This document outlines the steps required to add a new component to the EPM Component Discovery process. Follow the instructions carefully to ensure successful integration.
Before proceeding with the steps below, ensure the following prerequisites are met:
slug
attribute that matches the slug of the component defined in the content management workflow.Create a SQL Query File: Write a SQL query that adheres to the required structure for EPM compliance. Save the query as a .sql
file in the resources/compliance.assets.sql/
directory.
Mandatory Output Fields: Ensure your query includes the following mandatory fields, each serving a critical role in the component discovery process:
utilizingService
(String): This field identifies the service that the component instance belongs to. This association is crucial because it determines which service the component instance rolls up to. Ensure this field is extracted accurately, as incorrect associations can lead to misalignment in compliance reporting.
resourceName
(String): This represents the component's name and is used to determine uniqueness. Be cautious with how this name is generated:
resourceName
changes between runs (e.g., due to dynamic name generation), it can result in loss of previous evaluations of any Component Instance Responsibilities (CIRs). Consistent naming ensures continuity in evaluations and historical data.arn
(String): The Amazon Resource Name (ARN) uniquely identifies the component and is critical for integration with assessment processes. Any changes or inaccuracies in ARN formatting can disrupt assessment integration, so ensure this field is correctly extracted.
Example Query Structure: Use the following example as a guide for your query structure, ensuring all mandatory fields are included:
1 2WITH unique_assets_S3 AS ( SELECT arn, awsAccountId, awsRegion, resourceType, resourcename as resourceName, CASE WHEN get_json_object(tags, '$.environment_type')= 'prod' OR get_json_object(tags, '$.environment') ILIKE '%Prod%' THEN 'prod' ELSE 'unknown' END AS environment, COALESCE(get_json_object(supplementaryconfiguration, '$.ServerSideEncryptionConfiguration')) AS config, COALESCE(get_json_object(tags, '$.micros_service_id'), get_json_object(tags, '$.service_name'), get_json_object(tags, '$.name')) AS utilizingService, resourceId, hour, ROW_NUMBER() OVER (PARTITION BY ARN ORDER BY hour DESC) AS row_number FROM zone_ceng.case_data_spark WHERE YEAR >= date_format(CURRENT_TIMESTAMP - interval '3' HOUR, "yyyy") AND YEAR <= date_format(CURRENT_TIMESTAMP - interval '1' HOUR, "yyyy") AND MONTH >= date_format(CURRENT_TIMESTAMP - interval '3' HOUR, "yyyy-MM") AND MONTH <= date_format(CURRENT_TIMESTAMP - interval '1' HOUR, "yyyy-MM") AND DAY >= date_format(CURRENT_TIMESTAMP - interval '3' HOUR, "yyyy-MM-dd") AND DAY <= date_format(CURRENT_TIMESTAMP - interval '1' HOUR, "yyyy-MM-dd") AND HOUR BETWEEN date_format(CURRENT_TIMESTAMP - interval '3' HOUR, "yyyy-MM-dd'T'HH") AND date_format(CURRENT_TIMESTAMP - interval '1' HOUR, "yyyy-MM-dd'T'HH") AND service = 'S3' AND resource = 'Bucket' AND awsaccountid not in (select id from zone_ceng.aws_accounts where platform = 'PaaS') ) SELECT arn, awsAccountId, awsRegion, resourceType, resourceName, environment, utilizingService, resourceId, hour, config, get_json_object(config, '$.rules[0].applyServerSideEncryptionByDefault.sseAlgorithm') IN ('aws:kms', 'AES256') as status FROM unique_assets_S3 WHERE row_number = 1 AND arn NOT LIKE 'arn:aws:s3:::atl-vault-backup--%'
Common Gotchas:
Update the ComponentDiscoveryConfig: Define a bean for the new component in the ComponentDiscoveryConfig
class.
ComponentConfiguration
object for the new component.Example Bean Definition:
1 2@Bean fun newComponent(): ComponentConfiguration { return ComponentConfiguration( ComplianceAsset.NEW_COMPONENT, // Replace with actual ComplianceAsset NewComponentProcessor(), // Replace with actual processor class "New Component Type" // Replace with actual component type ) }
Map the Component in the Asset to Query Name Map:
assetToQueryNameMap
.Create a Processor Class: Implement a new processor class for the component.
Example Processor Implementation:
1 2class NewComponentProcessor : ComponentProcessor { // Implement processor logic here }
By following these steps, you can successfully add a new component to the EPM Component Discovery process.
Rate this page: