookup
596
- return {'country': 'US', 'city': 'Unknown'}
597
-
598
- def check_threat_intel(data):
599
- # Implement threat intelligence lookup
600
- return {'reputation': 'clean', 'score': 0}
601
-
602
- def get_user_context(user_id):
603
- # Implement user context lookup
604
- return {'department': 'Unknown', 'risk_score': 0}
605
- PYTHON
606
- end
607
-
608
- def create_lambda_execution_role(name, function_type, attrs, resources)
609
- role_name = component_resource_name(name, :lambda_role, function_type)
610
- role = aws_iam_role(role_name, {
611
- name: role_name.to_s,
612
- assume_role_policy: JSON.pretty_generate({
613
- Version: "2012-10-17",
614
- Statement: [{
615
- Action: "sts:AssumeRole",
616
- Effect: "Allow",
617
- Principal: {
618
- Service: "lambda.amazonaws.com"
619
- }
620
- }]
621
- }),
622
- tags: component_tags('siem_security_platform', name, attrs.tags)
623
- })
624
-
625
- # Attach basic execution policy
626
- aws_iam_role_policy_attachment(:"#{role_name}_basic", {
627
- role: role.name,
628
- policy_arn: "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
629
- })
630
-
631
- # Attach VPC execution policy if needed
632
- aws_iam_role_policy_attachment(:"#{role_name}_vpc", {
633
- role: role.name,
634
- policy_arn: "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
635
- })
636
-
637
- # Create custom policy for SIEM operations
638
- custom_policy = aws_iam_role_policy(:"#{role_name}_custom", {
639
- role: role.id,
640
- policy: JSON.pretty_generate({
641
- Version: "2012-10-17",
642
- Statement: [
643
- {
644
- Effect: "Allow",
645
- Action: [
646
- "es:ESHttpPost",
647
- "es:ESHttpGet"
648
- ],
649
- Resource: "#{resources[:opensearch_domain].arn}/*"
650
- },
651
- {
652
- Effect: "Allow",
653
- Action: [
654
- "dynamodb:GetItem",
655
- "dynamodb:Query",
656
- "dynamodb:Scan"
657
- ],
658
- Resource: "arn:aws:dynamodb:*:*:table/siem-*"
659
- },
660
- {
661
- Effect: "Allow",
662
- Action: [
663
- "kms:Decrypt"
664
- ],
665
- Resource: resources[:kms_keys][:main].arn
666
- },
667
- {
668
- Effect: "Allow",
669
- Action: [
670
- "sns:Publish"
671
- ],
672
- Resource: "arn:aws:sns:*:*:siem-*"
673
- }
674
- ]
675
- })
676
- })
677
-
678
- resources[:iam_roles][function_type.to_sym] = role
679
- role.arn
680
- end
681
-
682
- def configure_log_source_subscription(name, source, attrs, resources)
683
- case source[:type]
684
- when 'cloudwatch'
685
- if source[:log_group_name]
686
- # Create subscription filter
687
- aws_cloudwatch_log_subscription_filter(:"#{name}_#{source[:name]}_subscription", {
688
- name: "siem-#{name}-#{source[:name]}",
689
- log_group_name: source[:log_group_name],
690
- filter_pattern: "",
691
- destination_arn: resources[:firehose_streams][source[:name]].arn,
692
- role_arn: create_logs_role(name, source[:name], attrs, resources)
693
- })
694
- end
695
- when 's3_access'
696
- # Configure S3 bucket logging
697
- if source[:s3_bucket]
698
- aws_s3_bucket_logging(:"#{name}_#{source[:name]}_logging", {
699
- bucket: source[:s3_bucket],
700
- target_bucket: resources[:s3_buckets][:backup].id,
701
- target_prefix: "s3-access-logs/#{source[:s3_bucket]}/"
702
- })
703
- end
704
- end
705
- end
706
-
707
- def create_logs_role(name, source_name, attrs, resources)
708
- role_name = component_resource_name(name, :logs_role, source_name)
709
- role = aws_iam_role(role_name, {
710
- name: role_name.to_s,
711
- assume_role_policy: JSON.pretty_generate({
712
- Version: "2012-10-17",
713
- Statement: [{
714
- Action: "sts:AssumeRole",
715
- Effect: "Allow",
716
- Principal: {
717
- Service: "logs.amazonaws.com"
718
- }
719
- }]
720
- }),
721
- tags: component_tags('siem_security_platform', name, attrs.tags)
722
- })
723
-
724
- aws_iam_role_policy(:"#{role_name}_policy", {
725
- role: role.id,
726
- policy: JSON.pretty_generate({
727
- Version: "2012-10-17",
728
- Statement: [{
729
- Effect: "Allow",
730
- Action: [
731
- "firehose:PutRecord",
732
- "firehose:PutRecordBatch"
733
- ],
734
- Resource: resources[:firehose_streams][source_name].arn
735
- }]
736
- })
737
- })
738
-
739
- role.arn
740
- end
741
-
742
- def create_processing_lambdas(name, attrs, resources)
743
- # Create Lambda for correlation engine
744
- correlation_lambda = component_resource_name(name, :correlation_lambda)
745
- resources[:lambda_functions][:correlation] = aws_lambda_function(correlation_lambda, {
746
- function_name: "siem-correlation-#{name}",
747
- runtime: "python3.11",
748
- handler: "index.lambda_handler",
749
- role: create_lambda_execution_role(name, "correlation", attrs, resources),
750
- timeout: 900,
751
- memory_size: 3008,
752
-
753
- environment: {
754
- variables: {
755
- OPENSEARCH_ENDPOINT: resources[:opensearch_domain].endpoint,
756
- CORRELATION_RULES: JSON.generate(attrs.correlation_rules),
757
- SNS_TOPIC_ARN: create_alert_topic(name, attrs, resources)
758
- }
759
- },
760
-
761
- code: {
762
- zip_file: generate_correlation_engine_code()
763
- },
764
-
765
- tags: component_tags('siem_security_platform', name, attrs.tags)
766
- })
767
-
768
- # Create Lambda for threat detection
769
- if attrs.threat_detection[:enable_ml_detection]
770
- ml_lambda = component_resource_name(name, :ml_detection_lambda)
771
- resources[:lambda_functions][:ml_detection] = aws_lambda_function(ml_lambda, {
772
- function_name: "siem-ml-detection-#{name}",
773
- runtime: "python3.11",
774
- handler: "index.lambda_handler",
775
- role: create_lambda_execution_role(name, "ml-detection", attrs, resources),
776
- timeout: 900,
777
- memory_size: 3008,
778
-
779
- environment: {
780
- variables: {
781
- OPENSEARCH_ENDPOINT: resources[:opensearch_domain].endpoint,
782
- ANOMALY_DETECTORS: JSON.generate(attrs.threat_detection[:anomaly_detectors]),
783
- ENABLE_BEHAVIOR_ANALYTICS: attrs.threat_detection[:enable_behavior_analytics].to_s
784
- }
785
- },
786
-
787
- code: {
788
- zip_file: generate_ml_detection_code()
789
- },
790
-
791
- tags: component_tags('siem_security_platform', name, attrs.tags)
792
- })
793
- end
794
99
  end
795
-
796
- def generate_correlation_engine_code
797
- <<~PYTHON
798
- import json
799
- import boto3
800
- import os
801
- from opensearchpy import OpenSearch
802
- from datetime import datetime, timedelta
803
- import re
804
-
805
- def lambda_handler(event, context):
806
- # Initialize OpenSearch client
807
- es = OpenSearch(
808
- hosts=[{'host': os.environ['OPENSEARCH_ENDPOINT'], 'port': 443}],
809
- http_auth=get_auth(),
810
- use_ssl=True,
811
- verify_certs=True
812
- )
813
-
814
- # Load correlation rules
815
- rules = json.loads(os.environ['CORRELATION_RULES'])
816
-
817
- # Process each rule
818
- alerts = []
819
- for rule in rules:
820
- if rule.get('enabled', True):
821
- matches = evaluate_rule(es, rule)
822
- if matches:
823
- alert = create_alert(rule, matches)
824
- alerts.append(alert)
825
- send_alert(alert)
826
-
827
- return {
828
- 'statusCode': 200,
829
- 'body': json.dumps({
830
- 'processed_rules': len(rules),
831
- 'alerts_generated': len(alerts)
832
- })
833
- }
834
-
835
- def evaluate_rule(es, rule):
836
- # Build query based on rule type
837
- if rule['rule_type'] == 'threshold':
838
- return evaluate_threshold_rule(es, rule)
839
- elif rule['rule_type'] == 'pattern':
840
- return evaluate_pattern_rule(es, rule)
841
- elif rule['rule_type'] == 'anomaly':
842
- return evaluate_anomaly_rule(es, rule)
843
- elif rule['rule_type'] == 'sequence':
844
- return evaluate_sequence_rule(es, rule)
845
- elif rule['rule_type'] == 'statistical':
846
- return evaluate_statistical_rule(es, rule)
847
-
848
- return []
849
-
850
- def evaluate_threshold_rule(es, rule):
851
- # Implement threshold-based detection
852
- time_window = rule.get('time_window', 300)
853
- query = build_query_from_conditions(rule['conditions'], time_window)
854
-
855
- response = es.search(
856
- index='siem-*',
857
- body=query,
858
- size=0
859
- )
860
-
861
- doc_count = response['hits']['total']['value']
862
- threshold = rule.get('threshold', 10)
863
-
864
- if doc_count >= threshold:
865
- return [{
866
- 'count': doc_count,
867
- 'threshold': threshold,
868
- 'time_window': time_window
869
- }]
870
-
871
- return []
872
-
873
- def evaluate_pattern_rule(es, rule):
874
- # Implement pattern-based detection
875
- query = build_pattern_query(rule['conditions'])
876
-
877
- response = es.search(
878
- index='siem-*',
879
- body=query,
880
- size=100
881
- )
882
-
883
- return response['hits']['hits']
884
-
885
- def evaluate_anomaly_rule(es, rule):
886
- # Implement anomaly detection using ML
887
- # This would typically use OpenSearch ML features
888
- return []
889
-
890
- def evaluate_sequence_rule(es, rule):
891
- # Implement sequence-based detection
892
- # Look for specific sequences of events
893
- return []
894
-
895
- def evaluate_statistical_rule(es, rule):
896
- # Implement statistical anomaly detection
897
- # Calculate baselines and detect deviations
898
- return []
899
-
900
- def build_query_from_conditions(conditions, time_window):
901
- must_clauses = []
902
-
903
- for condition in conditions:
904
- if 'field' in condition and 'value' in condition:
905
- must_clauses.append({
906
- 'match': {
907
- condition['field']: condition['value']
908
- }
909
- })
910
-
911
- return {
912
- 'query': {
913
- 'bool': {
914
- 'must': must_clauses,
915
- 'filter': {
916
- 'range': {
917
- '@timestamp': {
918
- 'gte': f'now-{time_window}s'
919
- }
920
- }
921
- }
922
- }
923
- }
924
- }
925
-
926
- def build_pattern_query(conditions):
927
- # Build complex pattern queries
928
- return build_query_from_conditions(conditions, 3600)
929
-
930
- def create_alert(rule, matches):
931
- return {
932
- 'rule_name': rule['name'],
933
- 'severity': rule['severity'],
934
- 'description': rule['description'],
935
- 'matches': len(matches),
936
- 'timestamp': datetime.utcnow().isoformat(),
937
- 'actions': rule['actions']
938
- }
939
-
940
- def send_alert(alert):
941
- sns = boto3.client('sns')
942
-
943
- message = {
944
- 'default': json.dumps(alert),
945
- 'email': format_email_alert(alert),
946
- 'sms': format_sms_alert(alert)
947
- }
948
-
949
- sns.publish(
950
- TopicArn=os.environ['SNS_TOPIC_ARN'],
951
- Message=json.dumps(message),
952
- MessageStructure='json',
953
- Subject=f"SIEM Alert: {alert['rule_name']} - {alert['severity'].upper()}"
954
- )
955
-
956
- def format_email_alert(alert):
957
- return f"""
958
- Security Alert: {alert['rule_name']}
959
-
960
- Severity: {alert['severity'].upper()}
961
- Time: {alert['timestamp']}
962
-
963
- Description: {alert['description']}
964
-
965
- Number of matches: {alert['matches']}
966
-
967
- Required Actions: {', '.join(alert['actions'])}
968
- """
969
-
970
- def format_sms_alert(alert):
971
- return f"SIEM Alert: {alert['rule_name']} ({alert['severity']}) - {alert['matches']} matches detected"
972
-
973
- def get_auth():
974
- # Implement authentication for OpenSearch
975
- # This could use IAM roles or stored credentials
976
- return None
977
- PYTHON
978
- end
979
-
980
- def generate_ml_detection_code
981
- <<~PYTHON
982
- import json
983
- import boto3
984
- import os
985
- import numpy as np
986
- from opensearchpy import OpenSearch
987
- from datetime import datetime, timedelta
988
- from sklearn.ensemble import IsolationForest
989
- from sklearn.preprocessing import StandardScaler
990
-
991
- def lambda_handler(event, context):
992
- # Initialize OpenSearch client
993
- es = OpenSearch(
994
- hosts=[{'host': os.environ['OPENSEARCH_ENDPOINT'], 'port': 443}],
995
- http_auth=get_auth(),
996
- use_ssl=True,
997
- verify_certs=True
998
- )
999
-
1000
- # Load anomaly detectors configuration
1001
- detectors = json.loads(os.environ['ANOMALY_DETECTORS'])
1002
-
1003
- results = []
1004
- for detector in detectors:
1005
- anomalies = run_anomaly_detection(es, detector)
1006
- if anomalies:
1007
- results.extend(anomalies)
1008
-
1009
- # Run behavior analytics if enabled
1010
- if os.environ.get('ENABLE_BEHAVIOR_ANALYTICS', 'false').lower() == 'true':
1011
- behavior_anomalies = run_behavior_analytics(es)
1012
- results.extend(behavior_anomalies)
1013
-
1014
- return {
1015
- 'statusCode': 200,
1016
- 'body': json.dumps({
1017
- 'anomalies_detected': len(results),
1018
- 'results': results
1019
- })
1020
- }
1021
-
1022
- def run_anomaly_detection(es, detector):
1023
- # Fetch data for analysis
1024
- data = fetch_detector_data(es, detector)
1025
-
1026
- if not data:
1027
- return []
1028
-
1029
- # Prepare features
1030
- features = prepare_features(data, detector)
1031
-
1032
- # Run anomaly detection based on type
1033
- if detector['type'] == 'statistical':
1034
- return detect_statistical_anomalies(features, detector)
1035
- elif detector['type'] == 'machine_learning':
1036
- return detect_ml_anomalies(features, detector)
1037
- elif detector['type'] == 'pattern_based':
1038
- return detect_pattern_anomalies(data, detector)
1039
-
1040
- return []
1041
-
1042
- def fetch_detector_data(es, detector):
1043
- # Fetch relevant data based on detector configuration
1044
- baseline_period = detector.get('baseline_period', 7)
1045
-
1046
- query = {
1047
- 'query': {
1048
- 'range': {
1049
- '@timestamp': {
1050
- 'gte': f'now-{baseline_period}d'
1051
- }
1052
- }
1053
- },
1054
- 'size': 10000,
1055
- 'sort': [{'@timestamp': 'desc'}]
1056
- }
1057
-
1058
- response = es.search(index='siem-*', body=query)
1059
- return [hit['_source'] for hit in response['hits']['hits']]
1060
-
1061
- def prepare_features(data, detector):
1062
- # Extract numerical features for ML analysis
1063
- features = []
1064
-
1065
- for record in data:
1066
- feature_vector = []
1067
-
1068
- # Extract relevant features based on detector config
1069
- if 'response_time' in record:
1070
- feature_vector.append(float(record['response_time']))
1071
- if 'bytes_transferred' in record:
1072
- feature_vector.append(float(record['bytes_transferred']))
1073
- if 'error_count' in record:
1074
- feature_vector.append(float(record['error_count']))
1075
-
1076
- if feature_vector:
1077
- features.append(feature_vector)
1078
-
1079
- return np.array(features) if features else np.array([])
1080
-
1081
- def detect_statistical_anomalies(features, detector):
1082
- if len(features) == 0:
1083
- return []
1084
-
1085
- # Calculate statistics
1086
- mean = np.mean(features, axis=0)
1087
- std = np.std(features, axis=0)
1088
-
1089
- # Detect outliers
1090
- anomalies = []
1091
- sensitivity_factor = {
1092
- 'low': 3,
1093
- 'medium': 2,
1094
- 'high': 1
1095
- }.get(detector.get('sensitivity', 'medium'), 2)
1096
-
1097
- for i, feature in enumerate(features):
1098
- z_scores = np.abs((feature - mean) / (std + 1e-10))
1099
- if np.any(z_scores > sensitivity_factor):
1100
- anomalies.append({
1101
- 'type': 'statistical_anomaly',
1102
- 'detector': detector['name'],
1103
- 'index': i,
1104
- 'z_scores': z_scores.tolist(),
1105
- 'severity': calculate_severity(z_scores, sensitivity_factor)
1106
- })
1107
-
1108
- return anomalies
1109
-
1110
- def detect_ml_anomalies(features, detector):
1111
- if len(features) < 10:
1112
- return []
1113
-
1114
- # Normalize features
1115
- scaler = StandardScaler()
1116
- features_normalized = scaler.fit_transform(features)
1117
-
1118
- # Train Isolation Forest
1119
- contamination = {
1120
- 'low': 0.01,
1121
- 'medium': 0.05,
1122
- 'high': 0.1
1123
- }.get(detector.get('sensitivity', 'medium'), 0.05)
1124
-
1125
- model = IsolationForest(
1126
- contamination=contamination,
1127
- random_state=42
1128
- )
1129
-
1130
- predictions = model.fit_predict(features_normalized)
1131
-
1132
- # Identify anomalies
1133
- anomalies = []
1134
- for i, pred in enumerate(predictions):
1135
- if pred == -1:
1136
- anomalies.append({
1137
- 'type': 'ml_anomaly',
1138
- 'detector': detector['name'],
1139
- 'index': i,
1140
- 'anomaly_score': model.score_samples([features_normalized[i]])[0],
1141
- 'severity': 'high' if model.score_samples([features_normalized[i]])[0] < -0.5 else 'medium'
1142
- })
1143
-
1144
- return anomalies
1145
-
1146
- def detect_pattern_anomalies(data, detector):
1147
- # Implement pattern-based anomaly detection
1148
- # Look for unusual patterns in categorical data
1149
- anomalies = []
1150
-
1151
- # Example: Detect unusual user behavior patterns
1152
- user_activities = {}
1153
- for record in data:
1154
- if 'user_id' in record and 'action' in record:
1155
- user_id = record['user_id']
1156
- if user_id not in user_activities:
1157
- user_activities[user_id] = []
1158
- user_activities[user_id].append(record['action'])
1159
-
1160
- # Detect anomalous activity sequences
1161
- for user_id, activities in user_activities.items():
1162
- if is_anomalous_sequence(activities):
1163
- anomalies.append({
1164
- 'type': 'pattern_anomaly',
1165
- 'detector': detector['name'],
1166
- 'user_id': user_id,
1167
- 'pattern': activities[-10:], # Last 10 activities
1168
- 'severity': 'high'
1169
- })
1170
-
1171
- return anomalies
1172
-
1173
- def run_behavior_analytics(es):
1174
- # Implement User and Entity Behavior Analytics (UEBA)
1175
- anomalies = []
1176
-
1177
- # Analyze user behavior
1178
- user_anomalies = analyze_user_behavior(es)
1179
- anomalies.extend(user_anomalies)
1180
-
1181
- # Analyze entity behavior
1182
- entity_anomalies = analyze_entity_behavior(es)
1183
- anomalies.extend(entity_anomalies)
1184
-
1185
- return anomalies
1186
-
1187
- def analyze_user_behavior(es):
1188
- # Implement user behavior analysis
1189
- # Look for unusual login times, locations, access patterns
1190
- return []
1191
-
1192
- def analyze_entity_behavior(es):
1193
- # Implement entity behavior analysis
1194
- # Look for unusual system behavior, process execution, network connections
1195
- return []
1196
-
1197
- def is_anomalous_sequence(activities):
1198
- # Implement sequence anomaly detection logic
1199
- # This is a simplified example
1200
- suspicious_sequences = [
1201
- ['login', 'privilege_escalation', 'data_export'],
1202
- ['failed_login', 'failed_login', 'failed_login', 'successful_login'],
1203
- ['access_sensitive_data', 'download_large_file', 'delete_logs']
1204
- ]
1205
-
1206
- for suspicious in suspicious_sequences:
1207
- if all(activity in activities for activity in suspicious):
1208
- return True
1209
-
1210
- return False
1211
-
1212
- def calculate_severity(z_scores, threshold):
1213
- max_z = np.max(z_scores)
1214
- if max_z > threshold * 2:
1215
- return 'critical'
1216
- elif max_z > threshold * 1.5:
1217
- return 'high'
1218
- elif max_z > threshold:
1219
- return 'medium'
1220
- else:
1221
- return 'low'
1222
-
1223
- def get_auth():
1224
- # Implement authentication
1225
- return None
1226
- PYTHON
1227
- end
1228
-
1229
- def create_alert_topic(name, attrs, resources)
1230
- topic_name = component_resource_name(name, :alert_topic)
1231
- topic = aws_sns_topic(topic_name, {
1232
- name: "siem-alerts-#{name}",
1233
- kms_master_key_id: resources[:kms_keys][:main].id,
1234
- tags: component_tags('siem_security_platform', name, attrs.tags)
1235
- })
1236
-
1237
- resources[:sns_topics][:alerts] = topic
1238
- topic.arn
1239
- end
1240
-
1241
- def create_correlation_engine(name, attrs, resources)
1242
- # Create Step Functions state machine for correlation workflow
1243
- state_machine_name = component_resource_name(name, :correlation_engine)
1244
-
1245
- resources[:step_functions][:correlation_engine] = aws_sfn_state_machine(state_machine_name, {
1246
- name: "siem-correlation-engine-#{name}",
1247
- role_arn: create_step_functions_role(name, "correlation", attrs, resources),
1248
-
1249
- definition: JSON.pretty_generate({
1250
- Comment: "SIEM Correlation Engine",
1251
- StartAt: "CollectEvents",
1252
- States: {
1253
- CollectEvents: {
1254
- Type: "Task",
1255
- Resource: resources[:lambda_functions][:correlation].arn,
1256
- Next: "EvaluateRules"
1257
- },
1258
- EvaluateRules: {
1259
- Type: "Parallel",
1260
- Branches: attrs.correlation_rules.map do |rule|
1261
- {
1262
- StartAt: "Evaluate#{rule[:name].gsub(/\s+/, '')}",
1263
- States: {
1264
- "Evaluate#{rule[:name].gsub(/\s+/, '')}" => {
1265
- Type: "Task",
1266
- Resource: resources[:lambda_functions][:correlation].arn,
1267
- Parameters: {
1268
- "rule.$" => rule.to_json,
1269
- "events.$" => "$"
1270
- },
1271
- End: true
1272
- }
1273
- }
1274
- }
1275
- end,
1276
- Next: "ProcessAlerts"
1277
- },
1278
- ProcessAlerts: {
1279
- Type: "Task",
1280
- Resource: "arn:aws:states:::lambda:invoke",
1281
- Parameters: {
1282
- FunctionName: resources[:lambda_functions][:correlation].arn,
1283
- Payload: {
1284
- "action" => "process_alerts",
1285
- "results.$" => "$"
1286
- }
1287
- },
1288
- End: true
1289
- }
1290
- }
1291
- }),
1292
-
1293
- tags: component_tags('siem_security_platform', name, attrs.tags)
1294
- })
1295
- end
1296
-
1297
- def create_step_functions_role(name, purpose, attrs, resources)
1298
- role_name = component_resource_name(name, :sfn_role, purpose)
1299
- role = aws_iam_role(role_name, {
1300
- name: role_name.to_s,
1301
- assume_role_policy: JSON.pretty_generate({
1302
- Version: "2012-10-17",
1303
- Statement: [{
1304
- Action: "sts:AssumeRole",
1305
- Effect: "Allow",
1306
- Principal: {
1307
- Service: "states.amazonaws.com"
1308
- }
1309
- }]
1310
- }),
1311
- tags: component_tags('siem_security_platform', name, attrs.tags)
1312
- })
1313
-
1314
- aws_iam_role_policy(:"#{role_name}_policy", {
1315
- role: role.id,
1316
- policy: JSON.pretty_generate({
1317
- Version: "2012-10-17",
1318
- Statement: [
1319
- {
1320
- Effect: "Allow",
1321
- Action: [
1322
- "lambda:InvokeFunction"
1323
- ],
1324
- Resource: "arn:aws:lambda:*:*:function:siem-*"
1325
- },
1326
- {
1327
- Effect: "Allow",
1328
- Action: [
1329
- "xray:PutTraceSegments",
1330
- "xray:PutTelemetryRecords"
1331
- ],
1332
- Resource: "*"
1333
- }
1334
- ]
1335
- })
1336
- })
1337
-
1338
- role.arn
1339
- end
1340
-
1341
- def create_threat_detection(name, attrs, resources)
1342
- # Create DynamoDB table for threat intelligence
1343
- if attrs.threat_detection[:threat_intel_feeds] && !attrs.threat_detection[:threat_intel_feeds].empty?
1344
- table_name = component_resource_name(name, :threat_intel_table)
1345
- resources[:dynamodb_tables] ||= {}
1346
- resources[:dynamodb_tables][:threat_intel] = aws_dynamodb_table(table_name, {
1347
- name: "siem-threat-intel-#{name}",
1348
- billing_mode: "PAY_PER_REQUEST",
1349
-
1350
- attribute: [
1351
- {
1352
- name: "indicator",
1353
- type: "S"
1354
- },
1355
- {
1356
- name: "indicator_type",
1357
- type: "S"
1358
- }
1359
- ],
1360
-
1361
- hash_key: "indicator",
1362
- range_key: "indicator_type",
1363
-
1364
- global_secondary_index: [
1365
- {
1366
- name: "TypeIndex",
1367
- hash_key: "indicator_type",
1368
- projection_type: "ALL"
1369
- }
1370
- ],
1371
-
1372
- point_in_time_recovery: {
1373
- enabled: true
1374
- },
1375
-
1376
- server_side_encryption: {
1377
- enabled: true,
1378
- kms_key_id: resources[:kms_keys][:main].id
1379
- },
1380
-
1381
- tags: component_tags('siem_security_platform', name, attrs.tags)
1382
- })
1383
-
1384
- # Create Lambda for threat intel updates
1385
- threat_intel_lambda = component_resource_name(name, :threat_intel_updater)
1386
- resources[:lambda_functions][:threat_intel_updater] = aws_lambda_function(threat_intel_lambda, {
1387
- function_name: "siem-threat-intel-updater-#{name}",
1388
- runtime: "python3.11",
1389
- handler: "index.lambda_handler",
1390
- role: create_lambda_execution_role(name, "threat-intel-updater", attrs, resources),
1391
- timeout: 900,
1392
- memory_size: 1024,
1393
-
1394
- environment: {
1395
- variables: {
1396
- THREAT_INTEL_TABLE: resources[:dynamodb_tables][:threat_intel].name,
1397
- THREAT_FEEDS: JSON.generate(attrs.threat_detection[:threat_intel_feeds])
1398
- }
1399
- },
1400
-
1401
- code: {
1402
- zip_file: generate_threat_intel_updater_code()
1403
- },
1404
-
1405
- tags: component_tags('siem_security_platform', name, attrs.tags)
1406
- })
1407
-
1408
- # Schedule threat intel updates
1409
- attrs.threat_detection[:threat_intel_feeds].each do |feed|
1410
- rule_name = component_resource_name(name, :threat_intel_rule, feed[:name])
1411
- rule = aws_cloudwatch_event_rule(rule_name, {
1412
- name: "siem-threat-intel-#{name}-#{feed[:name]}",
1413
- description: "Update threat intelligence feed: #{feed[:name]}",
1414
- schedule_expression: "rate(#{feed[:update_frequency] / 60} minutes)",
1415
- tags: component_tags('siem_security_platform', name, attrs.tags)
1416
- })
1417
-
1418
- aws_cloudwatch_event_target(:"#{rule_name}_target", {
1419
- rule: rule.name,
1420
- arn: resources[:lambda_functions][:threat_intel_updater].arn,
1421
- input: JSON.generate({ feed: feed })
1422
- })
1423
-
1424
- resources[:event_rules][:"threat_intel_#{feed[:name]}"] = rule
1425
- end
1426
- end
1427
- end
1428
-
1429
- def generate_threat_intel_updater_code
1430
- <<~PYTHON
1431
- import json
1432
- import boto3
1433
- import os
1434
- import requests
1435
- from datetime import datetime
1436
-
1437
- dynamodb = boto3.resource('dynamodb')
1438
-
1439
- def lambda_handler(event, context):
1440
- table = dynamodb.Table(os.environ['THREAT_INTEL_TABLE'])
1441
- feed = event.get('feed', {})
1442
-
1443
- # Fetch threat intelligence data
1444
- indicators = fetch_threat_feed(feed)
1445
-
1446
- # Update DynamoDB table
1447
- with table.batch_writer() as batch:
1448
- for indicator in indicators:
1449
- batch.put_item(Item={
1450
- 'indicator': indicator['value'],
1451
- 'indicator_type': indicator['type'],
1452
- 'severity': indicator.get('severity', 'medium'),
1453
- 'source': feed['name'],
1454
- 'last_seen': datetime.utcnow().isoformat(),
1455
- 'metadata': indicator.get('metadata', {})
1456
- })
1457
-
1458
- return {
1459
- 'statusCode': 200,
1460
- 'body': json.dumps({
1461
- 'feed': feed['name'],
1462
- 'indicators_updated': len(indicators)
1463
- })
1464
- }
1465
-
1466
- def fetch_threat_feed(feed):
1467
- indicators = []
1468
-
1469
- if feed['type'] == 'ip_reputation':
1470
- indicators.extend(fetch_ip_reputation(feed))
1471
- elif feed['type'] == 'domain_reputation':
1472
- indicators.extend(fetch_domain_reputation(feed))
1473
- elif feed['type'] == 'file_hash':
1474
- indicators.extend(fetch_file_hashes(feed))
1475
- elif feed['type'] == 'indicators':
1476
- indicators.extend(fetch_generic_indicators(feed))
1477
-
1478
- return indicators
1479
-
1480
- def fetch_ip_reputation(feed):
1481
- # Implement IP reputation feed fetching
1482
- # This is a placeholder - real implementation would fetch from actual feeds
1483
- return [
1484
- {'value': '192.168.1.100', 'type': 'ip', 'severity': 'high'},
1485
- {'value': '10.0.0.50', 'type': 'ip', 'severity': 'medium'}
1486
- ]
1487
-
1488
- def fetch_domain_reputation(feed):
1489
- # Implement domain reputation feed fetching
1490
- return [
1491
- {'value': 'malicious.com', 'type': 'domain', 'severity': 'critical'},
1492
- {'value': 'suspicious.net', 'type': 'domain', 'severity': 'high'}
1493
- ]
1494
-
1495
- def fetch_file_hashes(feed):
1496
- # Implement file hash feed fetching
1497
- return [
1498
- {'value': 'd41d8cd98f00b204e9800998ecf8427e', 'type': 'md5', 'severity': 'high'},
1499
- {'value': 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855', 'type': 'sha256', 'severity': 'critical'}
1500
- ]
1501
-
1502
- def fetch_generic_indicators(feed):
1503
- # Implement generic indicator fetching
1504
- if feed.get('source_url'):
1505
- try:
1506
- response = requests.get(feed['source_url'], timeout=30)
1507
- if response.status_code == 200:
1508
- # Parse response based on format
1509
- return parse_indicators(response.text, feed)
1510
- except Exception as e:
1511
- print(f"Error fetching feed {feed['name']}: {str(e)}")
1512
-
1513
- return []
1514
-
1515
- def parse_indicators(data, feed):
1516
- # Parse indicators from raw data
1517
- indicators = []
1518
-
1519
- # Simple line-based parsing example
1520
- for line in data.split('\\n'):
1521
- line = line.strip()
1522
- if line and not line.startswith('#'):
1523
- indicators.append({
1524
- 'value': line,
1525
- 'type': 'unknown',
1526
- 'severity': 'medium'
1527
- })
1528
-
1529
- return indicators
1530
- PYTHON
1531
- end
1532
-
1533
- def create_incident_response(name, attrs, resources)
1534
- return unless attrs.incident_response[:enable_automated_response]
1535
-
1536
- # Create Step Functions for incident response workflows
1537
- state_machine_name = component_resource_name(name, :incident_response)
1538
-
1539
- resources[:step_functions][:incident_response] = aws_sfn_state_machine(state_machine_name, {
1540
- name: "siem-incident-response-#{name}",
1541
- role_arn: create_step_functions_role(name, "incident-response", attrs, resources),
1542
-
1543
- definition: JSON.pretty_generate({
1544
- Comment: "SIEM Incident Response Workflow",
1545
- StartAt: "ClassifyIncident",
1546
- States: {
1547
- ClassifyIncident: {
1548
- Type: "Task",
1549
- Resource: "arn:aws:states:::lambda:invoke",
1550
- Parameters: {
1551
- FunctionName: create_incident_classifier(name, attrs, resources),
1552
- Payload: {
1553
- "incident.$" => "$"
1554
- }
1555
- },
1556
- Next: "DetermineSeverity"
1557
- },
1558
- DetermineSeverity: {
1559
- Type: "Choice",
1560
- Choices: [
1561
- {
1562
- Variable: "$.severity",
1563
- StringEquals: "critical",
1564
- Next: "CriticalResponse"
1565
- },
1566
- {
1567
- Variable: "$.severity",
1568
- StringEquals: "high",
1569
- Next: "HighResponse"
1570
- },
1571
- {
1572
- Variable: "$.severity",
1573
- StringEquals: "medium",
1574
- Next: "MediumResponse"
1575
- }
1576
- ],
1577
- Default: "LowResponse"
1578
- },
1579
- CriticalResponse: {
1580
- Type: "Parallel",
1581
- Branches: [
1582
- {
1583
- StartAt: "IsolateResource",
1584
- States: {
1585
- IsolateResource: {
1586
- Type: "Task",
1587
- Resource: "arn:aws:states:::lambda:invoke",
1588
- Parameters: {
1589
- FunctionName: create_isolation_lambda(name, attrs, resources),
1590
- Payload: {
1591
- "action" => "isolate",
1592
- "resource.$" => "$.affected_resource"
1593
- }
1594
- },
1595
- End: true
1596
- }
1597
- }
1598
- },
1599
- {
1600
- StartAt: "NotifySOC",
1601
- States: {
1602
- NotifySOC: {
1603
- Type: "Task",
1604
- Resource: "arn:aws:states:::sns:publish",
1605
- Parameters: {
1606
- TopicArn: resources[:sns_topics][:alerts].arn,
1607
- Message: {
1608
- "incident.$" => "$",
1609
- "priority" => "CRITICAL"
1610
- }
1611
- },
1612
- End: true
1613
- }
1614
- }
1615
- },
1616
- {
1617
- StartAt: "CollectForensics",
1618
- States: {
1619
- CollectForensics: {
1620
- Type: "Task",
1621
- Resource: "arn:aws:states:::lambda:invoke",
1622
- Parameters: {
1623
- FunctionName: create_forensics_lambda(name, attrs, resources),
1624
- Payload: {
1625
- "action" => "collect",
1626
- "incident.$" => "$"
1627
- }
1628
- },
1629
- End: true
1630
- }
1631
- }
1632
- }
1633
- ],
1634
- Next: "CreateIncidentTicket"
1635
- },
1636
- HighResponse: {
1637
- Type: "Task",
1638
- Resource: "arn:aws:states:::lambda:invoke",
1639
- Parameters: {
1640
- FunctionName: create_response_lambda(name, attrs, resources),
1641
- Payload: {
1642
- "severity" => "high",
1643
- "incident.$" => "$"
1644
- }
1645
- },
1646
- Next: "CreateIncidentTicket"
1647
- },
1648
- MediumResponse: {
1649
- Type: "Task",
1650
- Resource: "arn:aws:states:::lambda:invoke",
1651
- Parameters: {
1652
- FunctionName: create_response_lambda(name, attrs, resources),
1653
- Payload: {
1654
- "severity" => "medium",
1655
- "incident.$" => "$"
1656
- }
1657
- },
1658
- Next: "CreateIncidentTicket"
1659
- },
1660
- LowResponse: {
1661
- Type: "Task",
1662
- Resource: "arn:aws:states:::lambda:invoke",
1663
- Parameters: {
1664
- FunctionName: create_response_lambda(name, attrs, resources),
1665
- Payload: {
1666
- "severity" => "low",
1667
- "incident.$" => "$"
1668
- }
1669
- },
1670
- Next: "CreateIncidentTicket"
1671
- },
1672
- CreateIncidentTicket: {
1673
- Type: "Task",
1674
- Resource: "arn:aws:states:::lambda:invoke",
1675
- Parameters: {
1676
- FunctionName: create_ticketing_lambda(name, attrs, resources),
1677
- Payload: {
1678
- "action" => "create_ticket",
1679
- "incident.$" => "$"
1680
- }
1681
- },
1682
- End: true
1683
- }
1684
- }
1685
- }),
1686
-
1687
- tags: component_tags('siem_security_platform', name, attrs.tags)
1688
- })
1689
-
1690
- # Create playbook executions for configured playbooks
1691
- attrs.incident_response[:playbooks].each do |playbook|
1692
- create_playbook_execution(name, playbook, attrs, resources)
1693
- end
1694
- end
1695
-
1696
- def create_incident_classifier(name, attrs, resources)
1697
- lambda_name = component_resource_name(name, :incident_classifier)
1698
- lambda = aws_lambda_function(lambda_name, {
1699
- function_name: "siem-incident-classifier-#{name}",
1700
- runtime: "python3.11",
1701
- handler: "index.lambda_handler",
1702
- role: create_lambda_execution_role(name, "incident-classifier", attrs, resources),
1703
- timeout: 60,
1704
-
1705
- code: {
1706
- zip_file: <<~PYTHON
1707
- import json
1708
-
1709
- def lambda_handler(event, context):
1710
- incident = event.get('incident', {})
1711
-
1712
- # Classify incident based on rules
1713
- severity = classify_severity(incident)
1714
- category = classify_category(incident)
1715
-
1716
- return {
1717
- 'statusCode': 200,
1718
- 'severity': severity,
1719
- 'category': category,
1720
- 'incident': incident
1721
- }
1722
-
1723
- def classify_severity(incident):
1724
- # Implement severity classification logic
1725
- indicators = incident.get('indicators', [])
1726
-
1727
- if any(ind.get('severity') == 'critical' for ind in indicators):
1728
- return 'critical'
1729
- elif any(ind.get('severity') == 'high' for ind in indicators):
1730
- return 'high'
1731
- elif len(indicators) > 10:
1732
- return 'high'
1733
- elif len(indicators) > 5:
1734
- return 'medium'
1735
- else:
1736
- return 'low'
1737
-
1738
- def classify_category(incident):
1739
- # Implement category classification
1740
- event_types = incident.get('event_types', [])
1741
-
1742
- if 'malware' in event_types:
1743
- return 'malware'
1744
- elif 'unauthorized_access' in event_types:
1745
- return 'unauthorized_access'
1746
- elif 'data_exfiltration' in event_types:
1747
- return 'data_breach'
1748
- else:
1749
- return 'unknown'
1750
- PYTHON
1751
- },
1752
-
1753
- tags: component_tags('siem_security_platform', name, attrs.tags)
1754
- })
1755
-
1756
- resources[:lambda_functions][:incident_classifier] = lambda
1757
- lambda.arn
1758
- end
1759
-
1760
- def create_isolation_lambda(name, attrs, resources)
1761
- lambda_name = component_resource_name(name, :isolation_lambda)
1762
- lambda = aws_lambda_function(lambda_name, {
1763
- function_name: "siem-isolation-#{name}",
1764
- runtime: "python3.11",
1765
- handler: "index.lambda_handler",
1766
- role: create_isolation_role(name, attrs, resources),
1767
- timeout: 300,
1768
-
1769
- code: {
1770
- zip_file: <<~PYTHON
1771
- import json
1772
- import boto3
1773
-
1774
- ec2 = boto3.client('ec2')
1775
-
1776
- def lambda_handler(event, context):
1777
- action = event.get('action')
1778
- resource = event.get('resource', {})
1779
-
1780
- if action == 'isolate':
1781
- result = isolate_resource(resource)
1782
- elif action == 'restore':
1783
- result = restore_resource(resource)
1784
- else:
1785
- result = {'error': 'Unknown action'}
1786
-
1787
- return {
1788
- 'statusCode': 200,
1789
- 'body': json.dumps(result)
1790
- }
1791
-
1792
- def isolate_resource(resource):
1793
- resource_type = resource.get('type')
1794
- resource_id = resource.get('id')
1795
-
1796
- if resource_type == 'ec2_instance':
1797
- return isolate_ec2_instance(resource_id)
1798
- elif resource_type == 'security_group':
1799
- return isolate_security_group(resource_id)
1800
- else:
1801
- return {'error': 'Unsupported resource type'}
1802
-
1803
- def isolate_ec2_instance(instance_id):
1804
- # Create isolation security group
1805
- isolation_sg = ec2.create_security_group(
1806
- GroupName=f'isolation-{instance_id}',
1807
- Description='Isolation security group for incident response'
1808
- )
1809
-
1810
- # Remove all ingress rules
1811
- ec2.revoke_security_group_ingress(
1812
- GroupId=isolation_sg['GroupId'],
1813
- IpPermissions=[{
1814
- 'IpProtocol': '-1',
1815
- 'FromPort': -1,
1816
- 'ToPort': -1,
1817
- 'IpRanges': [{'CidrIp': '0.0.0.0/0'}]
1818
- }]
1819
- )
1820
-
1821
- # Apply isolation security group
1822
- ec2.modify_instance_attribute(
1823
- InstanceId=instance_id,
1824
- Groups=[isolation_sg['GroupId']]
1825
- )
1826
-
1827
- return {
1828
- 'action': 'isolated',
1829
- 'instance_id': instance_id,
1830
- 'isolation_sg': isolation_sg['GroupId']
1831
- }
1832
-
1833
- def restore_resource(resource):
1834
- # Implement restoration logic
1835
- return {'action': 'restored', 'resource': resource}
1836
-
1837
- def isolate_security_group(sg_id):
1838
- # Implement security group isolation
1839
- return {'action': 'isolated', 'security_group_id': sg_id}
1840
- PYTHON
1841
- },
1842
-
1843
- tags: component_tags('siem_security_platform', name, attrs.tags)
1844
- })
1845
-
1846
- resources[:lambda_functions][:isolation] = lambda
1847
- lambda.arn
1848
- end
1849
-
1850
- def create_isolation_role(name, attrs, resources)
1851
- role_name = component_resource_name(name, :isolation_role)
1852
- role = aws_iam_role(role_name, {
1853
- name: role_name.to_s,
1854
- assume_role_policy: JSON.pretty_generate({
1855
- Version: "2012-10-17",
1856
- Statement: [{
1857
- Action: "sts:AssumeRole",
1858
- Effect: "Allow",
1859
- Principal: {
1860
- Service: "lambda.amazonaws.com"
1861
- }
1862
- }]
1863
- }),
1864
- tags: component_tags('siem_security_platform', name, attrs.tags)
1865
- })
1866
-
1867
- # Attach policies
1868
- aws_iam_role_policy_attachment(:"#{role_name}_basic", {
1869
- role: role.name,
1870
- policy_arn: "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
1871
- })
1872
-
1873
- # Custom policy for isolation actions
1874
- aws_iam_role_policy(:"#{role_name}_isolation", {
1875
- role: role.id,
1876
- policy: JSON.pretty_generate({
1877
- Version: "2012-10-17",
1878
- Statement: [
1879
- {
1880
- Effect: "Allow",
1881
- Action: [
1882
- "ec2:CreateSecurityGroup",
1883
- "ec2:AuthorizeSecurityGroupIngress",
1884
- "ec2:AuthorizeSecurityGroupEgress",
1885
- "ec2:RevokeSecurityGroupIngress",
1886
- "ec2:RevokeSecurityGroupEgress",
1887
- "ec2:ModifyInstanceAttribute",
1888
- "ec2:DescribeInstances",
1889
- "ec2:DescribeSecurityGroups",
1890
- "ec2:CreateSnapshot",
1891
- "ec2:CreateImage"
1892
- ],
1893
- Resource: "*"
1894
- }
1895
- ]
1896
- })
1897
- })
1898
-
1899
- role.arn
1900
- end
1901
-
1902
- def create_forensics_lambda(name, attrs, resources)
1903
- lambda_name = component_resource_name(name, :forensics_lambda)
1904
- lambda = aws_lambda_function(lambda_name, {
1905
- function_name: "siem-forensics-#{name}",
1906
- runtime: "python3.11",
1907
- handler: "index.lambda_handler",
1908
- role: create_forensics_role(name, attrs, resources),
1909
- timeout: 900,
1910
- memory_size: 3008,
1911
-
1912
- environment: {
1913
- variables: {
1914
- FORENSICS_BUCKET: create_forensics_bucket(name, attrs, resources)
1915
- }
1916
- },
1917
-
1918
- code: {
1919
- zip_file: <<~PYTHON
1920
- import json
1921
- import boto3
1922
- import os
1923
- from datetime import datetime
1924
-
1925
- ec2 = boto3.client('ec2')
1926
- s3 = boto3.client('s3')
1927
- ssm = boto3.client('ssm')
1928
-
1929
- def lambda_handler(event, context):
1930
- action = event.get('action')
1931
- incident = event.get('incident', {})
1932
-
1933
- if action == 'collect':
1934
- result = collect_forensics(incident)
1935
- else:
1936
- result = {'error': 'Unknown action'}
1937
-
1938
- return {
1939
- 'statusCode': 200,
1940
- 'body': json.dumps(result)
1941
- }
1942
-
1943
- def collect_forensics(incident):
1944
- forensics_data = {
1945
- 'incident_id': incident.get('id'),
1946
- 'timestamp': datetime.utcnow().isoformat(),
1947
- 'affected_resources': []
1948
- }
1949
-
1950
- for resource in incident.get('affected_resources', []):
1951
- if resource['type'] == 'ec2_instance':
1952
- forensics = collect_ec2_forensics(resource['id'])
1953
- forensics_data['affected_resources'].append(forensics)
1954
-
1955
- # Store forensics data
1956
- store_forensics_data(forensics_data)
1957
-
1958
- return forensics_data
1959
-
1960
- def collect_ec2_forensics(instance_id):
1961
- forensics = {
1962
- 'instance_id': instance_id,
1963
- 'type': 'ec2_instance',
1964
- 'collected_at': datetime.utcnow().isoformat()
1965
- }
1966
-
1967
- # Create memory dump
1968
- memory_dump = create_memory_dump(instance_id)
1969
- if memory_dump:
1970
- forensics['memory_dump'] = memory_dump
1971
-
1972
- # Create disk snapshot
1973
- snapshot = create_disk_snapshot(instance_id)
1974
- if snapshot:
1975
- forensics['disk_snapshot'] = snapshot
1976
-
1977
- # Collect system information
1978
- system_info = collect_system_info(instance_id)
1979
- if system_info:
1980
- forensics['system_info'] = system_info
1981
-
1982
- # Collect network connections
1983
- network_info = collect_network_info(instance_id)
1984
- if network_info:
1985
- forensics['network_info'] = network_info
1986
-
1987
- return forensics
1988
-
1989
- def create_memory_dump(instance_id):
1990
- # Use SSM to run memory dump command
1991
- try:
1992
- response = ssm.send_command(
1993
- InstanceIds=[instance_id],
1994
- DocumentName='AWS-RunShellScript',
1995
- Parameters={
1996
- 'commands': [
1997
- 'sudo dd if=/dev/mem of=/tmp/memory.dump',
1998
- 'aws s3 cp /tmp/memory.dump s3://{}/forensics/{}/memory.dump'.format(
1999
- os.environ['FORENSICS_BUCKET'],
2000
- instance_id
2001
- )
2002
- ]
2003
- }
2004
- )
2005
- return {
2006
- 'command_id': response['Command']['CommandId'],
2007
- 's3_location': 's3://{}/forensics/{}/memory.dump'.format(
2008
- os.environ['FORENSICS_BUCKET'],
2009
- instance_id
2010
- )
2011
- }
2012
- except Exception as e:
2013
- print(f"Error creating memory dump: {str(e)}")
2014
- return None
2015
-
2016
- def create_disk_snapshot(instance_id):
2017
- try:
2018
- # Get instance volumes
2019
- instance = ec2.describe_instances(InstanceIds=[instance_id])
2020
- volumes = []
2021
-
2022
- for reservation in instance['Reservations']:
2023
- for instance in reservation['Instances']:
2024
- for bdm in instance.get('BlockDeviceMappings', []):
2025
- if 'Ebs' in bdm:
2026
- volume_id = bdm['Ebs']['VolumeId']
2027
-
2028
- # Create snapshot
2029
- snapshot = ec2.create_snapshot(
2030
- VolumeId=volume_id,
2031
- Description=f'Forensics snapshot for incident - {instance_id}'
2032
- )
2033
-
2034
- volumes.append({
2035
- 'volume_id': volume_id,
2036
- 'snapshot_id': snapshot['SnapshotId']
2037
- })
2038
-
2039
- return volumes
2040
- except Exception as e:
2041
- print(f"Error creating snapshot: {str(e)}")
2042
- return None
2043
-
2044
- def collect_system_info(instance_id):
2045
- # Collect system information via SSM
2046
- commands = [
2047
- 'uname -a',
2048
- 'ps aux',
2049
- 'netstat -tulpn',
2050
- 'last -50',
2051
- 'w',
2052
- 'history'
2053
- ]
2054
-
2055
- try:
2056
- response = ssm.send_command(
2057
- InstanceIds=[instance_id],
2058
- DocumentName='AWS-RunShellScript',
2059
- Parameters={'commands': commands}
2060
- )
2061
- return {'command_id': response['Command']['CommandId']}
2062
- except Exception as e:
2063
- print(f"Error collecting system info: {str(e)}")
2064
- return None
2065
-
2066
- def collect_network_info(instance_id):
2067
- # Collect network flow information
2068
- try:
2069
- # Get VPC Flow Logs
2070
- # This is simplified - real implementation would query flow logs
2071
- return {
2072
- 'flow_logs': 'collected',
2073
- 'connections': 'analyzed'
2074
- }
2075
- except Exception as e:
2076
- print(f"Error collecting network info: {str(e)}")
2077
- return None
2078
-
2079
- def store_forensics_data(data):
2080
- # Store forensics data in S3
2081
- key = 'forensics/{}/data.json'.format(data['incident_id'])
2082
-
2083
- s3.put_object(
2084
- Bucket=os.environ['FORENSICS_BUCKET'],
2085
- Key=key,
2086
- Body=json.dumps(data, indent=2),
2087
- ServerSideEncryption='aws:kms'
2088
- )
2089
- PYTHON
2090
- },
2091
-
2092
- tags: component_tags('siem_security_platform', name, attrs.tags)
2093
- })
2094
-
2095
- resources[:lambda_functions][:forensics] = lambda
2096
- lambda.arn
2097
- end
2098
-
2099
- def create_forensics_role(name, attrs, resources)
2100
- role_name = component_resource_name(name, :forensics_role)
2101
- role = aws_iam_role(role_name, {
2102
- name: role_name.to_s,
2103
- assume_role_policy: JSON.pretty_generate({
2104
- Version: "2012-10-17",
2105
- Statement: [{
2106
- Action: "sts:AssumeRole",
2107
- Effect: "Allow",
2108
- Principal: {
2109
- Service: "lambda.amazonaws.com"
2110
- }
2111
- }]
2112
- }),
2113
- tags: component_tags('siem_security_platform', name, attrs.tags)
2114
- })
2115
-
2116
- # Attach policies
2117
- aws_iam_role_policy_attachment(:"#{role_name}_basic", {
2118
- role: role.name,
2119
- policy_arn: "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
2120
- })
2121
-
2122
- # Custom policy for forensics collection
2123
- aws_iam_role_policy(:"#{role_name}_forensics", {
2124
- role: role.id,
2125
- policy: JSON.pretty_generate({
2126
- Version: "2012-10-17",
2127
- Statement: [
2128
- {
2129
- Effect: "Allow",
2130
- Action: [
2131
- "ec2:CreateSnapshot",
2132
- "ec2:DescribeInstances",
2133
- "ec2:DescribeVolumes",
2134
- "ec2:DescribeSnapshots",
2135
- "ssm:SendCommand",
2136
- "ssm:GetCommandInvocation",
2137
- "s3:PutObject",
2138
- "s3:GetObject",
2139
- "kms:Decrypt",
2140
- "kms:GenerateDataKey"
2141
- ],
2142
- Resource: "*"
2143
- }
2144
- ]
2145
- })
2146
- })
2147
-
2148
- role.arn
2149
- end
2150
-
2151
- def create_forensics_bucket(name, attrs, resources)
2152
- bucket_name = component_resource_name(name, :forensics_bucket)
2153
- bucket = create_secure_bucket(
2154
- bucket_name,
2155
- "siem-forensics-#{name}",
2156
- attrs,
2157
- resources
2158
- )
2159
-
2160
- resources[:s3_buckets][:forensics] = bucket
2161
- bucket.id
2162
- end
2163
-
2164
- def create_response_lambda(name, attrs, resources)
2165
- lambda_name = component_resource_name(name, :response_lambda)
2166
- lambda = aws_lambda_function(lambda_name, {
2167
- function_name: "siem-response-#{name}",
2168
- runtime: "python3.11",
2169
- handler: "index.lambda_handler",
2170
- role: create_lambda_execution_role(name, "response", attrs, resources),
2171
- timeout: 300,
2172
-
2173
- code: {
2174
- zip_file: <<~PYTHON
2175
- import json
2176
-
2177
- def lambda_handler(event, context):
2178
- severity = event.get('severity')
2179
- incident = event.get('incident', {})
2180
-
2181
- # Execute response based on severity
2182
- if severity == 'high':
2183
- response = execute_high_severity_response(incident)
2184
- elif severity == 'medium':
2185
- response = execute_medium_severity_response(incident)
2186
- else:
2187
- response = execute_low_severity_response(incident)
2188
-
2189
- return {
2190
- 'statusCode': 200,
2191
- 'body': json.dumps(response)
2192
- }
2193
-
2194
- def execute_high_severity_response(incident):
2195
- # Implement high severity response
2196
- return {
2197
- 'actions_taken': [
2198
- 'blocked_suspicious_ips',
2199
- 'disabled_compromised_accounts',
2200
- 'initiated_forensics_collection'
2201
- ]
2202
- }
2203
-
2204
- def execute_medium_severity_response(incident):
2205
- # Implement medium severity response
2206
- return {
2207
- 'actions_taken': [
2208
- 'increased_monitoring',
2209
- 'notified_security_team'
2210
- ]
2211
- }
2212
-
2213
- def execute_low_severity_response(incident):
2214
- # Implement low severity response
2215
- return {
2216
- 'actions_taken': [
2217
- 'logged_incident',
2218
- 'updated_metrics'
2219
- ]
2220
- }
2221
- PYTHON
2222
- },
2223
-
2224
- tags: component_tags('siem_security_platform', name, attrs.tags)
2225
- })
2226
-
2227
- resources[:lambda_functions][:response] = lambda
2228
- lambda.arn
2229
- end
2230
-
2231
- def create_ticketing_lambda(name, attrs, resources)
2232
- lambda_name = component_resource_name(name, :ticketing_lambda)
2233
- lambda = aws_lambda_function(lambda_name, {
2234
- function_name: "siem-ticketing-#{name}",
2235
- runtime: "python3.11",
2236
- handler: "index.lambda_handler",
2237
- role: create_lambda_execution_role(name, "ticketing", attrs, resources),
2238
- timeout: 60,
2239
-
2240
- environment: {
2241
- variables: {
2242
- INTEGRATIONS: JSON.generate(attrs.integrations.select { |i| i[:type] == 'ticketing' })
2243
- }
2244
- },
2245
-
2246
- code: {
2247
- zip_file: <<~PYTHON
2248
- import json
2249
- import os
2250
- import requests
2251
- from datetime import datetime
2252
-
2253
- def lambda_handler(event, context):
2254
- action = event.get('action')
2255
- incident = event.get('incident', {})
2256
-
2257
- if action == 'create_ticket':
2258
- ticket = create_incident_ticket(incident)
2259
- else:
2260
- ticket = {'error': 'Unknown action'}
2261
-
2262
- return {
2263
- 'statusCode': 200,
2264
- 'body': json.dumps(ticket)
2265
- }
2266
-
2267
- def create_incident_ticket(incident):
2268
- integrations = json.loads(os.environ.get('INTEGRATIONS', '[]'))
2269
-
2270
- ticket = {
2271
- 'title': f"Security Incident: {incident.get('name', 'Unknown')}",
2272
- 'description': format_incident_description(incident),
2273
- 'severity': incident.get('severity', 'medium'),
2274
- 'created_at': datetime.utcnow().isoformat(),
2275
- 'incident_id': incident.get('id')
2276
- }
2277
-
2278
- # Send to configured ticketing systems
2279
- for integration in integrations:
2280
- if integration.get('enabled', True):
2281
- send_to_ticketing_system(ticket, integration)
2282
-
2283
- return ticket
2284
-
2285
- def format_incident_description(incident):
2286
- description = f"""
2287
- Incident ID: {incident.get('id')}
2288
- Severity: {incident.get('severity', 'unknown').upper()}
2289
- Time: {incident.get('timestamp')}
2290
-
2291
- Description: {incident.get('description', 'No description provided')}
2292
-
2293
- Affected Resources:
2294
- """
2295
-
2296
- for resource in incident.get('affected_resources', []):
2297
- description += f"\\n- {resource.get('type')}: {resource.get('id')}"
2298
-
2299
- description += f"\\n\\nIndicators: {len(incident.get('indicators', []))}"
2300
- description += f"\\nActions Taken: {', '.join(incident.get('actions_taken', []))}"
2301
-
2302
- return description
2303
-
2304
- def send_to_ticketing_system(ticket, integration):
2305
- # Implement integration with ticketing systems
2306
- # This is a placeholder - real implementation would use actual APIs
2307
- endpoint = integration.get('endpoint')
2308
-
2309
- if endpoint:
2310
- try:
2311
- response = requests.post(
2312
- endpoint,
2313
- json=ticket,
2314
- headers={'Authorization': f"Bearer {get_api_key(integration)}"},
2315
- timeout=30
2316
- )
2317
- return response.json()
2318
- except Exception as e:
2319
- print(f"Error sending to ticketing system: {str(e)}")
2320
-
2321
- return None
2322
-
2323
- def get_api_key(integration):
2324
- # Retrieve API key from Secrets Manager
2325
- # This is simplified - real implementation would use boto3
2326
- return "placeholder-api-key"
2327
- PYTHON
2328
- },
2329
-
2330
- tags: component_tags('siem_security_platform', name, attrs.tags)
2331
- })
2332
-
2333
- resources[:lambda_functions][:ticketing] = lambda
2334
- lambda.arn
2335
- end
2336
-
2337
- def create_playbook_execution(name, playbook, attrs, resources)
2338
- # Create Lambda for playbook execution
2339
- playbook_lambda_name = component_resource_name(name, :playbook, playbook[:name])
2340
-
2341
- resources[:lambda_functions][:"playbook_#{playbook[:name]}"] = aws_lambda_function(playbook_lambda_name, {
2342
- function_name: "siem-playbook-#{name}-#{playbook[:name]}",
2343
- runtime: "python3.11",
2344
- handler: "index.lambda_handler",
2345
- role: create_lambda_execution_role(name, "playbook-#{playbook[:name]}", attrs, resources),
2346
- timeout: 900,
2347
-
2348
- environment: {
2349
- variables: {
2350
- PLAYBOOK_NAME: playbook[:name],
2351
- PLAYBOOK_STEPS: JSON.generate(playbook[:steps])
2352
- }
2353
- },
2354
-
2355
- code: {
2356
- zip_file: generate_playbook_code(playbook)
2357
- },
2358
-
2359
- tags: component_tags('siem_security_platform', name, attrs.tags)
2360
- })
2361
- end
2362
-
2363
- def generate_playbook_code(playbook)
2364
- <<~PYTHON
2365
- import json
2366
- import os
2367
- import boto3
2368
-
2369
- def lambda_handler(event, context):
2370
- playbook_name = os.environ['PLAYBOOK_NAME']
2371
- steps = json.loads(os.environ['PLAYBOOK_STEPS'])
2372
-
2373
- results = []
2374
- for step in steps:
2375
- result = execute_step(step, event)
2376
- results.append(result)
2377
-
2378
- # Stop if step fails and is marked as critical
2379
- if not result['success'] and step.get('critical', False):
2380
- break
2381
-
2382
- return {
2383
- 'statusCode': 200,
2384
- 'body': json.dumps({
2385
- 'playbook': playbook_name,
2386
- 'results': results
2387
- })
2388
- }
2389
-
2390
- def execute_step(step, context):
2391
- step_type = step.get('type')
2392
-
2393
- if step_type == 'notify':
2394
- return notify_step(step, context)
2395
- elif step_type == 'isolate':
2396
- return isolate_step(step, context)
2397
- elif step_type == 'block':
2398
- return block_step(step, context)
2399
- elif step_type == 'collect':
2400
- return collect_step(step, context)
2401
- elif step_type == 'analyze':
2402
- return analyze_step(step, context)
2403
- else:
2404
- return {'success': False, 'error': 'Unknown step type'}
2405
-
2406
- def notify_step(step, context):
2407
- # Implement notification logic
2408
- return {'success': True, 'action': 'notified', 'details': step}
2409
-
2410
- def isolate_step(step, context):
2411
- # Implement isolation logic
2412
- return {'success': True, 'action': 'isolated', 'details': step}
2413
-
2414
- def block_step(step, context):
2415
- # Implement blocking logic
2416
- return {'success': True, 'action': 'blocked', 'details': step}
2417
-
2418
- def collect_step(step, context):
2419
- # Implement collection logic
2420
- return {'success': True, 'action': 'collected', 'details': step}
2421
-
2422
- def analyze_step(step, context):
2423
- # Implement analysis logic
2424
- return {'success': True, 'action': 'analyzed', 'details': step}
2425
- PYTHON
2426
- end
2427
-
2428
- def create_monitoring(name, attrs, resources)
2429
- # Create CloudWatch dashboard
2430
- dashboard_name = component_resource_name(name, :dashboard)
2431
-
2432
- dashboard_body = {
2433
- widgets: [
2434
- {
2435
- type: "metric",
2436
- properties: {
2437
- metrics: [
2438
- ["AWS/ES", "ClusterUsedSpace", { stat: "Average" }],
2439
- [".", "ClusterIndexWritesBlocked", { stat: "Sum" }],
2440
- [".", "ClusterStatus.green", { stat: "Average" }]
2441
- ],
2442
- period: 300,
2443
- stat: "Average",
2444
- region: aws_region,
2445
- title: "OpenSearch Cluster Health"
2446
- }
2447
- },
2448
- {
2449
- type: "metric",
2450
- properties: {
2451
- metrics: [
2452
- ["AWS/Kinesis/Firehose", "IncomingRecords", { stat: "Sum" }],
2453
- [".", "DeliveryToElasticsearch.Success", { stat: "Sum" }],
2454
- [".", "DeliveryToElasticsearch.DataFreshness", { stat: "Average" }]
2455
- ],
2456
- period: 300,
2457
- stat: "Sum",
2458
- region: aws_region,
2459
- title: "Data Ingestion Metrics"
2460
- }
2461
- }
2462
- ]
2463
- }
2464
-
2465
- aws_cloudwatch_dashboard(dashboard_name, {
2466
- dashboard_name: "siem-#{name}",
2467
- dashboard_body: JSON.pretty_generate(dashboard_body)
2468
- })
2469
-
2470
- # Create alarms for critical metrics
2471
- create_siem_alarms(name, attrs, resources)
2472
- end
2473
-
2474
- def create_siem_alarms(name, attrs, resources)
2475
- # OpenSearch cluster health alarm
2476
- cluster_health_alarm = component_resource_name(name, :cluster_health_alarm)
2477
- resources[:alarms][:cluster_health] = aws_cloudwatch_metric_alarm(cluster_health_alarm, {
2478
- alarm_name: "siem-cluster-health-#{name}",
2479
- alarm_description: "Alert when OpenSearch cluster is not green",
2480
- metric_name: "ClusterStatus.green",
2481
- namespace: "AWS/ES",
2482
- statistic: "Average",
2483
- period: 300,
2484
- evaluation_periods: 2,
2485
- threshold: 1,
2486
- comparison_operator: "LessThanThreshold",
2487
- dimensions: {
2488
- DomainName: resources[:opensearch_domain].domain_name
2489
- },
2490
- alarm_actions: [resources[:sns_topics][:alerts].arn],
2491
- tags: component_tags('siem_security_platform', name, attrs.tags)
2492
- })
2493
-
2494
- # Data freshness alarm
2495
- data_freshness_alarm = component_resource_name(name, :data_freshness_alarm)
2496
- resources[:alarms][:data_freshness] = aws_cloudwatch_metric_alarm(data_freshness_alarm, {
2497
- alarm_name: "siem-data-freshness-#{name}",
2498
- alarm_description: "Alert when data ingestion is delayed",
2499
- metric_name: "DeliveryToElasticsearch.DataFreshness",
2500
- namespace: "AWS/Kinesis/Firehose",
2501
- statistic: "Average",
2502
- period: 300,
2503
- evaluation_periods: 2,
2504
- threshold: 900, # 15 minutes
2505
- comparison_operator: "GreaterThanThreshold",
2506
- alarm_actions: [resources[:sns_topics][:alerts].arn],
2507
- tags: component_tags('siem_security_platform', name, attrs.tags)
2508
- })
2509
-
2510
- # High severity incident alarm
2511
- if attrs.monitoring_config[:create_alarms]
2512
- incident_alarm = component_resource_name(name, :high_severity_alarm)
2513
- resources[:alarms][:high_severity] = aws_cloudwatch_metric_alarm(incident_alarm, {
2514
- alarm_name: "siem-high-severity-incidents-#{name}",
2515
- alarm_description: "Alert on high severity security incidents",
2516
- metric_name: "HighSeverityIncidents",
2517
- namespace: "Custom/SIEM",
2518
- statistic: "Sum",
2519
- period: 300,
2520
- evaluation_periods: 1,
2521
- threshold: 1,
2522
- comparison_operator: "GreaterThanOrEqualToThreshold",
2523
- alarm_actions: [resources[:sns_topics][:alerts].arn],
2524
- tags: component_tags('siem_security_platform', name, attrs.tags)
2525
- })
2526
- end
2527
- end
2528
-
2529
- def create_dashboards(name, attrs, resources)
2530
- # Create OpenSearch dashboards via API
2531
- # This would typically be done after OpenSearch is deployed
2532
- # For now, we'll create a Lambda to configure dashboards
2533
-
2534
- dashboard_config_lambda = component_resource_name(name, :dashboard_config)
2535
- resources[:lambda_functions][:dashboard_config] = aws_lambda_function(dashboard_config_lambda, {
2536
- function_name: "siem-dashboard-config-#{name}",
2537
- runtime: "python3.11",
2538
- handler: "index.lambda_handler",
2539
- role: create_lambda_execution_role(name, "dashboard-config", attrs, resources),
2540
- timeout: 300,
2541
-
2542
- environment: {
2543
- variables: {
2544
- OPENSEARCH_ENDPOINT: resources[:opensearch_domain].endpoint,
2545
- DASHBOARDS: JSON.generate(attrs.dashboards)
2546
- }
2547
- },
2548
-
2549
- code: {
2550
- zip_file: generate_dashboard_config_code()
2551
- },
2552
-
2553
- tags: component_tags('siem_security_platform', name, attrs.tags)
2554
- })
2555
-
2556
- # Invoke Lambda to configure dashboards
2557
- aws_lambda_invocation(:"#{dashboard_config_lambda}_invoke", {
2558
- function_name: resources[:lambda_functions][:dashboard_config].function_name,
2559
- input: JSON.generate({ action: "configure_dashboards" })
2560
- })
2561
- end
2562
-
2563
- def generate_dashboard_config_code
2564
- <<~PYTHON
2565
- import json
2566
- import os
2567
- from opensearchpy import OpenSearch
2568
-
2569
- def lambda_handler(event, context):
2570
- es = OpenSearch(
2571
- hosts=[{'host': os.environ['OPENSEARCH_ENDPOINT'], 'port': 443}],
2572
- http_auth=get_auth(),
2573
- use_ssl=True,
2574
- verify_certs=True
2575
- )
2576
-
2577
- dashboards = json.loads(os.environ['DASHBOARDS'])
2578
-
2579
- for dashboard in dashboards:
2580
- create_dashboard(es, dashboard)
2581
-
2582
- return {
2583
- 'statusCode': 200,
2584
- 'body': json.dumps({
2585
- 'dashboards_created': len(dashboards)
2586
- })
2587
- }
2588
-
2589
- def create_dashboard(es, dashboard):
2590
- dashboard_type = dashboard['type']
2591
-
2592
- if dashboard_type == 'security_overview':
2593
- create_security_overview_dashboard(es, dashboard)
2594
- elif dashboard_type == 'threat_hunting':
2595
- create_threat_hunting_dashboard(es, dashboard)
2596
- elif dashboard_type == 'compliance':
2597
- create_compliance_dashboard(es, dashboard)
2598
- elif dashboard_type == 'incident_response':
2599
- create_incident_response_dashboard(es, dashboard)
2600
-
2601
- def create_security_overview_dashboard(es, config):
2602
- # Create security overview visualizations and dashboard
2603
- visualizations = [
2604
- create_events_timeline(es),
2605
- create_severity_distribution(es),
2606
- create_top_threats(es),
2607
- create_geographic_map(es)
2608
- ]
2609
-
2610
- # Create dashboard with visualizations
2611
- dashboard_body = {
2612
- 'title': config['name'],
2613
- 'panels': format_panels(visualizations),
2614
- 'refresh_interval': config.get('refresh_interval', 300)
2615
- }
2616
-
2617
- # Save dashboard
2618
- es.index(
2619
- index='.kibana',
2620
- doc_type='dashboard',
2621
- id=f"dashboard-{config['name'].replace(' ', '-').lower()}",
2622
- body=dashboard_body
2623
- )
2624
-
2625
- def create_threat_hunting_dashboard(es, config):
2626
- # Implement threat hunting dashboard
2627
- pass
2628
-
2629
- def create_compliance_dashboard(es, config):
2630
- # Implement compliance dashboard
2631
- pass
2632
-
2633
- def create_incident_response_dashboard(es, config):
2634
- # Implement incident response dashboard
2635
- pass
2636
-
2637
- def create_events_timeline(es):
2638
- # Create timeline visualization
2639
- return {
2640
- 'title': 'Security Events Timeline',
2641
- 'type': 'line',
2642
- 'query': {
2643
- 'match_all': {}
2644
- }
2645
- }
2646
-
2647
- def create_severity_distribution(es):
2648
- # Create severity distribution visualization
2649
- return {
2650
- 'title': 'Severity Distribution',
2651
- 'type': 'pie',
2652
- 'query': {
2653
- 'terms': {
2654
- 'field': 'severity.keyword'
2655
- }
2656
- }
2657
- }
2658
-
2659
- def create_top_threats(es):
2660
- # Create top threats visualization
2661
- return {
2662
- 'title': 'Top Threats',
2663
- 'type': 'horizontal_bar',
2664
- 'query': {
2665
- 'terms': {
2666
- 'field': 'threat_name.keyword',
2667
- 'size': 10
2668
- }
2669
- }
2670
- }
2671
-
2672
- def create_geographic_map(es):
2673
- # Create geographic threat map
2674
- return {
2675
- 'title': 'Threat Geographic Distribution',
2676
- 'type': 'map',
2677
- 'query': {
2678
- 'exists': {
2679
- 'field': 'source_geo.location'
2680
- }
2681
- }
2682
- }
2683
-
2684
- def format_panels(visualizations):
2685
- # Format visualizations as dashboard panels
2686
- panels = []
2687
- for i, viz in enumerate(visualizations):
2688
- panels.append({
2689
- 'visualization': viz,
2690
- 'gridData': {
2691
- 'x': (i % 2) * 24,
2692
- 'y': (i // 2) * 12,
2693
- 'w': 24,
2694
- 'h': 12
2695
- }
2696
- })
2697
- return panels
2698
-
2699
- def get_auth():
2700
- # Implement authentication
2701
- return None
2702
- PYTHON
2703
- end
2704
-
2705
- def create_integration(name, integration, attrs, resources)
2706
- # Create integration based on type
2707
- case integration[:type]
2708
- when 'soar'
2709
- create_soar_integration(name, integration, attrs, resources)
2710
- when 'threat_intel'
2711
- create_threat_intel_integration(name, integration, attrs, resources)
2712
- when 'notification'
2713
- create_notification_integration(name, integration, attrs, resources)
2714
- end
2715
- end
2716
-
2717
- def create_soar_integration(name, integration, attrs, resources)
2718
- # Create Lambda for SOAR integration
2719
- lambda_name = component_resource_name(name, :soar_integration, integration[:name])
2720
-
2721
- resources[:lambda_functions][:"soar_#{integration[:name]}"] = aws_lambda_function(lambda_name, {
2722
- function_name: "siem-soar-#{name}-#{integration[:name]}",
2723
- runtime: "python3.11",
2724
- handler: "index.lambda_handler",
2725
- role: create_lambda_execution_role(name, "soar-#{integration[:name]}", attrs, resources),
2726
- timeout: 300,
2727
-
2728
- environment: {
2729
- variables: {
2730
- SOAR_ENDPOINT: integration[:endpoint] || "",
2731
- SOAR_API_KEY_SECRET: integration[:api_key_secret_arn] || ""
2732
- }
2733
- },
2734
-
2735
- code: {
2736
- zip_file: <<~PYTHON
2737
- import json
2738
- import boto3
2739
- import os
2740
- import requests
2741
-
2742
- def lambda_handler(event, context):
2743
- # Send incident to SOAR platform
2744
- incident = event.get('incident', {})
2745
-
2746
- soar_payload = {
2747
- 'name': incident.get('name'),
2748
- 'severity': incident.get('severity'),
2749
- 'description': incident.get('description'),
2750
- 'artifacts': incident.get('indicators', []),
2751
- 'actions': incident.get('recommended_actions', [])
2752
- }
2753
-
2754
- # Send to SOAR
2755
- response = send_to_soar(soar_payload)
2756
-
2757
- return {
2758
- 'statusCode': 200,
2759
- 'body': json.dumps(response)
2760
- }
2761
-
2762
- def send_to_soar(payload):
2763
- endpoint = os.environ.get('SOAR_ENDPOINT')
2764
- api_key = get_api_key()
2765
-
2766
- if endpoint and api_key:
2767
- try:
2768
- response = requests.post(
2769
- f"{endpoint}/api/incidents",
2770
- json=payload,
2771
- headers={'Authorization': f'Bearer {api_key}'},
2772
- timeout=30
2773
- )
2774
- return response.json()
2775
- except Exception as e:
2776
- return {'error': str(e)}
2777
-
2778
- return {'error': 'Missing configuration'}
2779
-
2780
- def get_api_key():
2781
- secret_arn = os.environ.get('SOAR_API_KEY_SECRET')
2782
- if secret_arn:
2783
- client = boto3.client('secretsmanager')
2784
- response = client.get_secret_value(SecretId=secret_arn)
2785
- return json.loads(response['SecretString']).get('api_key')
2786
- return None
2787
- PYTHON
2788
- },
2789
-
2790
- tags: component_tags('siem_security_platform', name, attrs.tags)
2791
- })
2792
- end
2793
-
2794
- def create_threat_intel_integration(name, integration, attrs, resources)
2795
- # Already handled in create_threat_detection
2796
- end
2797
-
2798
- def create_notification_integration(name, integration, attrs, resources)
2799
- # Create SNS topic for notifications if not exists
2800
- topic_name = component_resource_name(name, :notification, integration[:name])
2801
- resources[:sns_topics][integration[:name].to_sym] = aws_sns_topic(topic_name, {
2802
- name: "siem-notify-#{name}-#{integration[:name]}",
2803
- kms_master_key_id: resources[:kms_keys][:main].id,
2804
- tags: component_tags('siem_security_platform', name, attrs.tags)
2805
- })
2806
-
2807
- # Subscribe endpoint if provided
2808
- if integration[:endpoint]
2809
- aws_sns_topic_subscription(:"#{topic_name}_subscription", {
2810
- topic_arn: resources[:sns_topics][integration[:name].to_sym].arn,
2811
- protocol: integration[:endpoint].start_with?('http') ? 'https' : 'email',
2812
- endpoint: integration[:endpoint]
2813
- })
2814
- end
2815
- end
2816
-
2817
- def calculate_siem_security_score(attrs)
2818
- score = 100
2819
-
2820
- # Deduct points for missing features
2821
- score -= 5 unless attrs.threat_detection[:enable_ml_detection]
2822
- score -= 5 unless attrs.threat_detection[:enable_behavior_analytics]
2823
- score -= 5 unless attrs.incident_response[:enable_automated_response]
2824
- score -= 5 unless attrs.compliance_config[:enable_compliance_reporting]
2825
- score -= 5 unless attrs.security_config[:enable_encryption_at_rest]
2826
- score -= 5 unless attrs.security_config[:enable_fine_grained_access]
2827
- score -= 10 unless attrs.threat_detection[:threat_intel_feeds].any?
2828
-
2829
- # Add points for advanced features
2830
- score += 5 if attrs.analytics_config[:enable_ueba]
2831
- score += 5 if attrs.incident_response[:enable_forensics_collection]
2832
- score += 5 if attrs.scaling_config[:enable_auto_scaling]
2833
-
2834
- [score, 100].min
2835
- end
2836
-
2837
- def generate_siem_compliance_status(attrs)
2838
- status = {}
2839
-
2840
- attrs.compliance_config[:frameworks].each do |framework|
2841
- status[framework] = {
2842
- compliant: true,
2843
- last_assessment: Time.now.iso8601,
2844
- evidence_collected: attrs.compliance_config[:evidence_collection],
2845
- report_available: attrs.compliance_config[:enable_compliance_reporting],
2846
- next_report: calculate_next_report_date(attrs.compliance_config[:report_schedule])
2847
- }
2848
- end
2849
-
2850
- status
2851
- end
2852
-
2853
- def calculate_next_report_date(schedule)
2854
- case schedule
2855
- when 'daily'
2856
- (Time.now + 86400).iso8601
2857
- when 'weekly'
2858
- (Time.now + 604800).iso8601
2859
- when 'monthly'
2860
- (Time.now + 2592000).iso8601
2861
- else
2862
- nil
2863
- end
2864
- end
2865
-
2866
- def aws_region
2867
- 'us-east-1'
2868
- end
2869
-
2870
- def aws_account_id
2871
- '123456789012'
100
+
101
+ def opensearch_dashboard_url(resources)
102
+ return nil unless resources[:opensearch_domain]
103
+
104
+ "https://#{resources[:opensearch_domain].endpoint}/_dashboards/"
2872
105
  end
2873
-
106
+
2874
107
  include Base
2875
108
  end
2876
109
  end
2877
- end
110
+ end