UNPKG

@cloud-copilot/iam-collect

Version:

Collect IAM information from AWS Accounts

github.com/cloud-copilot/iam-collect

cloud-copilot/iam-collect

145 lines 6.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.S3OutpostsAccessPointsSync = exports.S3OutpostsBucketsSync = void 0; const client_s3_control_1 = require("@aws-sdk/client-s3-control"); const client_s3outposts_1 = require("@aws-sdk/client-s3outposts"); const client_tools_js_1 = require("../../utils/client-tools.js"); const json_js_1 = require("../../utils/json.js"); const log_1 = require("@cloud-copilot/log"); const tags_js_1 = require("../../utils/tags.js"); const sync_js_1 = require("../sync.js"); const typedSync_js_1 = require("../typedSync.js"); exports.S3OutpostsBucketsSync = { awsService: 's3outposts', name: 'buckets', execute: async (accountId, region, credentials, storage, endpoint, syncOptions) => { const outpostsClient = syncOptions.clientPool.client(client_s3outposts_1.S3OutpostsClient, credentials, region, endpoint); const outposts = await listS3Outposts(outpostsClient); const regionalBuckets = []; for (const outpost of outposts) { const controlClient = controlClientForOutpost(credentials, region, outpost.OutpostId); const buckets = await (0, typedSync_js_1.paginateResource)(outpostsClient, client_s3_control_1.ListRegionalBucketsCommand, 'RegionalBucketList', { inputKey: 'NextToken', outputKey: 'NextToken' }, { OutpostId: outpost.OutpostId }); for (const bucket of buckets) { regionalBuckets.push({ arn: bucket.BucketArn, metadata: { arn: bucket.BucketArn, name: bucket.Bucket, outpostId: bucket.OutpostId, publicAccessBlockEnabled: bucket.PublicAccessBlockEnabled, bucket: 'true' }, policy: await (0, client_tools_js_1.runAndCatch404)(async () => { const result = await controlClient.send(new client_s3_control_1.GetBucketPolicyCommand({ Bucket: bucket.Bucket })); return (0, json_js_1.parseIfPresent)(result.Policy); }), tags: await (0, client_tools_js_1.runAndCatch404)(async () => { const tags = await controlClient.send(new client_s3_control_1.GetBucketTaggingCommand({ Bucket: bucket.Bucket })); return (0, tags_js_1.convertTagsToRecord)(tags.TagSet); }) }); } } await (0, sync_js_1.syncData)(regionalBuckets, storage, accountId, { service: 's3outposts', resourceType: 'outpost', account: accountId, region: region, metadata: { bucket: 'true' } }, syncOptions.writeOnly); } }; exports.S3OutpostsAccessPointsSync = { awsService: 's3outposts', name: 'accessPoints', execute: async (accountId, region, credentials, storage, endpoint, syncOptions) => { const outpostsClient = syncOptions.clientPool.client(client_s3outposts_1.S3OutpostsClient, credentials, region, endpoint); const outposts = await listS3Outposts(outpostsClient); const accessPoints = []; for (const outpost of outposts) { const controlClient = controlClientForOutpost(credentials, region, outpost.OutpostId); const points = await (0, typedSync_js_1.paginateResource)(controlClient, client_s3_control_1.ListAccessPointsCommand, 'AccessPointList', { inputKey: 'NextToken', outputKey: 'NextToken' }, { AccountId: accountId }); for (const point of points) { accessPoints.push({ arn: point.AccessPointArn, metadata: { arn: point.AccessPointArn, name: point.Name, outpostId: outpost.OutpostId, networkOrigin: point.NetworkOrigin, vpc: point.VpcConfiguration?.VpcId, bucket: point.Bucket, bucketAccount: point.BucketAccountId, accesspoint: 'true' }, policy: await (0, client_tools_js_1.runAndCatch404)(async () => { const result = await controlClient.send(new client_s3_control_1.GetAccessPointPolicyCommand({ Name: point.Name, AccountId: accountId })); return (0, json_js_1.parseIfPresent)(result.Policy); }) }); } } await (0, sync_js_1.syncData)(accessPoints, storage, accountId, { service: 's3outposts', resourceType: 'outpost', account: accountId, region: region, metadata: { accesspoint: 'true' } }, syncOptions.writeOnly); } }; /** * List the Outposts in the account that have S3 * * @param outpostsClient the S3OutpostsClient to use * @returns and array of Outpost objects */ async function listS3Outposts(outpostsClient) { return (0, typedSync_js_1.paginateResource)(outpostsClient, client_s3outposts_1.ListOutpostsWithS3Command, 'Outposts', { inputKey: 'NextToken', outputKey: 'NextToken' }); } /** * Create a new S3ControlClient with the Outpost ID set in the headers * * @param credentials the credentials to use for the client * @param region the region to use for the client * @param outpostId the Outpost ID to set in the headers * @returns a new S3ControlClient with the Outpost ID set in the headers */ function controlClientForOutpost(credentials, region, outpostId) { const controlClient = new client_s3_control_1.S3ControlClient({ credentials: credentials.provider, region }); controlClient.middlewareStack.add((next, context) => (args) => { if (args.request) { log_1.log.trace('Adding outpost ID to request headers'); args.request.headers['x-amz-outpost-id'] = outpostId; } return next(args); }, { step: 'build' }); return controlClient; } //# sourceMappingURL=s3OutpostsSyncs.js.map