UNPKG

@cloud-copilot/iam-collect

Version:

Collect IAM information from AWS Accounts

github.com/cloud-copilot/iam-collect

cloud-copilot/iam-collect

71 lines 2.95 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
import { type AwsCredentialIdentity, type IdentityProvider, type RuntimeConfigIdentityProvider } from '@aws-sdk/types'; import { type AuthConfig } from '../config/config.js'; /** * Credentials with additional metadata, including the AWS account ID and partition. */ export interface AwsCredentialIdentityWithMetaData extends AwsCredentialIdentity { /** * The AWS partition (e.g., 'aws', 'aws-cn', 'aws-us-gov'). */ partition: string; /** * The AWS account ID associated with these credentials. */ accountId: string; } type AwsCredentialProviders = IdentityProvider<AwsCredentialIdentity> | RuntimeConfigIdentityProvider<AwsCredentialIdentity>; export type AwsCredentialProviderWithMetaData = { provider: AwsCredentialProviders; /** * The AWS partition (e.g., 'aws', 'aws-cn', 'aws-us-gov'). */ partition: string; /** * The AWS account ID associated with these credentials. */ accountId: string; /** * A unique cache key for these credentials. */ cacheKey: string; }; /** * What time is it now? * * This exists to make unit tests of caching behavior easier. * * @returns the current timestamp in milliseconds since the Unix epoch */ export declare function now(): number; /** * Get brand new credentials for the given account ID and auth configuration. * * DO NOT USE THIS DIRECTLY. Use `getCredentials` in `auth.ts` instead * * @param accountId the AWS account ID for which to get credentials * @param authConfig the authentication configuration to use for the account * @returns new credentials based on the provided account ID and auth configuration */ export declare function getNewCredentials(accountId: string, authConfig: AuthConfig | undefined): Promise<AwsCredentialProviderWithMetaData>; /** * This gets a new set of initial credentials for an auth configuration. These are the initial * credentials that are the default credentials are used to then assume a role if one is specified. * There are very few cases where this should be used directly, and in most cases you should use * getNewCredentials instead. * * @param authConfig the authentication configuration to use * @param logInfo any additional information to log while getting the credentials * @returns new credentials based on the provided auth configuration */ export declare function getNewInitialCredentials(authConfig: AuthConfig | undefined, logInfo?: Record<string, unknown>): Promise<AwsCredentialProviderWithMetaData>; /** * Get the ARN for an IAM role. * * @param partition The partition the role is in (e.g. "aws", "aws-us-gov", "aws-cn"). * @param accountId The ID of the account the role is in. * @param rolePathAndName The path and name of the role. * @returns The ARN of the role. */ export declare function buildRoleArn(partition: string, accountId: string, rolePathAndName: string): string; export {}; //# sourceMappingURL=coreAuth.d.ts.map