UNPKG

@cloud-copilot/iam-collect

Version:

Collect IAM information from AWS Accounts

github.com/cloud-copilot/iam-collect

cloud-copilot/iam-collect

167 lines 5.92 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
import { AwsService } from '../services.js'; export interface AuthConfig { /** * The profile to use when authenticating with AWS. If not present, the default AWS SDK credential resolution chain will be used. */ profile?: string; /** * An optional initial Role to assume in the first phase of the authentication process before * assuming any roles in the target accounts. */ initialRole?: ({ /** * Specify the ARN OR the path and name of the role to assume. * * Use arn if you want to always assume a role in a specific account. */ arn: string; } | { /** * Specify the path and name OR the ARN of the role to assume. * * Use pathAndName if you want to assume a role in the same account as your default credentials. */ pathAndName: string; }) & { /** * Optional, the external id to use when assuming the role. */ externalId?: string; /** * Optional, the session name to use when assuming the role. */ sessionName?: string; }; role?: { /** * The path and name of the role to assume. Required if using a role. */ pathAndName: string; /** * Optional, the external id to use when assuming the role. */ externalId?: string; /** * Optional, the session name to use when assuming the role. */ sessionName?: string; }; } /** * An AuthConfig that is completely optional for all fields. * This is used to allow for partial auth configs in the account/service/region configs. */ export interface OptionalAuthConfig extends Omit<AuthConfig, 'role'> { role?: Partial<AuthConfig['role']>; } export interface FileSystemStorageConfig { type: 'file'; path: string; } export interface S3StorageConfig { type: 's3'; bucket: string; prefix?: string; region: string; endpoint?: string; auth?: AuthConfig; } export type StorageConfig = FileSystemStorageConfig | S3StorageConfig; interface BaseConfig { regions?: { included?: string[]; excluded?: string[]; }; services?: { included?: string[]; excluded?: string[]; }; auth?: AuthConfig; } interface ServiceConfig extends Omit<BaseConfig, 'auth'> { endpoint?: string; regionConfigs?: Record<string, Omit<ServiceConfig, 'regionConfigs'>>; syncConfigs?: Record<string, SyncConfig>; auth?: OptionalAuthConfig; } interface SyncConfig { regions?: { included?: string[]; excluded?: string[]; }; auth?: AuthConfig; } interface AccountConfig extends Omit<BaseConfig, 'auth'> { serviceConfigs?: Record<string, ServiceConfig>; auth?: OptionalAuthConfig; } export interface TopLevelConfig extends BaseConfig { name?: string; iamCollectVersion: string; storage?: StorageConfig; auth?: AuthConfig; accounts?: { included?: string[]; }; accountConfigs?: Record<string, AccountConfig>; serviceConfigs?: Record<string, ServiceConfig>; } type ServicesForAccount = AwsService[]; type RegionsForAccountService = string[]; export interface ResolvedAccountServiceRegionConfig { accountId: string; service: string; region: string; auth?: AuthConfig; endpoint?: string; } /** * Get the default auth config from the provided configs. * * @param configs the configs to search for the default auth config * @returns the default auth config, or an empty object if none found */ export declare function getDefaultAuthConfig(configs: TopLevelConfig[]): AuthConfig; export declare function servicesForAccount(account: string, configs: TopLevelConfig[], allServices: string[]): ServicesForAccount; /** * Get the regions for a specific service and account. * * @param service the service to get the regions for * @param account the account to get the regions for * @param configs the configs to search * @param allRegions the list of all regions to filter from * @returns the regions for the service and account */ export declare function regionsForService(service: string, account: string, configs: TopLevelConfig[], allRegions: string[]): RegionsForAccountService; export declare function accountServiceRegionConfig(service: string, accountId: string, region: string, configs: TopLevelConfig[]): ResolvedAccountServiceRegionConfig; /** * Get the auth config for a specific account * * @param accountId the account id to get the auth config for * @param configs the configs to search * @returns the auth config for the account, or undefined if not found */ export declare function getAccountAuthConfig(accountId: string, configs: TopLevelConfig[]): AuthConfig | undefined; export declare function getStorageConfig(configs: TopLevelConfig[]): StorageConfig | undefined; /** * Check if a specific sync is enabled for given region. This checks the specific sync config within the service. * * This should only be used after the sync has been validated to be enabled for the account and service. * * @param accountId the account id to check * @param service the service to check * @param syncName the specific name of the sync to check * @param configs the configs to check * @param region the region being tested * @returns true if the sync is enabled for the region, false otherwise */ export declare function syncEnabledForRegion(accountId: string, service: string, syncName: string, configs: TopLevelConfig[], region: string): boolean; /** * Get the default accounts from the provided configs. * * @param configs the configs to search for the default accounts * @returns the default accounts, or an empty array if none found */ export declare function getConfiguredAccounts(configs: TopLevelConfig[]): string[]; export {}; //# sourceMappingURL=config.d.ts.map