UNPKG

@cloud-copilot/iam-collect

Version:

Collect IAM information from AWS Accounts

github.com/cloud-copilot/iam-collect

cloud-copilot/iam-collect

170 lines (155 loc) 5.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.defaultConfigFileName = void 0; exports.fullDefaultConfigPath = fullDefaultConfigPath; exports.defaultConfigExists = defaultConfigExists; exports.getDefaultConfig = getDefaultConfig; const fs_1 = require("fs"); const path_1 = require("path"); const packageVersion_js_1 = require("./packageVersion.js"); exports.defaultConfigFileName = 'iam-collect.jsonc'; /** * Get the full path to the config file. * * @returns The full path to the config file. */ function fullDefaultConfigPath() { return (0, path_1.resolve)(process.cwd(), exports.defaultConfigFileName); } /** * * @returns Whether the default config file exists */ function defaultConfigExists() { return (0, fs_1.existsSync)(fullDefaultConfigPath()); } const storageTemplates = { file: ` // Default storage is on the file system. "storage": { "type": "file", //If this starts with a '.', it is relative to the config file, otherwise it is an absolute path. "path": "./iam-data" },`, sqlite: ` // Store data in a local sqlite database. "storage": { "type": "sqlite", //If this starts with a '.', it is relative to the config file, otherwise it is an absolute path. "path": "./iam-data.sqlite" },` }; const defaultConfig = ` { // The name of the configuration, used if you need to have multiple configurations. "name": "default config", "iamCollectVersion": "0.0.0", $$storage$$ /* You can also use S3 storage instead of the default file storage. "storage": { "type": "s3", "bucket": "my-bucket", "prefix": "iam-data/", "region": "us-west-2", "endpoint": "https://s3.us-west-2.amazonaws.com", // Optional endpoint if using a specific VPC endpoint //Optional auth configuration, see https://github.com/cloud-copilot/iam-collect/docs/Storage.md "auth": { // See https://github.com/cloud-copilot/iam-collect/docs/Storage.md } }, */ /* Optionally specify a list of accounts to include. If empty, it will use the current credentials. Can be overridden by the --accounts flag. "accounts": { "included": [ "111111111111", "222222222222" ] }, */ /* "serviceConfigs": { "iam": { "syncConfigs": { "authorizationDetails": { "custom": { // If true, the authorization details sync will include tags for managed policies. // This can significantly increase the time it takes to sync. "includePolicyTags": true } } } } "s3": { "syncConfigs": { "multiRegionAccessPoints": { "regions": { // Multi-Region Access Points are only available in us-west-2 in the aws partition // If using a different partition, you can specify the region for that partition here "included": ["us-west-2"] } } } } }, */ /* Optionally specify separate configurations for accounts: "accountConfigs": { "123456789012": { //Optional auth for the account: "auth": { //The type of authentication to use https://github.com/cloud-copilot/iam-collect/docs/Authentication.md }, "regions": { //Optional regions to include, if empty all regions are included // "included": ["us-east-1", "us-west-1"], //Optional regions to exclude, if empty no regions are excluded. You can use it with included, but that wouldn't make much sense. // "excluded": ["us-west-2"] }, "serviceConfigs" : { "s3": { "endpoint": "https://s3.us-west-2.amazonaws.com", // Optional endpoint if using a specific VPC endpoint "auth": { //Override auth for a specific service }, "regionConfigs": { "us-west-1": { //Optional configuration for the region endpoint: "https://s3.us-west-1.amazonaws.com", // Optional endpoint if using a specific VPC endpoint } } } } } */ // Optional block, by default all regions returned by ec2:DescribeRegions with 'opt-in-not-required' or 'opted-in' are included // If regions are specified in the CLI, this is ignored // "regions": { //Optional regions to include, if empty all regions are included // "included": ["us-east-1", "us-west-1"], //Optional regions to exclude, if empty no regions are excluded. You can use it with included, but that wouldn't make much sense. // "excluded": ["us-west-2"] // }, // Optional block, by default all supported services are included // If services are specified in the CLI, this is ignored // "services": { //Optional services to include, if empty all supported services are included // "included": ["s3", "ec2"], //Optional services to exclude, if empty no services are excluded. You can use it with included, but that wouldn't make much sense. // "excluded": ["iam"] // }, // Optional block for authentication, see , see https://github.com/cloud-copilot/iam-collect/docs/Authentication.md // "auth": { // //The type of authentication to use before connecting to any individual accounts // } } `; async function getDefaultConfig(options) { const version = (0, packageVersion_js_1.iamCollectVersion)(); const storage = storageTemplates[options.type ?? 'file']; return defaultConfig.replace('0.0.0', version).replace('$$storage$$', storage); } //# sourceMappingURL=defaultConfig.js.map