UNPKG

tezda-ip-whitelist-cli

Version:

CLI tool to update IP whitelist via AWS Lambda

github.com/tezda/tezda-ip-whitelist-cli

tezda/tezda-ip-whitelist-cli

112 lines (93 loc) 3.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
#!/usr/bin/env node import { Command } from 'commander'; import { resolve as dnsResolve } from 'dns/promises'; import { createLambdaClient, invokeLambda, InvokePayload, LambdaResponse } from './invoke'; import { STSClient, GetCallerIdentityCommand } from '@aws-sdk/client-sts'; /** * Parses and retrieves command-line arguments. */ const program = new Command(); program .name('ip-whitelist-cli') .description('CLI tool to update IP whitelist via AWS Lambda') .version('1.0.0') .option('-p, --profile <profile>', 'AWS profile to use') .option('-r, --region <region>', 'AWS region', 'us-east-1') .parse(process.argv); const options = program.opts(); /** * Retrieves the current caller's identity using AWS STS. * * @param stsClient - An instance of STSClient. * @returns The caller's identity. */ const getCallerIdentity = async (stsClient: STSClient) => { const command = new GetCallerIdentityCommand({}); try { const response = await stsClient.send(command); return response; } catch (error: any) { console.error('Error fetching caller identity:', error.message || error); throw error; } }; /** * The main function orchestrating the CLI tool's operations. */ const main = async () => { const { profile, region } = options; const lambdaClient = createLambdaClient(region, profile); const stsClient = new STSClient({ region, credentials: profile ? undefined : undefined, }); let callerIdentity; try { callerIdentity = await getCallerIdentity(stsClient); const { UserId, Account, Arn } = callerIdentity; console.log(`Caller Identity - UserId: ${UserId}, Account: ${Account}, Arn: ${Arn}`); } catch (error) { process.exit(1); } const arnParts = callerIdentity.Arn?.split('/') || []; const usernameWithDomain = arnParts[arnParts.length - 1]; if (!usernameWithDomain) { console.error('Unable to extract username from ARN.'); process.exit(1); } if (!usernameWithDomain.endsWith('@tezda.com') || !usernameWithDomain.endsWith('@ozb.com')) { console.error('Error: Username must end with @tezda.com or @ozb.com'); process.exit(1); } const [userPrefix] = usernameWithDomain.split('@'); if (!userPrefix) { console.error('Error extracting username prefix.'); process.exit(1); } const constructedHostname = `${userPrefix}-tezda.ddns.net`; console.log(`Constructed hostname: ${constructedHostname}`); let ipAddress: string; try { const addresses = await dnsResolve(constructedHostname); if (addresses.length === 0) { throw new Error(`No IP addresses found for hostname: ${constructedHostname}`); } ipAddress = addresses[0]; console.log(`Resolved IP address for ${constructedHostname}: ${ipAddress}`); } catch (error: any) { console.error('Error resolving hostname:', error.message || error); process.exit(1); } const payload: InvokePayload = { ipAddress, tag: usernameWithDomain, }; const lambdaFunctionName = 'tezda-ip-whitelist-cli-dev-updateIp'; try { await invokeLambda(lambdaClient, lambdaFunctionName, payload); } catch (error: any) { console.error('Failed to invoke Lambda function:', error.message || error); process.exit(1); } }; main();