UNPKG

@cloud-copilot/iam-lens

Version:

Visibility in IAM in and across AWS accounts

github.com/cloud-copilot/iam-lens

cloud-copilot/iam-lens

57 lines 2.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
import { ResourceType } from '@cloud-copilot/iam-data'; import { IamCollectClient } from '../collect/client.js'; export interface ResourceAccessRequest { resource?: string; resourceAccount?: string; actions: string[]; } export interface WhoCanAllowed { principal: string; service: string; action: string; level: string; conditions?: any; dependsOnSessionName?: boolean; } export interface WhoCanResponse { allowed: WhoCanAllowed[]; allAccountsChecked: boolean; accountsNotFound: string[]; organizationsNotFound: string[]; organizationalUnitsNotFound: string[]; principalsNotFound: string[]; } export declare function whoCan(collectClient: IamCollectClient, request: ResourceAccessRequest): Promise<WhoCanResponse>; export declare function uniqueAccountsToCheck(collectClient: IamCollectClient, accountsToCheck: AccountsToCheck): Promise<{ accountsNotFound: string[]; organizationsNotFound: string[]; organizationalUnitsNotFound: string[]; accounts: string[]; }>; export interface AccountsToCheck { allAccounts: boolean; specificAccounts: string[]; specificPrincipals: string[]; specificOrganizations: string[]; specificOrganizationalUnits: string[]; } export declare function accountsToCheckBasedOnResourcePolicy(resourcePolicy: any, resourceAccount: string | undefined): Promise<AccountsToCheck>; export declare function actionsForWhoCan(request: ResourceAccessRequest): Promise<string[]>; /** * Get the the possible resource types for an action and resource * * @param service the service the action belongs to * @param action the action to get the resource type for * @param resourceArn the resource type matching the action, if any * @throws an error if the service or action does not exist, or if the action is a wildcard only action */ export declare function lookupActionsForResourceArn(resourceArn: string): Promise<string[]>; export declare function findResourceTypeForArn(resourceArn: string): Promise<[string, ResourceType]>; /** * Convert a resource pattern from iam-data to a regex pattern * * @param pattern the pattern to convert to a regex * @returns the regex pattern */ export declare function convertResourcePatternToRegex(pattern: string): string; //# sourceMappingURL=whoCan.d.ts.map