UNPKG

@cloud-copilot/iam-collect

Version:

Collect IAM information from AWS Accounts

github.com/cloud-copilot/iam-collect

cloud-copilot/iam-collect

98 lines • 4.11 kB

JavaScript

"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.AwsConfigBackupClient = void 0; const client_backup_1 = require("@aws-sdk/client-backup"); const AbstractClient_js_1 = require("../../customClients/AbstractClient.js"); const json_js_1 = require("../../utils/json.js"); const AwsConfigClientContext_js_1 = require("../AwsConfigClientContext.js"); const awsConfigUtils_js_1 = require("../awsConfigUtils.js"); /** * AWS Config-based Backup client implementation */ class AwsConfigBackupClient extends AbstractClient_js_1.AbstractClient { static clientName = client_backup_1.BackupClient.name; constructor(options, customContext) { super(options, customContext); } /** * Register all Backup command implementations */ registerCommands() { this.registerCommand(AwsConfigGetBackupVaultAccessPolicyCommand); this.registerCommand(AwsConfigListBackupVaultsCommand); this.registerCommand(AwsConfigListTagsCommand); } } exports.AwsConfigBackupClient = AwsConfigBackupClient; /** * Config-based implementation of Backup ListBackupVaultsCommand * Retrieves backup vault list from AWS Config */ const AwsConfigListBackupVaultsCommand = (0, AwsConfigClientContext_js_1.awsConfigCommand)({ command: client_backup_1.ListBackupVaultsCommand, execute: async (input, context) => { const query = ` SELECT resourceName, arn, configuration.BackupVaultName, configuration.BackupVaultArn, configuration.EncryptionKeyArn, configuration.AccessPolicy, resourceCreationTime, tags WHERE resourceType = 'AWS::Backup::BackupVault' AND awsRegion = '${context.region}' AND accountId = '${context.accountId}' AND ${awsConfigUtils_js_1.resourceStatusWhereClause} `; const results = await (0, awsConfigUtils_js_1.executeConfigQuery)(query, context); // Transform Config results to match AWS SDK format const vaultList = results .map((resultString) => { const { configItem, configuration, tags } = (0, awsConfigUtils_js_1.parseConfigItem)(resultString); // Cache data that will be needed by other commands const vaultName = configuration?.BackupVaultName || configItem.resourceName; context.putCache(vaultName, 'configuration', configuration); context.putCache(configItem.arn, 'tags', tags); return { BackupVaultName: vaultName, BackupVaultArn: configuration?.BackupVaultArn || configItem.arn, EncryptionKeyArn: configuration?.EncryptionKeyArn }; }) .filter((vault) => vault.BackupVaultName); // Filter out any malformed entries return { BackupVaultList: vaultList, NextToken: undefined // Config doesn't support pagination in this context }; } }); /** * Config-based implementation of Backup GetBackupVaultAccessPolicyCommand * Uses configuration.AccessPolicy from AWS Config BackupVault resource */ const AwsConfigGetBackupVaultAccessPolicyCommand = (0, AwsConfigClientContext_js_1.awsConfigCommand)({ command: client_backup_1.GetBackupVaultAccessPolicyCommand, execute: async (input, context) => { const configuration = context.getCache(input.BackupVaultName, 'configuration'); return { BackupVaultName: input.BackupVaultName, BackupVaultArn: configuration.BackupVaultArn, Policy: (0, json_js_1.stringifyIfPresent)(configuration?.AccessPolicy) }; } }); /** * Config-based implementation of Backup ListTagsCommand * Retrieves tags for a specific backup vault from AWS Config */ const AwsConfigListTagsCommand = (0, AwsConfigClientContext_js_1.awsConfigCommand)({ command: client_backup_1.ListTagsCommand, execute: async (input, context) => { const tags = context.getCache(input.ResourceArn, 'tags'); return { Tags: tags }; } }); //# sourceMappingURL=AwsConfigBackupClient.js.map