Mapping Extra Resources
As you've probably looked at the Examples page, you've noticed that the AWS Integration supports some AWS resources, but most of them are documented in the Examples page.
This page will help you understand what kind of AWS resources are supported by the AWS integration and how to map them into Port.
Is the resource supported by the AWS Integration?
The AWS Integration is relying on AWS's Cloud Control API. That means:
- Does the type of resource I want to injest listed here?
- If Yes, It's supported!
- If not, please contact us, or add the support to the integration yourself
Mapping the resource to Port
After you've found the resource in the Cloud Asset Supported Resources, you can map it to Port by following these steps:
Blueprint
Create a Port blueprint definition for the resource. The blueprint definition is based on the resource API specified per asset type. A few examples:
ECS Service Blueprint
{
"identifier": "ecsService",
"description": "This blueprint represents an AWS ECS Service in our software catalog",
"title": "ECS Service",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"desiredCount": {
"type": "number",
"title": "Desired Count"
},
"taskDefinition": {
"type": "string",
"title": "Task Definition"
},
"launchType": {
"type": "string",
"enum": ["EC2", "FARGATE", "EXTERNAL"],
"title": "Launch Type"
},
"schedulingStrategy": {
"type": "string",
"enum": ["REPLICA", "DAEMON"],
"title": "Scheduling Strategy"
},
"loadBalancers": {
"type": "array",
"title": "Load Balancers"
},
"securityGroups": {
"type": "array",
"title": "Security Groups"
},
"subnets": {
"type": "array",
"title": "Subnets"
},
"iamRole": {
"type": "string",
"format": "url",
"title": "IAM Role",
"icon": "Unlock"
},
"arn": {
"type": "string",
"title": "ARN"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
SQS Blueprint
{
"identifier": "sqs",
"description": "This blueprint represents an AWS SQS service in our software catalog",
"title": "SQS",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
Lambda Blueprint
{
"identifier": "lambda",
"description": "This blueprint represents an AWS Lambda function in our software catalog",
"title": "Lambda",
"icon": "Lambda",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"description": {
"type": "string",
"title": "Description"
},
"memorySize": {
"type": "number",
"title": "Memory Size"
},
"ephemeralStorageSize": {
"type": "number",
"title": "Ephemeral Storage Size"
},
"timeout": {
"type": "number",
"title": "Timeout"
},
"runtime": {
"type": "string",
"title": "Runtime"
},
"packageType": {
"type": "string",
"enum": ["Image", "Zip"],
"title": "Package Type"
},
"environment": {
"type": "object",
"title": "Environment"
},
"architectures": {
"type": "array",
"items": {
"type": "string",
"enum": ["x86_64", "arm64"]
},
"title": "Architectures"
},
"layers": {
"type": "array",
"title": "Layers"
},
"tags": {
"type": "array",
"title": "Tags"
},
"iamRole": {
"type": "string",
"format": "url",
"title": "IAM Role",
"icon": "Unlock"
},
"arn": {
"type": "string",
"title": "ARN"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
Integration configuration
Create an integration configuration for the resource. The integration configuration is a YAML file that describes the ETL process to load data into the developer portal.
Mapping Configuration for ECS Service, AppRunner, Lambda, SQS
resources:
- kind: AWS::Lambda::Function
selector:
query: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.FunctionName
blueprint: '"lambda"'
properties:
kind: .__Kind
region: .__Region
link: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Arn"
description: .Properties.Description
memorySize: .Properties.MemorySize
ephemeralStorageSize: .Properties.EphemeralStorage.Size
timeout: .Properties.Timeout
runtime: .Properties.Runtime
packageType: .Properties.PackageType
environment: .Properties.Environment
architectures: .Properties.Architectures
layers: .Properties.Layers
tags: .Properties.Tags
iamRole: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Role"
arn: .Properties.Arn
relations:
account: .__AccountId
- kind: AWS::ECS::Service
selector:
query: 'true'
port:
entity:
mappings:
identifier: .Identifier | split(":")[5] | split("/")[2] | split("|")[0]
title: .Identifier
blueprint: '"ecsService"'
properties:
kind: .__Kind
region: .__Region
link: >-
'https://console.aws.amazon.com/go/view?arn=' +
.Properties.ServiceArn
desiredCount: .Properties.DesiredCount
launchType: .Properties.LaunchType
cluster: .Properties.Cluster
schedulingStrategy: .Properties.SchedulingStrategy
loadBalancers: .Properties.LoadBalancers
securityGroups: >-
.Properties.NetworkConfiguration.AwsvpcConfiguration.SecurityGroups
subnets: .Properties.NetworkConfiguration.AwsvpcConfiguration.Subnets
taskDefinition: .Properties.TaskDefinition
iamRole: >-
.Role | if . == null then null else
'https://console.aws.amazon.com/go/view?arn=' + . end
arn: .Properties.ServiceArn
relations:
account: .__AccountId
- kind: AWS::SQS::Queue
selector:
query: 'true'
port:
entity:
mappings:
identifier: .Identifier | split("/")[4]
title: .Properties.QueueUrl | split("/")[4]
blueprint: '"sqs"'
properties:
kind: .__Kind
region: .__Region
link: .Properties.QueueUrl
relations:
account: .__AccountId
The integration configuration structure
-
The
kind
field describes the AWS resource type to be ingested into Port. Thekind
field should be set to the AWS resource type as it appears in the supported resources guide. e.g. The resource type for theLambda
isAWS::Lambda::Function
resources:
- kind: AWS::Lambda::Function
selector:
... -
The
selector
field describes the AWS resource selection criteria.resources:
- kind: AWS::Lambda::Function
selector:
query: "true" # JQ boolean expression. If evaluated to false - this object will be skipped.
port:- The
query
field is a JQ boolean query, if evaluated tofalse
- the resource will be skipped. Example use case - skip syncing resources that are not in a specific region.query: .location == "global"
- The
-
The
port
field describes the Port entity to be created from the AWS resource.resources:
- kind: AWS::Lambda::Function
selector:
query: 'true' # JQ boolean query. If evaluated to false - skip syncing the object.
port:
entity:
mappings: # Mappings between one AWS object to a Port entity. Each value is a JQ query.
identifier: '.Identifier'
title: '.Properties.FunctionName'
blueprint: 'lambda'
properties:
kind: '.__Kind'
region: '.__Region'
link: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Arn"
description: '.Properties.Description'
memorySize: '.Properties.MemorySize'
ephemeralStorageSize: '.Properties.EphemeralStorage.Size'
timeout: '.Properties.Timeout'
runtime: '.Properties.Runtime'
packageType: '.Properties.PackageType'
environment: '.Properties.Environment'
architectures: '.Properties.Architectures'
layers: '.Properties.Layers'
tags: '.Properties.Tags'
iamRole: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Role"
arn: '.Properties.Arn'
relations:
account: '.__AccountId'-
The
entity
field describes the Port entity to be created from the AWS resource.-
The
mappings
field describes the mapping between the AWS resource and the Port entity.-
The
identifier
field describes the AWS resource identifier. This field is required for all resources.mappings:
identifier: '.Identifier' -
The
title
field describes the AWS resource title. This field is required for all resources.mappings:
title: '.Properties.FunctionName' -
The
blueprint
field describes the Port blueprint to be used to create the Port entity. This field is required for all resources.mappings:
blueprint: '"lambda"' -
The
properties
field describes the AWS resource properties to be mapped to the Portmappings:
identifier: ".id"
title: ".name"
blueprint: '"gcpComputeInstance"'
properties:
kind: '.__Kind'
region: '.__Region'
link: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Arn"
description: '.Properties.Description'
memorySize: '.Properties.MemorySize'
ephemeralStorageSize: '.Properties.EphemeralStorage.Size'
timeout: '.Properties.Timeout'
runtime: '.Properties.Runtime'
packageType: '.Properties.PackageType'
environment: '.Properties.Environment'
architectures: '.Properties.Architectures'
layers: '.Properties.Layers'
tags: '.Properties.Tags'
iamRole: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Role"
arn: '.Properties.Arn'
relations:
account: '.__AccountId'
-
tipTo get an example of the AWS resource properties, you can use the AWS Cloud Control API to get the resource properties.
For example for the
AWS::Lambda::Function
resource, you can use the following command to get the resource properties:aws cloudcontrol list-resources --type-name AWS::Lambda::Function --max-items 1 | jq .ResourceDescriptions
-
-