UNPKG

@cloud-copilot/iam-collect

Version:

Collect IAM information from AWS Accounts

github.com/cloud-copilot/iam-collect

cloud-copilot/iam-collect

56 lines 2.48 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import { ResourceOwner } from '@aws-sdk/client-api-gateway'; import { GetResourcePoliciesCommand, ListResourcesCommand, RAMClient } from '@aws-sdk/client-ram'; import { splitArnParts } from '@cloud-copilot/iam-utils'; import { AwsClientPool } from '../../aws/ClientPool.js'; import { parseIfPresent } from '../../utils/json.js'; import { paginateResource } from '../typedSync.js'; export const RamResourcesSync = { awsService: 'ram', name: 'resourcePolicies', execute: async (accountId, region, credentials, storage, endpoint, syncOptions) => { const ramClient = AwsClientPool.defaultInstance.client(RAMClient, credentials, region, endpoint); // List all the resources const resources = await paginateResource(ramClient, ListResourcesCommand, 'resources', { inputKey: 'nextToken', outputKey: 'nextToken' }, { resourceOwner: ResourceOwner.SELF }); // Group shares by resource ARN const resourceMap = new Map(); for (const resource of resources) { const arn = resource.arn; if (!resourceMap.has(arn)) { resourceMap.set(arn, new Set()); } if (resource.resourceShareArn) { resourceMap.get(arn).add(resource.resourceShareArn); } } // Group ARNs by their region const regionMap = new Map(); for (const arn of resourceMap.keys()) { const parts = splitArnParts(arn); const arnRegion = parts.region || ''; if (!regionMap.has(arnRegion)) { regionMap.set(arnRegion, []); } regionMap.get(arnRegion).push(arn); } // Sync and save per region for (const [arnRegion, regionArns] of regionMap) { await storage.syncRamResources(accountId, arnRegion, regionArns); for (const arn of regionArns) { const policies = await paginateResource(ramClient, GetResourcePoliciesCommand, 'policies', { inputKey: 'nextToken', outputKey: 'nextToken' }, { resourceArns: [arn] }); const policy = parseIfPresent(policies.at(0)); const shares = Array.from(resourceMap.get(arn)); await storage.saveRamResource(accountId, arn, { arn, shares, policy }); } } } }; //# sourceMappingURL=ramShares.js.map