[aws][fix] Add edge from IAM instance profile to EC2 instance (#2045)

* [aws][fix] Add edge from IAM instance profile to EC2 instance * Remove wrong dependency and circular reference * black
someengineering · Apr 26, 2024 · 98e6f20 · 98e6f20
1 parent 1eac7bb
commit 98e6f20
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/plugins/aws/fix_plugin_aws/resource/ec2.py b/plugins/aws/fix_plugin_aws/resource/ec2.py
@@ -21,6 +21,7 @@
 )
 from fix_plugin_aws.resource.kms import AwsKmsKey
 from fix_plugin_aws.resource.s3 import AwsS3Bucket
+from fix_plugin_aws.resource.iam import AwsIamInstanceProfile
 from fix_plugin_aws.utils import ToDict, TagsValue, MetricNormalization
 from fixlib.baseresources import (
     BaseInstance,
@@ -1253,7 +1254,7 @@ class AwsEc2Instance(EC2Taggable, AwsResource, BaseInstance):
     api_spec: ClassVar[AwsApiSpec] = AwsApiSpec(service_name, "describe-instances", "Reservations")
     reference_kinds: ClassVar[ModelReference] = {
         "predecessors": {
-            "default": ["aws_vpc", "aws_subnet", "aws_ec2_image"],
+            "default": ["aws_vpc", "aws_subnet", "aws_ec2_image", "aws_iam_instance_profile"],
             "delete": ["aws_ec2_keypair", "aws_vpc", "aws_subnet"],
         },
         "successors": {"default": ["aws_ec2_keypair"]},
@@ -1579,6 +1580,8 @@ def connect_in_graph(self, builder: GraphBuilder, source: Json) -> None:
             builder.add_edge(self, reverse=True, clazz=AwsEc2Image, id=image_id)
         if lt_id := self.tags.get("aws:ec2launchtemplate:id"):
             builder.add_edge(self, reverse=True, clazz=AwsEc2LaunchTemplate, id=lt_id)
+        if iam_profile := self.instance_iam_instance_profile:
+            builder.add_edge(self, reverse=True, clazz=AwsIamInstanceProfile, arn=iam_profile.arn)
 
     def delete_resource(self, client: AwsClient, graph: Graph) -> bool:
         if self.instance_status == InstanceStatus.TERMINATED:

diff --git a/plugins/aws/fix_plugin_aws/resource/iam.py b/plugins/aws/fix_plugin_aws/resource/iam.py
@@ -7,7 +7,6 @@
 
 from fix_plugin_aws.aws_client import AwsClient
 from fix_plugin_aws.resource.base import AwsResource, GraphBuilder, AwsApiSpec, parse_json
-from fix_plugin_aws.resource.ec2 import AwsEc2IamInstanceProfile
 from fix_plugin_aws.utils import ToDict
 from fixlib.baseresources import (
     BaseCertificate,
@@ -147,9 +146,7 @@ class AwsIamRole(AwsResource):
     def connect_in_graph(self, builder: GraphBuilder, source: Json) -> None:
         # connect to instance profiles for this role
         for profile in bend(S("InstanceProfileList", default=[]), source):
-            builder.dependant_node(
-                self, clazz=AwsEc2IamInstanceProfile, delete_same_as_default=True, arn=profile["Arn"]
-            )
+            builder.dependant_node(self, clazz=AwsIamInstanceProfile, delete_same_as_default=True, arn=profile["Arn"])
         # connect to attached policies for this role
         for profile in bend(S("AttachedManagedPolicies", default=[]), source):
             builder.dependant_node(self, clazz=AwsIamPolicy, delete_same_as_default=True, arn=profile["PolicyArn"])