[Integration][AWS-V2] Add Support For S3 Resource As Standalone Exporter

[mk-armah]

User description

Description

What - Added Support For AWS S3 Exporter

Why -

How -

Type of change

Please leave one option from the following and delete the rest:

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• New Integration (non-breaking change which adds a new integration)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Non-breaking change (fix of existing functionality that will not change current behavior)
• Documentation (added/updated documentation)

All tests should be run against the port production environment(using a testing org).

Core testing checklist

• Integration able to create all default resources from scratch
• Resync finishes successfully
• Resync able to create entities
• Resync able to update entities
• Resync able to detect and delete entities
• Scheduled resync able to abort existing resync and start a new one
• Tested with at least 2 integrations from scratch
• Tested with Kafka and Polling event listeners
• Tested deletion of entities that don't pass the selector

Integration testing checklist

• Integration able to create all default resources from scratch
• Resync able to create entities
• Resync able to update entities
• Resync able to detect and delete entities
• Resync finishes successfully
• If new resource kind is added or updated in the integration, add example raw data, mapping and expected result to the examples folder in the integration directory.
• If resource kind is updated, run the integration with the example data and check if the expected result is achieved
• If new resource kind is added or updated, validate that live-events for that resource are working as expected
• Docs PR link here

Preflight checklist

• Handled rate limiting
• Handled pagination
• Implemented the code in async
• Support Multi account

Screenshots

Include screenshots from your environment showing how the resources of the integration will look.

API Documentation

Provide links to the API documentation used for this integration.

---

PR Type

Enhancement

---

Description

• Add S3 resource exporter with standalone architecture

• Replace CloudControl sync with declarative exporters

• Implement S3 bucket inspection with detailed attributes

• Refactor core utilities and interfaces

---

Diagram Walkthrough

flowchart LR
  A["CloudControl Sync"] --> B["Declarative Exporters"]
  B --> C["S3 Bucket Exporter"]
  C --> D["S3 Inspector"]
  D --> E["S3 Actions"]
  F["Core Utils"] --> G["Helper Utils"]
  H["Interfaces"] --> I["Action Interface"]
  H --> J["Exporter Interface"]

Loading

File Walkthrough

	Relevant files

---

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Error Handling The _run_action method catches all exceptions and returns an empty dict, which could mask important errors and make debugging difficult. Consider more specific exception handling or at least logging the exception details. async def _run_action(self, action: IAction, bucket_name: str) -> Dict[str, Any]: try: data = await action.execute(bucket_name) except Exception as e: logger.warning(f"{action.__class__.__name__} failed: {e}") return {} return data Logic Issue The function returns after the first successful region in the loop, but continues to the next region on access denied. This could lead to incomplete resource collection if some regions succeed and others fail with different errors. return except Exception as e: if is_access_denied_exception(e): logger.warning( f"Access denied in region '{region}' for kind '{kind}', skipping." ) continue else: raise e Resource Leak The __aexit__ method calls __aexit__ on the client but doesn't properly handle the context manager cleanup. The client context manager should be properly exited using the stored context manager reference. async def __aexit__(self, exc_type: Any, exc: Any, tb: Any) -> None: if self._base_client: await self._base_client.__aexit__(exc_type, exc, tb)

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Fix context manager cleanup The aexit method should call the context manager's aexit method instead of the client's. The client context manager is stored in self._client_cm and should be properly closed. integrations/aws-v3/aws/core/client/proxy.py [31-33] async def __aexit__(self, exc_type: Any, exc: Any, tb: Any) -> None: - if self._base_client: - await self._base_client.__aexit__(exc_type, exc, tb) + if hasattr(self, '_client_cm'): + await self._client_cm.__aexit__(exc_type, exc, tb) Apply / Chat Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies a resource leak bug where __aexit__ is called on the client object instead of the client context manager, preventing proper resource cleanup.	High
General	Add warning for inaccessible regions The function returns after the first successful region, but if all regions fail with access denied, no warning is logged. Add a final check to warn when no regions are accessible. integrations/aws-v3/main.py [16-35] async def _handle_global_resource_resync( kind: str, regions: List[str], options_factory: Callable[[str], Any], exporter: IResourceExporter, ) -> ASYNC_GENERATOR_RESYNC_TYPE: for region in regions: try: options = options_factory(region) async for batch in exporter.get_paginated_resources(options): yield batch return except Exception as e: if is_access_denied_exception(e): logger.warning( f"Access denied in region '{region}' for kind '{kind}', skipping." ) continue else: raise e + logger.warning(f"No accessible regions found for kind '{kind}'") Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion improves observability by adding a warning log if all regions fail due to access issues, which is a useful addition for debugging permissions.	Low
Update

[shalev007]

Looks beautiful I really like the OOP approach, but I missing the tests since we already implemented a DI to all the classes

[shalev007]

Why is this an internal function?

[shalev007]

feels kinda general, might be a good idea to abstract it so we won't have to repeat it on every resource

[shalev007]

Are we strictly following the CloudControl properties?

[mk-armah]

We are trying following CloudFormation's recommendation to packages implementing API composition (e.g Cloud Control) should structure the models

[shalev007]

Like

[shalev007]

Shouldn't this be a global thing?

[mk-armah]

Right!

[shalev007]

Why do we separate them if we merge them when used?

[shalev007]

Looks like it should be a global thing / inherit an abstract or something

[shalev007]

💡 - maybe it'll be worthwhile to save the errors for later as well, that'll give us more control on what to do with them later (showing them to clients in the logs, reporting back to port, remediations, etc...)

[shalev007]

Maybe I'm just confused from all the code, but I don't think errors will end up here since they're being caught internally in the inspector

[mk-armah]

You are right

[shalev007]

Nice