Skip to main content

Mapping Extra Resources

As you've probably looked at the Examples page, you've noticed that the AWS Integration supports some AWS resources, but most of them are documented in the Examples page.

This page will help you understand what kind of AWS resources are supported by the AWS integration and how to map them into Port.

Is the resource supported by the AWS Integration?

The AWS Integration is relying on AWS's Cloud Control API. That means:

Mapping the resource to Port

After you've found the resource in the Cloud Asset Supported Resources, you can map it to Port by following these steps:

Blueprint

Create a Port blueprint definition for the resource. The blueprint definition is based on the resource API specified per asset type. A few examples:

ECS Service Blueprint
{
"identifier": "ecsService",
"description": "This blueprint represents an AWS ECS Service in our software catalog",
"title": "ECS Service",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"desiredCount": {
"type": "number",
"title": "Desired Count"
},
"taskDefinition": {
"type": "string",
"title": "Task Definition"
},
"launchType": {
"type": "string",
"enum": ["EC2", "FARGATE", "EXTERNAL"],
"title": "Launch Type"
},
"schedulingStrategy": {
"type": "string",
"enum": ["REPLICA", "DAEMON"],
"title": "Scheduling Strategy"
},
"loadBalancers": {
"type": "array",
"title": "Load Balancers"
},
"securityGroups": {
"type": "array",
"title": "Security Groups"
},
"subnets": {
"type": "array",
"title": "Subnets"
},
"iamRole": {
"type": "string",
"format": "url",
"title": "IAM Role",
"icon": "Unlock"
},
"arn": {
"type": "string",
"title": "ARN"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
SQS Blueprint
{
"identifier": "sqs",
"description": "This blueprint represents an AWS SQS service in our software catalog",
"title": "SQS",
"icon": "AWS",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}
Lambda Blueprint
{
"identifier": "lambda",
"description": "This blueprint represents an AWS Lambda function in our software catalog",
"title": "Lambda",
"icon": "Lambda",
"schema": {
"properties": {
"link": {
"type": "string",
"format": "url",
"title": "Link"
},
"description": {
"type": "string",
"title": "Description"
},
"memorySize": {
"type": "number",
"title": "Memory Size"
},
"ephemeralStorageSize": {
"type": "number",
"title": "Ephemeral Storage Size"
},
"timeout": {
"type": "number",
"title": "Timeout"
},
"runtime": {
"type": "string",
"title": "Runtime"
},
"packageType": {
"type": "string",
"enum": ["Image", "Zip"],
"title": "Package Type"
},
"environment": {
"type": "object",
"title": "Environment"
},
"architectures": {
"type": "array",
"items": {
"type": "string",
"enum": ["x86_64", "arm64"]
},
"title": "Architectures"
},
"layers": {
"type": "array",
"title": "Layers"
},
"tags": {
"type": "array",
"title": "Tags"
},
"iamRole": {
"type": "string",
"format": "url",
"title": "IAM Role",
"icon": "Unlock"
},
"arn": {
"type": "string",
"title": "ARN"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"account": {
"title": "Account",
"target": "awsAccount",
"required": true,
"many": false
}
}
}

Integration configuration

Create an integration configuration for the resource. The integration configuration is a YAML file that describes the ETL process to load data into the developer portal.

Mapping Configuration for ECS Service, AppRunner, Lambda, SQS
resources:
- kind: AWS::Lambda::Function
selector:
query: 'true'
port:
entity:
mappings:
identifier: .Identifier
title: .Properties.FunctionName
blueprint: '"lambda"'
properties:
kind: .__Kind
region: .__Region
link: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Arn"
description: .Properties.Description
memorySize: .Properties.MemorySize
ephemeralStorageSize: .Properties.EphemeralStorage.Size
timeout: .Properties.Timeout
runtime: .Properties.Runtime
packageType: .Properties.PackageType
environment: .Properties.Environment
architectures: .Properties.Architectures
layers: .Properties.Layers
tags: .Properties.Tags
iamRole: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Role"
arn: .Properties.Arn
relations:
account: .__AccountId
- kind: AWS::ECS::Service
selector:
query: 'true'
port:
entity:
mappings:
identifier: .Identifier | split(":")[5] | split("/")[2] | split("|")[0]
title: .Identifier
blueprint: '"ecsService"'
properties:
kind: .__Kind
region: .__Region
link: >-
'https://console.aws.amazon.com/go/view?arn=' +
.Properties.ServiceArn
desiredCount: .Properties.DesiredCount
launchType: .Properties.LaunchType
cluster: .Properties.Cluster
schedulingStrategy: .Properties.SchedulingStrategy
loadBalancers: .Properties.LoadBalancers
securityGroups: >-
.Properties.NetworkConfiguration.AwsvpcConfiguration.SecurityGroups
subnets: .Properties.NetworkConfiguration.AwsvpcConfiguration.Subnets
taskDefinition: .Properties.TaskDefinition
iamRole: >-
.Role | if . == null then null else
'https://console.aws.amazon.com/go/view?arn=' + . end
arn: .Properties.ServiceArn
relations:
account: .__AccountId
- kind: AWS::SQS::Queue
selector:
query: 'true'
port:
entity:
mappings:
identifier: .Identifier | split("/")[4]
title: .Properties.QueueUrl | split("/")[4]
blueprint: '"sqs"'
properties:
kind: .__Kind
region: .__Region
link: .Properties.QueueUrl
relations:
account: .__AccountId

The integration configuration structure

  • The kind field describes the AWS resource type to be ingested into Port. The kind field should be set to the AWS resource type as it appears in the supported resources guide. e.g. The resource type for the Lambda is AWS::Lambda::Function

    resources:
    - kind: AWS::Lambda::Function
    selector:
    ...
  • The selector field describes the AWS resource selection criteria.

    	resources:
    - kind: AWS::Lambda::Function
    selector:
    query: "true" # JQ boolean expression. If evaluated to false - this object will be skipped.
    port:
    • The query field is a JQ boolean query, if evaluated to false - the resource will be skipped. Example use case - skip syncing resources that are not in a specific region.
      query: .location == "global"
  • The port field describes the Port entity to be created from the AWS resource.

    resources:
    - kind: AWS::Lambda::Function
    selector:
    query: 'true' # JQ boolean query. If evaluated to false - skip syncing the object.
    port:
    entity:
    mappings: # Mappings between one AWS object to a Port entity. Each value is a JQ query.
    identifier: '.Identifier'
    title: '.Properties.FunctionName'
    blueprint: 'lambda'
    properties:
    kind: '.__Kind'
    region: '.__Region'
    link: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Arn"
    description: '.Properties.Description'
    memorySize: '.Properties.MemorySize'
    ephemeralStorageSize: '.Properties.EphemeralStorage.Size'
    timeout: '.Properties.Timeout'
    runtime: '.Properties.Runtime'
    packageType: '.Properties.PackageType'
    environment: '.Properties.Environment'
    architectures: '.Properties.Architectures'
    layers: '.Properties.Layers'
    tags: '.Properties.Tags'
    iamRole: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Role"
    arn: '.Properties.Arn'
    relations:
    account: '.__AccountId'
    • The entity field describes the Port entity to be created from the AWS resource.

      • The mappings field describes the mapping between the AWS resource and the Port entity.

        • The identifier field describes the AWS resource identifier. This field is required for all resources.

          mappings:
          identifier: '.Identifier'
        • The title field describes the AWS resource title. This field is required for all resources.

          mappings:
          title: '.Properties.FunctionName'
        • The blueprint field describes the Port blueprint to be used to create the Port entity. This field is required for all resources.

          mappings:
          blueprint: '"lambda"'
        • The properties field describes the AWS resource properties to be mapped to the Port

          	mappings:
          identifier: ".id"
          title: ".name"
          blueprint: '"gcpComputeInstance"'
          properties:
          kind: '.__Kind'
          region: '.__Region'
          link: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Arn"
          description: '.Properties.Description'
          memorySize: '.Properties.MemorySize'
          ephemeralStorageSize: '.Properties.EphemeralStorage.Size'
          timeout: '.Properties.Timeout'
          runtime: '.Properties.Runtime'
          packageType: '.Properties.PackageType'
          environment: '.Properties.Environment'
          architectures: '.Properties.Architectures'
          layers: '.Properties.Layers'
          tags: '.Properties.Tags'
          iamRole: "'https://console.aws.amazon.com/go/view?arn=' + .Properties.Role"
          arn: '.Properties.Arn'
          relations:
          account: '.__AccountId'
      tip

      To get an example of the AWS resource properties, you can use the AWS Cloud Control API to get the resource properties.

      For example for the AWS::Lambda::Function resource, you can use the following command to get the resource properties:

      aws cloudcontrol list-resources --type-name AWS::Lambda::Function --max-items 1 | jq .ResourceDescriptions