UNPKG

@cloud-copilot/iam-collect

Version:

Collect IAM information from AWS Accounts

github.com/cloud-copilot/iam-collect

cloud-copilot/iam-collect

104 lines 4.46 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
import { AccessKeyLastUsed, AccessKeyMetadata, GroupDetail, IAMClient, LoginProfile, ManagedPolicyDetail, MFADevice, RoleDetail, Tag, User, UserDetail } from '@aws-sdk/client-iam'; import { Sync } from '../sync.js'; interface AccessKeyWithLastUsed extends AccessKeyMetadata { lastUsed?: AccessKeyLastUsed; } export declare const AuthorizationDetailsSync: Sync; /** * Get the access keys for an IAM user. * * @param region The region to use for the API call * @param credentials The credentials to use for the API call * @param userName The name of the user to lookup the access keys for * @returns Returns a list of access keys for the user. Will return an empty array if there are no access keys */ export declare function getAccessKeysForUser(client: IAMClient, userName: string): Promise<AccessKeyWithLastUsed[]>; /** * Get the login profile for an IAM user if it exists. * * @param region The region to use for the API call * @param credentials The credentials to use for the API call * @param userName The name of the user to lookup the login profile for * @returns Returns the login profile for the user if it exists. Otherwise returns undefined */ export declare function getLoginProfileForUser(client: IAMClient, userName: string): Promise<LoginProfile | undefined>; /** * Get the MFA devices for an IAM user. * * @param region The region to use for the API call * @param credentials The credentials to use for the API call * @param userName The name of the user to lookup the MFA devices for * @returns Returns a list of MFA devices for the user. Will return an empty array if there are no MFA devices. */ export declare function getMfaDevicesForUser(client: IAMClient, userName: string): Promise<MFADevice[]>; /** * Parses a username out of an ARN. Does not validate the ARN is a valid IAM user ARN. * * @param arn The arn to parse the username out of * @returns Returns the username from the ARN */ export declare function parseUsernameFromArn(arn: string): string; /** * Get all IAM users in an account. * * @param region The region to use for the API call * @param credentials The credentials to use for the API call * @returns Returns a list of all IAM users in the account */ export declare function getAllUsers(client: IAMClient): Promise<User[]>; export interface UserWithMetadata extends User { metadata: { hasConsoleAccess: boolean; createdAt: Date; passwordChanged?: Date; passwordLastUsed?: Date; mfaEnabled: boolean; numberAccessKeys: number; oldestAccessKey?: Date; accessKeyLastUsed?: Date; accessKeys?: AccessKeyWithLastUsed[]; managedPolicies: string[]; inlinePolicies: any[]; groups: string[]; }; } /** * Get all IAM users in an account with metadata about each user. * * @param region The region to use for the API call * @param credentials The credentials to use for the API call * @returns Returns all users for the account with metadata about each user */ export declare function getAllUsersWithMetadata(client: IAMClient): Promise<UserWithMetadata[]>; interface ManagedPolicyDetailWithExtraData extends ManagedPolicyDetail { Tags?: Tag[]; } /** * Return the results of the Authorization Details call for this account. * Excludes users and AWS managed policies. * * @param credentials The credentials to use for the API call * @returns Returns the results of the Authorization Details call for this account */ export declare function getAuthorizationDetails(client: IAMClient): Promise<{ groups: GroupDetail[]; roles: RoleDetail[]; policies: ManagedPolicyDetailWithExtraData[]; awsManagedPolicies: ManagedPolicyDetail[]; users: UserDetail[]; }>; interface AttachedPolicy { name: string; document: any; } /** * Gets the policies that are attached directly to a role. Does not include managed policies. * * @param credentials The credentials to use for the API call * @param roleName The name of the role to get the policies for * @returns Returns the policies that are attached directly to the role */ export declare function getPoliciesAttachedDirectlyToRole(client: IAMClient, roleName: string): Promise<AttachedPolicy[]>; export declare function getManagedPoliciesAttachedToRole(client: IAMClient, roleName: string): Promise<import("@aws-sdk/client-iam").AttachedPolicy[]>; export {}; //# sourceMappingURL=authorizationDetails.d.ts.map