@cloud-copilot/iam-collect/dist/cjs/syncs/s3express/s3DirectoryBucketsSync.js

Collect IAM information from AWS Accounts

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.S3DirectoryBucketsSync = void 0;
const client_s3_1 = require("@aws-sdk/client-s3");
const client_tools_js_1 = require("../../utils/client-tools.js");
const json_js_1 = require("../../utils/json.js");
const typedSync_js_1 = require("../typedSync.js");
exports.S3DirectoryBucketsSync = (0, typedSync_js_1.createTypedSyncOperation)('s3express', 'directoryBuckets', (0, typedSync_js_1.createResourceSyncType)({
    client: client_s3_1.S3Client,
    command: client_s3_1.ListDirectoryBucketsCommand,
    key: 'Buckets',
    arguments: () => ({ MaxDirectoryBuckets: 1000 }),
    paginationConfig: {
        inputKey: 'ContinuationToken',
        outputKey: 'ContinuationToken'
    },
    arn: (bucket, region, account, partition) => directoryBucketArn(partition, region, account, bucket.Name),
    extraFields: {
        policy: async (client, bucket) => {
            return (0, client_tools_js_1.runAndCatch404)(async () => {
                const policy = await client.send(new client_s3_1.GetBucketPolicyCommand({ Bucket: bucket.Name }));
                return (0, json_js_1.parseIfPresent)(policy.Policy);
            });
        },
        encryption: async (client, bucket) => {
            const encryption = await client.send(new client_s3_1.GetBucketEncryptionCommand({ Bucket: bucket.Name }));
            return encryption.ServerSideEncryptionConfiguration;
        }
    },
    tags: (bucket) => undefined,
    resourceTypeParts: (account, region) => ({
        service: 's3express',
        resourceType: 'bucket',
        account,
        region
    }),
    results: (bucket) => ({
        metadata: {
            name: bucket.Name,
            encryption: bucket.extraFields.encryption?.Rules
        },
        policy: bucket.extraFields.policy
    })
}));
/**
 * Create an ARN for a directory bucket
 *
 * @param partition the partition of the bucket
 * @param region the region of the bucket
 * @param account the account the bucket is in
 * @param bucketName the name of the bucket
 * @returns the full arn of the directory bucket
 */
function directoryBucketArn(partition, region, account, bucketName) {
    return `arn:${partition}:s3express:${region}:${account}:bucket/${bucketName}`;
}
//# sourceMappingURL=s3DirectoryBucketsSync.js.map