From efe383f3e17c4e757c7370cb1df30f5428fc615b Mon Sep 17 00:00:00 2001
From: Jon Michaelchuck <5964742+jbmchuck@users.noreply.github.com>
Date: Wed, 20 Dec 2023 13:45:06 -0800
Subject: [PATCH] Support the `ignored_resources` config in sfn_scan_account.py
 (#217)

---
 bin/sfn_scan_account.py | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/bin/sfn_scan_account.py b/bin/sfn_scan_account.py
index 931a39c..2ededb0 100755
--- a/bin/sfn_scan_account.py
+++ b/bin/sfn_scan_account.py
@@ -2,10 +2,11 @@
 """ScanAccount StepFunction Lambda
 Scan a single AWS account and write output to S3."""
 import logging
-from typing import Any, Dict
+from typing import Any, Dict, List, Type
 
 from pydantic import BaseModel
 
+from altimeter.aws.resource.resource_spec import AWSResourceSpec
 from altimeter.aws.resource_service_region_mapping import AWSResourceRegionMappingRepository
 from altimeter.aws.scan.account_scanner import AccountScanner
 from altimeter.aws.scan.scan_plan import AccountScanPlan
@@ -37,12 +38,23 @@ def lambda_handler(event: Dict[str, Any], _: Any) -> Dict[str, Any]:
         aws_resource_region_mapping_repo=account_scan_input.aws_resource_region_mapping_repo,
         accessor=account_scan_input.config.accessor,
     )
+    if account_scan_input.config.scan.ignored_resources:
+        resource_spec_classes_list: List[Type[AWSResourceSpec]] = []
+        for resource_spec_class in DEFAULT_RESOURCE_SPEC_CLASSES:
+            if (
+                resource_spec_class.get_full_type_name()
+                not in account_scan_input.config.scan.ignored_resources
+            ):
+                resource_spec_classes_list.append(resource_spec_class)
+        resource_spec_classes = tuple(resource_spec_classes_list)
+    else:
+        resource_spec_classes = DEFAULT_RESOURCE_SPEC_CLASSES
     account_scanner = AccountScanner(
         account_scan_plan=account_scan_plan,
         artifact_writer=artifact_writer,
         max_svc_scan_threads=account_scan_input.config.concurrency.max_svc_scan_threads,
         scan_sub_accounts=account_scan_input.config.scan.scan_sub_accounts,
-        resource_spec_classes=DEFAULT_RESOURCE_SPEC_CLASSES,
+        resource_spec_classes=resource_spec_classes,
     )
     scan_results = account_scanner.scan()
     return scan_results.dict()