@cloud-copilot/iam-collect/dist/cjs/syncs/ram/ramShares.js

Collect IAM information from AWS Accounts

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.RamResourcesSync = void 0;
const client_api_gateway_1 = require("@aws-sdk/client-api-gateway");
const client_ram_1 = require("@aws-sdk/client-ram");
const iam_utils_1 = require("@cloud-copilot/iam-utils");
const ClientPool_js_1 = require("../../aws/ClientPool.js");
const json_js_1 = require("../../utils/json.js");
const typedSync_js_1 = require("../typedSync.js");
exports.RamResourcesSync = {
    awsService: 'ram',
    name: 'resourcePolicies',
    execute: async (accountId, region, credentials, storage, endpoint, syncOptions) => {
        const ramClient = ClientPool_js_1.AwsClientPool.defaultInstance.client(client_ram_1.RAMClient, credentials, region, endpoint);
        // List all the resources
        const resources = await (0, typedSync_js_1.paginateResource)(ramClient, client_ram_1.ListResourcesCommand, 'resources', {
            inputKey: 'nextToken',
            outputKey: 'nextToken'
        }, {
            resourceOwner: client_api_gateway_1.ResourceOwner.SELF
        });
        // Group shares by resource ARN
        const resourceMap = new Map();
        for (const resource of resources) {
            const arn = resource.arn;
            if (!resourceMap.has(arn)) {
                resourceMap.set(arn, new Set());
            }
            if (resource.resourceShareArn) {
                resourceMap.get(arn).add(resource.resourceShareArn);
            }
        }
        // Group ARNs by their region
        const regionMap = new Map();
        for (const arn of resourceMap.keys()) {
            const parts = (0, iam_utils_1.splitArnParts)(arn);
            const arnRegion = parts.region || '';
            if (!regionMap.has(arnRegion)) {
                regionMap.set(arnRegion, []);
            }
            regionMap.get(arnRegion).push(arn);
        }
        // Sync and save per region
        for (const [arnRegion, regionArns] of regionMap) {
            await storage.syncRamResources(accountId, arnRegion, regionArns);
            for (const arn of regionArns) {
                const policies = await (0, typedSync_js_1.paginateResource)(ramClient, client_ram_1.GetResourcePoliciesCommand, 'policies', { inputKey: 'nextToken', outputKey: 'nextToken' }, { resourceArns: [arn] });
                const policy = (0, json_js_1.parseIfPresent)(policies.at(0));
                const shares = Array.from(resourceMap.get(arn));
                await storage.saveRamResource(accountId, arn, {
                    arn,
                    shares,
                    policy
                });
            }
        }
    }
};
//# sourceMappingURL=ramShares.js.map