cdk-insights
Version:
AWS CDK security and cost analysis tool with AI-powered insights
431 lines (430 loc) • 12.5 kB
TypeScript
import type { ConstructMetadata } from '../analysis/static/solutionConstructs/loadConstructMetadata';
import type { AWSServiceChecks } from '../functions/factories/awsServices';
export type ServiceName = Exclude<keyof AWSServiceChecks, 'solutionsPatterns'> | 'All services';
export type RunAnalysisTypes = {
stacks: Record<string, CloudFormationStack>;
inlineFindings: Issue[];
pathToLogicalId: Record<string, string>;
output: string;
recommendationMapPerStack: Record<string, Record<string, IssueGroup>>;
assetSourcePaths: Record<string, string>;
failOnCritical?: boolean;
fingerprint?: string;
redact?: boolean;
withIssue?: boolean;
services?: ServiceName[];
summaryOnly?: boolean;
ruleFilter?: string[];
authToken?: string;
};
export type Severity = 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW';
export type WAFPillars = 'Operational Excellence' | 'Security' | 'Cost Optimization' | 'Reliability' | 'Performance Efficiency' | 'Sustainability';
export type WAFIssueCount = Record<WAFPillars, number>;
export type Issue = {
resourceId: string;
issue: string;
recommendation?: string;
severity: Severity;
wafPillar: WAFPillars;
foundBy: 'cdkNag' | 'cdkInsights';
constructName?: string;
resourceName?: string;
friendlyName?: string;
displayName?: string;
locationHint?: string;
codeSnippet?: string;
constructPath?: string;
constructType?: string;
githubUrl?: string;
docUrl?: string;
sourceLocation?: {
filePath: string;
line: number;
column: number;
confidence: 'high' | 'medium' | 'low';
};
stackName?: string;
stackId?: string;
timestamp?: string;
ruleId?: string;
context?: {
property?: string;
value?: string;
expected?: string;
};
};
export type IssueGroup = {
resourceId: string;
friendlyName: string;
cdkPath: string;
isGenerated: boolean;
sources: {
cdkInsights: {
issues: Issue[];
};
cdkNag: {
issues: Issue[];
};
};
constructName?: string;
resourceName?: string;
displayName?: string;
type?: string;
locationHint?: string;
githubUrl?: string;
docUrl?: string;
children?: Record<string, IssueGroup>;
};
export type Summary = {
totalResources: number;
totalIssues: number;
severityCounts: Record<Severity, number>;
wafIssues: Record<WAFPillars, number>;
generatedBy: string;
generatedAt: string;
};
export type Report = {
summary: Summary;
recommendations: Record<string, IssueGroup>;
};
export type Recommendations = {
[resourceId: string]: {
issues: Issue[];
};
};
export type Recommendation = {
resourceId: string;
issue: string;
severity: Severity;
wafPillar: WAFPillars;
recommendation?: string;
issueLocation?: string;
locationHint?: string;
sources?: {
cdkInsights?: {
issues: Issue[];
};
cdkNag?: {
issues: Issue[];
};
};
constructDocs?: string;
constructGitHub?: string;
};
export type RecommendationMap = {
[resourceId: string]: IssueGroup;
};
export type ReportRecommendation = Omit<Recommendation, 'resourceId'>;
export type SingleResourceAnalysis = {
resourceId: string;
issues: Issue[];
resourceName?: string;
};
export type AnalysisResults = Record<string, {
issues: Issue[];
}>;
export type AnalysisResult = {
[resourceId: string]: {
issues: Issue[];
resourceName?: string;
};
};
export type InitiateAnalysisResponse = {
jobId: string;
};
export type PollJobStatusResponse = {
status: 'completed' | 'failed' | 'processing';
result?: AnalysisResult;
error?: string;
};
export type Policy = {
PolicyDocument: {
Statement: StatementParameter[];
};
};
export type StatementParameter = {
Effect?: string;
Action?: string | string[];
Resource?: string | string[];
Principal?: string | {
[key: string]: string | string[];
};
};
export type CloudFormationResource = {
Type: string;
Properties?: {
Name?: string;
IsLogging?: boolean;
AccessPolicies?: string[];
BillingMode?: string;
Attachments?: {
TargetGroupArn?: string;
TargetType?: string;
Port?: number;
Protocol?: string;
HealthCheckProtocol?: string;
InstanceId?: string;
Device?: string;
}[];
ProvisionedThroughput?: {
ReadCapacityUnits?: number;
WriteCapacityUnits?: number;
};
SubnetRouteTableAssociations?: {
RouteTableId?: string;
SubnetId?: string;
Ref?: string;
}[];
TableName?: string;
AllocationId?: {
[key: string]: string[];
};
SubnetId?: {
Ref?: string;
};
MemorySize?: number;
InstanceType?: string;
StreamSpecification?: {
StreamViewType?: string;
};
StorageEncrypted?: boolean;
EndpointConfiguration?: {
Types?: string[];
};
BucketName?: string;
MultiAZ?: boolean;
StorageType?: string;
SecurityGroupIngress?: {
CidrIp: string;
IpProtocol: string;
FromPort: number;
ToPort: number;
}[];
State?: string;
Engine?: string;
EngineVersion?: string;
Policies?: Policy[];
KeyPolicy?: {
Statement: StatementParameter[];
};
Environment?: {
Variables?: Record<string, string>;
};
PublicPolicy?: {
Statement: StatementParameter[];
};
Definition?: {
States?: Record<string, unknown>;
};
AttributeDefinitions?: {
AttributeName?: string;
AttributeType?: string;
}[];
KeySchema?: {
AttributeName?: string;
KeyType?: string;
}[];
Size?: number;
AvailabilityZone?: string;
RoleArn?: string;
LoggingConfiguration?: {
Level?: string;
IncludeExecutionData?: boolean;
Destinations?: {
CloudWatchLogsLogGroup?: {
LogGroupArn?: string;
};
}[];
};
Code?: {
S3Bucket?: string;
S3Key?: string;
ZipFile?: string;
};
Handler?: string;
Role?: string;
Runtime?: string;
QueueName?: string;
DisplayName?: string;
KmsMasterKeyId?: string;
BucketEncryption?: {
ServerSideEncryptionConfiguration?: {
ServerSideEncryptionByDefault?: {
SSEAlgorithm: string;
}[];
}[];
};
IntelligentTieringConfigurations?: {
Id?: string;
Prefix?: string;
Status?: string;
Tierings?: {
AccessTier?: string;
Days?: number;
}[];
}[];
PublicAccessBlockConfiguration?: {
BlockPublicAcls?: boolean;
};
VersioningConfiguration?: {
Status?: string;
};
Actions?: {
TargetGroupArn?: string;
}[];
DefaultActions?: {
TargetGroupArn?: string;
}[];
Principal?: string | {
[key: string]: string | string[];
};
Uri?: string;
TopicRulePayload?: {
actions?: Record<string, unknown>[];
};
Protocol?: string;
TemplateURL?: string | string[];
};
Metadata?: {
'aws:cdk:path'?: string;
};
DependsOn?: string | string[];
Condition?: string;
displayName?: string;
__fileHint?: string;
__friendlyName?: string;
__description?: string;
__github?: string;
__docs?: string;
__constructType?: string;
__stackId?: string;
};
export type CloudFormationParameter = {
Type: string;
Default?: string | number | boolean;
Description?: string;
AllowedValues?: (string | number)[];
AllowedPattern?: string;
ConstraintDescription?: string;
};
export type CloudFormationMapping = Record<string, Record<string, string | number>>;
export type CloudFormationCondition = Record<string, unknown>;
export type CloudFormationOutput = {
Description?: string;
Value: string | Record<string, unknown>;
Export?: {
Name: string;
};
};
export type BedrockResponse = {
inputTextTokenCount: number;
results: [
{
outputText: string;
tokenCount: number;
completionReason?: string;
}
];
outputTokens: number;
};
export type AIAnalysis = {
recommendations?: string[];
inputTokens?: number;
outputTokens?: number;
};
export type CloudFormationStack = {
AWSTemplateFormatVersion?: string;
Description?: string;
Parameters?: Record<string, CloudFormationParameter>;
Resources: Record<string, CloudFormationResource>;
Mappings?: Record<string, CloudFormationMapping>;
Conditions?: Record<string, CloudFormationCondition>;
Outputs?: Record<string, CloudFormationOutput>;
Metadata?: Record<string, unknown>;
};
export type RedactionMapping = Record<string, string>;
export type NagFinding = {
message: string;
severity: 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
tracePath: string;
};
export type FileHint = {
filePath: string;
line?: number;
column?: number;
};
export type ManifestEntry = {
type: string;
data: string;
};
export type Manifest = {
artifacts?: Record<string, {
metadata?: Record<string, ManifestEntry[]>;
}> & {
metadata?: Record<string, ManifestEntry[]>;
};
};
export type AnalysisSummary = {
totalResources: number;
totalIssues: number;
severityCounts: Record<Severity, number>;
wafIssues: WAFIssueCount;
generatedBy: string;
generatedAt: string;
resourcesWithIssues: number;
percentWithIssues: number;
};
export type SeverityCount = Record<Severity, number>;
export type CreateFindingFunction = (resourceId: string, issue: string, recommendation: string, severity: 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL', wafPillar: WAFPillars, constructPath: string, foundBy: 'cdkNag' | 'cdkInsights') => Issue;
export declare const createFinding: CreateFindingFunction;
export type AWSServiceCheckFunction = (template: CloudFormationStack, createFinding: CreateFindingFunction) => AnalysisResults;
type SolutionsPatternsArgs = {
template: CloudFormationStack;
uriPrefix?: string;
uriContains?: string;
action?: string;
protocol?: string;
registry?: string;
};
export type DetectSolutionsPatterns = (template: CloudFormationStack, registry: Record<string, ConstructMetadata>) => Issue[];
export type AWSSolutionsPatternFunction<Extras extends unknown[] = []> = (template: CloudFormationStack, ...extras: Extras) => boolean;
type SolutionsTuple<K extends keyof SolutionsPatternsArgs> = SolutionsPatternsArgs[K] extends undefined ? [] : [NonNullable<SolutionsPatternsArgs[K]>];
export type SolutionsFunctions<K extends keyof SolutionsPatternsArgs = never> = AWSSolutionsPatternFunction<SolutionsTuple<K>>;
export type TreeNode = {
id: string;
attributes?: {
description?: string;
'aws:cdk:cloudformation:props'?: {
description?: string;
};
};
children?: Record<string, TreeNode>;
constructInfo?: {
fqn: string;
version: string;
metadata?: unknown[];
};
};
export type FlatNode = {
logicalId?: string;
path: string;
fqn?: string;
description?: string;
};
export type AnalysisStatus = 'processing' | 'completed' | 'failed';
export interface AnalysisConfig {
stacks: Record<string, any>;
inlineFindings: any[];
pathToLogicalId: Record<string, string>;
recommendationMapPerStack: Record<string, any>;
assetSourcePaths: Record<string, string>;
output: 'json' | 'table' | 'markdown' | 'summary';
services: string[];
redact: boolean;
withIssue: boolean;
ruleFilter: string[];
failOnCritical: boolean;
aiEnabled: boolean;
githubEnabled: boolean;
}
export {};