UNPKG

@cloud-copilot/iam-collect

Version:

Collect IAM information from AWS Accounts

github.com/cloud-copilot/iam-collect

cloud-copilot/iam-collect

105 lines 3.93 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.AwsConfigKmsClient = void 0; const client_kms_1 = require("@aws-sdk/client-kms"); const AbstractClient_js_1 = require("../../customClients/AbstractClient.js"); const ResourceNotFoundException_js_1 = require("../../customClients/ResourceNotFoundException.js"); const AwsConfigClientContext_js_1 = require("../AwsConfigClientContext.js"); const awsConfigUtils_js_1 = require("../awsConfigUtils.js"); /** * KMS client implementation using AWS Config as data source */ class AwsConfigKmsClient extends AbstractClient_js_1.AbstractClient { static clientName = client_kms_1.KMSClient.name; constructor(options, customContext) { super(options, customContext); } /** * Register all KMS command implementations */ registerCommands() { this.registerCommand(AwsConfigListKeysCommand); this.registerCommand(AwsConfigGetKeyPolicyCommand); this.registerCommand(AwsConfigListResourceTagsCommand); } } exports.AwsConfigKmsClient = AwsConfigKmsClient; /** * Config-based implementation of KMS ListKeysCommand */ const AwsConfigListKeysCommand = (0, AwsConfigClientContext_js_1.awsConfigCommand)({ command: client_kms_1.ListKeysCommand, execute: async (input, context) => { const query = ` SELECT arn, resourceId, supplementaryConfiguration.Policy, tags WHERE resourceType = 'AWS::KMS::Key' AND awsRegion = '${context.region}' AND accountId = '${context.accountId}' AND ${awsConfigUtils_js_1.resourceStatusWhereClause} `; const results = await (0, awsConfigUtils_js_1.executeConfigQuery)(query, context); const keys = results.map((resultString) => { const { configItem, supplementaryConfiguration, tags } = (0, awsConfigUtils_js_1.parseConfigItem)(resultString); // Cache data that will be needed by other commands // Use KeyId as cache key for both GetKeyPolicyCommand and ListResourceTagsCommand context.putCache(configItem.resourceId, 'supplementaryConfiguration', supplementaryConfiguration); context.putCache(configItem.resourceId, 'tags', tags); return { KeyId: configItem.resourceId, KeyArn: configItem.arn }; }); return { Keys: keys }; } }); /** * Config-based implementation of KMS GetKeyPolicyCommand */ const AwsConfigGetKeyPolicyCommand = (0, AwsConfigClientContext_js_1.awsConfigCommand)({ command: client_kms_1.GetKeyPolicyCommand, execute: async (input, context) => { const { KeyId, PolicyName = 'default' } = input; if (!KeyId) { throw new ResourceNotFoundException_js_1.ResourceNotFoundException('KeyId is required'); } const supplementaryConfiguration = context.getCache(KeyId, 'supplementaryConfiguration'); const keyPolicy = supplementaryConfiguration?.Policy; if (!keyPolicy) { throw new ResourceNotFoundException_js_1.ResourceNotFoundException(`Key policy '${PolicyName}' not found for KeyId: ${KeyId}`); } return { Policy: keyPolicy }; } }); /** * Config-based implementation of KMS ListResourceTagsCommand */ const AwsConfigListResourceTagsCommand = (0, AwsConfigClientContext_js_1.awsConfigCommand)({ command: client_kms_1.ListResourceTagsCommand, execute: async (input, context) => { const { KeyId } = input; if (!KeyId) { return { Tags: [] }; } const tags = context.getCache(KeyId, 'tags'); if (!tags) { return { Tags: [] }; } return { Tags: tags }; } }); //# sourceMappingURL=AwsConfigKmsClient.js.map