@cloud-copilot/iam-collect/dist/cjs/syncs/dynamodb/tables.js

Collect IAM information from AWS Accounts

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.DynamoDBTableSync = void 0;
const client_dynamodb_1 = require("@aws-sdk/client-dynamodb");
const client_tools_js_1 = require("../../utils/client-tools.js");
const tags_js_1 = require("../../utils/tags.js");
const typedSync_js_1 = require("../typedSync.js");
/**
 * Sync AWS tables Manager tables and their resource policies.
 */
exports.DynamoDBTableSync = (0, typedSync_js_1.createTypedSyncOperation)('dynamodb', 'tables', (0, typedSync_js_1.createResourceSyncType)({
    client: client_dynamodb_1.DynamoDBClient,
    command: client_dynamodb_1.ListTablesCommand,
    key: 'TableNames',
    paginationConfig: {
        inputKey: 'ExclusiveStartTableName',
        outputKey: 'LastEvaluatedTableName'
    },
    resourceTypeParts: (accountId, region) => ({
        service: 'dynamodb',
        resourceType: 'table',
        account: accountId,
        region: region,
        metadata: {
            // We set this to true to indicate that this is a table resource
            // and not a stream resource. This is important for the
            // DynamoDBTableSync to work correctly.
            table: 'true'
        }
    }),
    extraFields: {
        policy: async (client, table, accountId, region, partition) => {
            const arn = tableArn(partition, region, accountId, table.name);
            return (0, client_tools_js_1.runAndCatchError)('PolicyNotFoundException', async () => {
                const response = await client.send(new client_dynamodb_1.GetResourcePolicyCommand({
                    ResourceArn: arn
                }));
                if (response.Policy) {
                    return JSON.parse(response.Policy);
                }
                return undefined;
            });
        },
        tags: async (client, table, accountId, region, partition) => {
            const arn = tableArn(partition, region, accountId, table.name);
            return (0, client_tools_js_1.runAndCatch404)(async () => {
                const response = await (0, typedSync_js_1.paginateResource)(client, client_dynamodb_1.ListTagsOfResourceCommand, 'Tags', {
                    inputKey: 'NextToken',
                    outputKey: 'NextToken'
                }, {
                    ResourceArn: arn
                });
                return (0, tags_js_1.convertTagsToRecord)(response);
            });
        }
    },
    tags: (table) => table.extraFields.tags,
    arn: (table, region, accountId, partition) => tableArn(partition, region, accountId, table.name),
    results: (table) => ({
        metadata: {
            name: table.name,
            table: 'true'
        },
        policy: table.extraFields.policy
    })
}));
/**
 * Create a DynamoDB Table ARN from the given parameters.
 *
 * @param partition the AWS partition (e.g., 'aws', 'aws-cn', 'aws-us-gov')
 * @param region the AWS region (e.g., 'us-east-1')
 * @param accountId the AWS account ID
 * @param tableName the name of the DynamoDB table
 * @returns the ARN of the table
 */
function tableArn(partition, region, accountId, tableName) {
    return `arn:${partition}:dynamodb:${region}:${accountId}:table/${tableName}`;
}
//# sourceMappingURL=tables.js.map