@cloud-copilot/iam-collect 0.1.68 → 0.1.70
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/cjs/indexing/indexMap.d.ts.map +1 -1
- package/dist/cjs/indexing/indexMap.js +2 -0
- package/dist/cjs/indexing/indexMap.js.map +1 -1
- package/dist/cjs/indexing/indexers/iamPrincipalsToTrustPolicies.d.ts +7 -0
- package/dist/cjs/indexing/indexers/iamPrincipalsToTrustPolicies.d.ts.map +1 -0
- package/dist/cjs/indexing/indexers/iamPrincipalsToTrustPolicies.js +59 -0
- package/dist/cjs/indexing/indexers/iamPrincipalsToTrustPolicies.js.map +1 -0
- package/dist/cjs/syncs/dynamodb/dynamoDbStreams.d.ts +3 -0
- package/dist/cjs/syncs/dynamodb/dynamoDbStreams.d.ts.map +1 -0
- package/dist/cjs/syncs/dynamodb/dynamoDbStreams.js +53 -0
- package/dist/cjs/syncs/dynamodb/dynamoDbStreams.js.map +1 -0
- package/dist/cjs/syncs/dynamodb/tables.d.ts.map +1 -1
- package/dist/cjs/syncs/dynamodb/tables.js +9 -2
- package/dist/cjs/syncs/dynamodb/tables.js.map +1 -1
- package/dist/cjs/syncs/syncMap.d.ts.map +1 -1
- package/dist/cjs/syncs/syncMap.js +2 -0
- package/dist/cjs/syncs/syncMap.js.map +1 -1
- package/dist/esm/indexing/indexMap.d.ts.map +1 -1
- package/dist/esm/indexing/indexMap.js +2 -0
- package/dist/esm/indexing/indexMap.js.map +1 -1
- package/dist/esm/indexing/indexers/iamPrincipalsToTrustPolicies.d.ts +7 -0
- package/dist/esm/indexing/indexers/iamPrincipalsToTrustPolicies.d.ts.map +1 -0
- package/dist/esm/indexing/indexers/iamPrincipalsToTrustPolicies.js +56 -0
- package/dist/esm/indexing/indexers/iamPrincipalsToTrustPolicies.js.map +1 -0
- package/dist/esm/syncs/dynamodb/dynamoDbStreams.d.ts +3 -0
- package/dist/esm/syncs/dynamodb/dynamoDbStreams.d.ts.map +1 -0
- package/dist/esm/syncs/dynamodb/dynamoDbStreams.js +50 -0
- package/dist/esm/syncs/dynamodb/dynamoDbStreams.js.map +1 -0
- package/dist/esm/syncs/dynamodb/tables.d.ts.map +1 -1
- package/dist/esm/syncs/dynamodb/tables.js +9 -2
- package/dist/esm/syncs/dynamodb/tables.js.map +1 -1
- package/dist/esm/syncs/syncMap.d.ts.map +1 -1
- package/dist/esm/syncs/syncMap.js +2 -0
- package/dist/esm/syncs/syncMap.js.map +1 -1
- package/package.json +3 -1
package/README.md
CHANGED
|
@@ -115,6 +115,7 @@ This will show you your data that was downloaded. See the [storage docs](docs/St
|
|
|
115
115
|
| iam | Instance Profiles | arn, name, roles, id, path, tags |
|
|
116
116
|
| apigateway | Rest APIs | id, name, policy, tags |
|
|
117
117
|
| backup | Backup Vaults | name, key arn, tags, policy |
|
|
118
|
+
| dynamodb | Streams | name, arn, region, resource policy |
|
|
118
119
|
| dynamodb | Tables | name, arn, region, tags, resource policy |
|
|
119
120
|
| ecr | Repositories | name, arn, region, tags, resource policy, key id |
|
|
120
121
|
| ecr | Registries | policy |
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"indexMap.d.ts","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAoB,MAAM,gBAAgB,CAAA;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;
|
|
1
|
+
{"version":3,"file":"indexMap.d.ts","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAoB,MAAM,gBAAgB,CAAA;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AAyBtC;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAE5E"}
|
|
@@ -5,10 +5,12 @@ const services_js_1 = require("../services.js");
|
|
|
5
5
|
const accountOrgs_js_1 = require("./indexers/accountOrgs.js");
|
|
6
6
|
const apigateways_js_1 = require("./indexers/apigateways.js");
|
|
7
7
|
const buckets_js_1 = require("./indexers/buckets.js");
|
|
8
|
+
const iamPrincipalsToTrustPolicies_js_1 = require("./indexers/iamPrincipalsToTrustPolicies.js");
|
|
8
9
|
const vpcEndpoints_js_1 = require("./indexers/vpcEndpoints.js");
|
|
9
10
|
const allIndexers = [
|
|
10
11
|
accountOrgs_js_1.AccountOrganizationIndexer,
|
|
11
12
|
apigateways_js_1.ApiGatewayIndexer,
|
|
13
|
+
iamPrincipalsToTrustPolicies_js_1.IamPrincipalsToTrustPoliciesIndexer,
|
|
12
14
|
buckets_js_1.S3BucketIndexer,
|
|
13
15
|
vpcEndpoints_js_1.VpcEndpointIndexer
|
|
14
16
|
];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"indexMap.js","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"indexMap.js","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":";;AAgCA,sDAEC;AAlCD,gDAA6D;AAE7D,8DAAsE;AACtE,8DAA6D;AAC7D,sDAAuD;AACvD,gGAAgG;AAChG,gEAA+D;AAE/D,MAAM,WAAW,GAAmB;IAClC,2CAA0B;IAC1B,kCAAiB;IACjB,qEAAmC;IACnC,4BAAe;IACf,oCAAkB;CACnB,CAAA;AAED,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA0B,CAAA;AAElD,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,IAAA,8BAAgB,EAAC,OAAO,CAAC,UAAU,CAAC,CAAA;IACpD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;IAC3B,CAAC;IACD,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;AACtC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,qBAAqB,CAAC,UAAsB;IAC1D,OAAO,QAAQ,CAAC,GAAG,CAAC,IAAA,8BAAgB,EAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAA;AACzD,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { Indexer } from '../indexer.js';
|
|
2
|
+
interface PrincipalsToTrustPoliciesIndex {
|
|
3
|
+
[key: string]: Partial<Record<'principal' | 'notprincipal', Record<string, string[]>>>;
|
|
4
|
+
}
|
|
5
|
+
export declare const IamPrincipalsToTrustPoliciesIndexer: Indexer<PrincipalsToTrustPoliciesIndex>;
|
|
6
|
+
export {};
|
|
7
|
+
//# sourceMappingURL=iamPrincipalsToTrustPolicies.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iamPrincipalsToTrustPolicies.d.ts","sourceRoot":"","sources":["../../../../src/indexing/indexers/iamPrincipalsToTrustPolicies.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;AAEvC,UAAU,8BAA8B;IACtC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,WAAW,GAAG,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,CAAA;CACvF;AAID,eAAO,MAAM,mCAAmC,EAAE,OAAO,CAAC,8BAA8B,CAiCvF,CAAA"}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.IamPrincipalsToTrustPoliciesIndexer = void 0;
|
|
4
|
+
const iam_policy_1 = require("@cloud-copilot/iam-policy");
|
|
5
|
+
const indexName = 'principals-to-trust-policies';
|
|
6
|
+
exports.IamPrincipalsToTrustPoliciesIndexer = {
|
|
7
|
+
awsService: 'iam',
|
|
8
|
+
name: 'principalsToTrustPolicies',
|
|
9
|
+
getCache: async (storage) => {
|
|
10
|
+
const data = await storage.getIndex(indexName, {});
|
|
11
|
+
return data;
|
|
12
|
+
},
|
|
13
|
+
saveCache: async (storage, cache, lockId) => {
|
|
14
|
+
return storage.saveIndex(indexName, cache, lockId);
|
|
15
|
+
},
|
|
16
|
+
updateCache: async (existingCache, accountId, regions, storage) => {
|
|
17
|
+
// Delete any existing record for the account
|
|
18
|
+
existingCache[accountId] = {};
|
|
19
|
+
// Get all the trust policies for the account
|
|
20
|
+
const roles = await storage.findResourceMetadata(accountId, {
|
|
21
|
+
service: 'iam',
|
|
22
|
+
resourceType: 'role',
|
|
23
|
+
account: accountId
|
|
24
|
+
});
|
|
25
|
+
for (const role of roles) {
|
|
26
|
+
const trustPolicy = await storage.getResourceMetadata(accountId, role.arn, 'trust-policy');
|
|
27
|
+
if (trustPolicy) {
|
|
28
|
+
const parsedPolicy = (0, iam_policy_1.loadPolicy)(trustPolicy);
|
|
29
|
+
updateCacheForPolicy(existingCache, accountId, role.arn, parsedPolicy);
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
}
|
|
33
|
+
};
|
|
34
|
+
function updateCacheForPolicy(cache, accountId, roleArn, policy) {
|
|
35
|
+
for (const statement of policy.statements()) {
|
|
36
|
+
if (statement.isAllow()) {
|
|
37
|
+
if (statement.isPrincipalStatement()) {
|
|
38
|
+
for (const principal of statement.principals()) {
|
|
39
|
+
updateCacheForPrincipal(cache, accountId, roleArn, 'principal', principal.value());
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
else if (statement.isNotPrincipalStatement()) {
|
|
43
|
+
for (const principal of statement.notPrincipals()) {
|
|
44
|
+
updateCacheForPrincipal(cache, accountId, roleArn, 'notprincipal', principal.value());
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
function updateCacheForPrincipal(cache, accountId, roleArn, type, principal) {
|
|
51
|
+
if (!cache[accountId][type]) {
|
|
52
|
+
cache[accountId][type] = {};
|
|
53
|
+
}
|
|
54
|
+
if (!cache[accountId][type][principal]) {
|
|
55
|
+
cache[accountId][type][principal] = [];
|
|
56
|
+
}
|
|
57
|
+
cache[accountId][type][principal].push(roleArn);
|
|
58
|
+
}
|
|
59
|
+
//# sourceMappingURL=iamPrincipalsToTrustPolicies.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iamPrincipalsToTrustPolicies.js","sourceRoot":"","sources":["../../../../src/indexing/indexers/iamPrincipalsToTrustPolicies.ts"],"names":[],"mappings":";;;AAAA,0DAA8D;AAO9D,MAAM,SAAS,GAAG,8BAA8B,CAAA;AAEnC,QAAA,mCAAmC,GAA4C;IAC1F,UAAU,EAAE,KAAK;IACjB,IAAI,EAAE,2BAA2B;IACjC,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAC1B,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;QAClD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE;QAC1C,OAAO,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAA;IACpD,CAAC;IACD,WAAW,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE;QAChE,6CAA6C;QAC7C,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,CAAA;QAE7B,6CAA6C;QAC7C,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,oBAAoB,CAAkB,SAAS,EAAE;YAC3E,OAAO,EAAE,KAAK;YACd,YAAY,EAAE,MAAM;YACpB,OAAO,EAAE,SAAS;SACnB,CAAC,CAAA;QAEF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,mBAAmB,CACnD,SAAS,EACT,IAAI,CAAC,GAAG,EACR,cAAc,CACf,CAAA;YACD,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,YAAY,GAAG,IAAA,uBAAU,EAAC,WAAW,CAAC,CAAA;gBAC5C,oBAAoB,CAAC,aAAa,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YACxE,CAAC;QACH,CAAC;IACH,CAAC;CACF,CAAA;AAED,SAAS,oBAAoB,CAC3B,KAAqC,EACrC,SAAiB,EACjB,OAAe,EACf,MAAc;IAEd,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;QAC5C,IAAI,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;YACxB,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;gBACrC,KAAK,MAAM,SAAS,IAAI,SAAS,CAAC,UAAU,EAAE,EAAE,CAAC;oBAC/C,uBAAuB,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAA;gBACpF,CAAC;YACH,CAAC;iBAAM,IAAI,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC;gBAC/C,KAAK,MAAM,SAAS,IAAI,SAAS,CAAC,aAAa,EAAE,EAAE,CAAC;oBAClD,uBAAuB,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,cAAc,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAA;gBACvF,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAC9B,KAAqC,EACrC,SAAiB,EACjB,OAAe,EACf,IAAkC,EAClC,SAAiB;IAEjB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAA;IAC7B,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,GAAG,EAAE,CAAA;IACxC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;AACjD,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dynamoDbStreams.d.ts","sourceRoot":"","sources":["../../../../src/syncs/dynamodb/dynamoDbStreams.ts"],"names":[],"mappings":"AAKA,OAAO,EAAc,IAAI,EAAY,MAAM,YAAY,CAAA;AAGvD,eAAO,MAAM,mBAAmB,EAAE,IAwDjC,CAAA"}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.DynamoDbStreamsSync = void 0;
|
|
4
|
+
const client_dynamodb_1 = require("@aws-sdk/client-dynamodb");
|
|
5
|
+
const client_dynamodb_streams_1 = require("@aws-sdk/client-dynamodb-streams");
|
|
6
|
+
const ClientPool_js_1 = require("../../aws/ClientPool.js");
|
|
7
|
+
const client_tools_js_1 = require("../../utils/client-tools.js");
|
|
8
|
+
const json_js_1 = require("../../utils/json.js");
|
|
9
|
+
const sync_js_1 = require("../sync.js");
|
|
10
|
+
const typedSync_js_1 = require("../typedSync.js");
|
|
11
|
+
exports.DynamoDbStreamsSync = {
|
|
12
|
+
awsService: 'dynamodb',
|
|
13
|
+
name: 'dynamoDbStreams',
|
|
14
|
+
execute: async (accountId, region, credentials, storage, endpoint, syncOptions) => {
|
|
15
|
+
const streamsClient = ClientPool_js_1.AwsClientPool.defaultInstance.client(client_dynamodb_streams_1.DynamoDBStreamsClient, credentials, region, endpoint);
|
|
16
|
+
const dynamoClient = ClientPool_js_1.AwsClientPool.defaultInstance.client(client_dynamodb_1.DynamoDBClient, credentials, region, endpoint);
|
|
17
|
+
const allStreams = await (0, typedSync_js_1.paginateResource)(streamsClient, client_dynamodb_streams_1.ListStreamsCommand, 'Streams', {
|
|
18
|
+
inputKey: 'ExclusiveStartStreamArn',
|
|
19
|
+
outputKey: 'LastEvaluatedStreamArn'
|
|
20
|
+
});
|
|
21
|
+
const streams = [];
|
|
22
|
+
for (const stream of allStreams) {
|
|
23
|
+
const streamArn = stream.StreamArn;
|
|
24
|
+
const tableName = streamArn.split('/')[1];
|
|
25
|
+
const policy = await (0, client_tools_js_1.runAndCatchError)('PolicyNotFoundException', async () => {
|
|
26
|
+
const result = await dynamoClient.send(new client_dynamodb_1.GetResourcePolicyCommand({ ResourceArn: streamArn }));
|
|
27
|
+
return (0, json_js_1.parseIfPresent)(result.Policy);
|
|
28
|
+
});
|
|
29
|
+
streams.push({
|
|
30
|
+
arn: streamArn,
|
|
31
|
+
metadata: {
|
|
32
|
+
arn: streamArn,
|
|
33
|
+
label: stream.StreamLabel,
|
|
34
|
+
tableName,
|
|
35
|
+
stream: 'true'
|
|
36
|
+
},
|
|
37
|
+
policy
|
|
38
|
+
});
|
|
39
|
+
}
|
|
40
|
+
await (0, sync_js_1.syncData)(streams, storage, accountId, {
|
|
41
|
+
// Stream ARNS start with the table ARN, so we use table as the resource type
|
|
42
|
+
// and then set the metadata to indicate that this is a stream resource
|
|
43
|
+
service: 'dynamodb',
|
|
44
|
+
resourceType: 'table',
|
|
45
|
+
account: accountId,
|
|
46
|
+
region: region,
|
|
47
|
+
metadata: {
|
|
48
|
+
stream: 'true'
|
|
49
|
+
}
|
|
50
|
+
});
|
|
51
|
+
}
|
|
52
|
+
};
|
|
53
|
+
//# sourceMappingURL=dynamoDbStreams.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dynamoDbStreams.js","sourceRoot":"","sources":["../../../../src/syncs/dynamodb/dynamoDbStreams.ts"],"names":[],"mappings":";;;AAAA,8DAAmF;AACnF,8EAA4F;AAC5F,2DAAuD;AACvD,iEAA8D;AAC9D,iDAAoD;AACpD,wCAAuD;AACvD,kDAAkD;AAErC,QAAA,mBAAmB,GAAS;IACvC,UAAU,EAAE,UAAU;IACtB,IAAI,EAAE,iBAAiB;IACvB,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE;QAChF,MAAM,aAAa,GAAG,6BAAa,CAAC,eAAe,CAAC,MAAM,CACxD,+CAAqB,EACrB,WAAW,EACX,MAAM,EACN,QAAQ,CACT,CAAA;QACD,MAAM,YAAY,GAAG,6BAAa,CAAC,eAAe,CAAC,MAAM,CACvD,gCAAc,EACd,WAAW,EACX,MAAM,EACN,QAAQ,CACT,CAAA;QAED,MAAM,UAAU,GAAG,MAAM,IAAA,+BAAgB,EAAC,aAAa,EAAE,4CAAkB,EAAE,SAAS,EAAE;YACtF,QAAQ,EAAE,yBAAyB;YACnC,SAAS,EAAE,wBAAwB;SACpC,CAAC,CAAA;QAEF,MAAM,OAAO,GAAiB,EAAE,CAAA;QAChC,KAAK,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC;YAChC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAU,CAAA;YACnC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACzC,MAAM,MAAM,GAAG,MAAM,IAAA,kCAAgB,EAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;gBAC1E,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,CACpC,IAAI,0CAAwB,CAAC,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC,CACzD,CAAA;gBACD,OAAO,IAAA,wBAAc,EAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YACtC,CAAC,CAAC,CAAA;YACF,OAAO,CAAC,IAAI,CAAC;gBACX,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE;oBACR,GAAG,EAAE,SAAS;oBACd,KAAK,EAAE,MAAM,CAAC,WAAW;oBACzB,SAAS;oBACT,MAAM,EAAE,MAAM;iBACf;gBACD,MAAM;aACP,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,IAAA,kBAAQ,EAAC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE;YAC1C,6EAA6E;YAC7E,uEAAuE;YACvE,OAAO,EAAE,UAAU;YACnB,YAAY,EAAE,OAAO;YACrB,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE;gBACR,MAAM,EAAE,MAAM;aACf;SACF,CAAC,CAAA;IACJ,CAAC;CACF,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tables.d.ts","sourceRoot":"","sources":["../../../../src/syncs/dynamodb/tables.ts"],"names":[],"mappings":"AAUA;;GAEG;AACH,eAAO,MAAM,iBAAiB,
|
|
1
|
+
{"version":3,"file":"tables.d.ts","sourceRoot":"","sources":["../../../../src/syncs/dynamodb/tables.ts"],"names":[],"mappings":"AAUA;;GAEG;AACH,eAAO,MAAM,iBAAiB,2BAmE7B,CAAA"}
|
|
@@ -20,7 +20,13 @@ exports.DynamoDBTableSync = (0, typedSync_js_1.createTypedSyncOperation)('dynamo
|
|
|
20
20
|
service: 'dynamodb',
|
|
21
21
|
resourceType: 'table',
|
|
22
22
|
account: accountId,
|
|
23
|
-
region: region
|
|
23
|
+
region: region,
|
|
24
|
+
metadata: {
|
|
25
|
+
// We set this to true to indicate that this is a table resource
|
|
26
|
+
// and not a stream resource. This is important for the
|
|
27
|
+
// DynamoDBTableSync to work correctly.
|
|
28
|
+
table: 'true'
|
|
29
|
+
}
|
|
24
30
|
}),
|
|
25
31
|
extraFields: {
|
|
26
32
|
policy: async (client, table, accountId, region, partition) => {
|
|
@@ -50,7 +56,8 @@ exports.DynamoDBTableSync = (0, typedSync_js_1.createTypedSyncOperation)('dynamo
|
|
|
50
56
|
arn: (table, region, accountId, partition) => tableArn(partition, region, accountId, table.name),
|
|
51
57
|
results: (table) => ({
|
|
52
58
|
metadata: {
|
|
53
|
-
name: table.name
|
|
59
|
+
name: table.name,
|
|
60
|
+
table: 'true'
|
|
54
61
|
},
|
|
55
62
|
policy: table.extraFields.policy
|
|
56
63
|
})
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tables.js","sourceRoot":"","sources":["../../../../src/syncs/dynamodb/tables.ts"],"names":[],"mappings":";;;AAAA,8DAKiC;AACjC,iEAA8E;AAC9E,iDAAyD;AACzD,kDAAoG;AAEpG;;GAEG;AACU,QAAA,iBAAiB,GAAG,IAAA,uCAAwB,EACvD,UAAU,EACV,QAAQ,EACR,IAAA,qCAAsB,EAAC;IACrB,MAAM,EAAE,gCAAc;IACtB,OAAO,EAAE,mCAAiB;IAC1B,GAAG,EAAE,YAAY;IACjB,gBAAgB,EAAE;QAChB,QAAQ,EAAE,yBAAyB;QACnC,SAAS,EAAE,wBAAwB;KACpC;IACD,iBAAiB,EAAE,CAAC,SAAiB,EAAE,MAAc,EAAE,EAAE,CAAC,CAAC;QACzD,OAAO,EAAE,UAAU;QACnB,YAAY,EAAE,OAAO;QACrB,OAAO,EAAE,SAAS;QAClB,MAAM,EAAE,MAAM;
|
|
1
|
+
{"version":3,"file":"tables.js","sourceRoot":"","sources":["../../../../src/syncs/dynamodb/tables.ts"],"names":[],"mappings":";;;AAAA,8DAKiC;AACjC,iEAA8E;AAC9E,iDAAyD;AACzD,kDAAoG;AAEpG;;GAEG;AACU,QAAA,iBAAiB,GAAG,IAAA,uCAAwB,EACvD,UAAU,EACV,QAAQ,EACR,IAAA,qCAAsB,EAAC;IACrB,MAAM,EAAE,gCAAc;IACtB,OAAO,EAAE,mCAAiB;IAC1B,GAAG,EAAE,YAAY;IACjB,gBAAgB,EAAE;QAChB,QAAQ,EAAE,yBAAyB;QACnC,SAAS,EAAE,wBAAwB;KACpC;IACD,iBAAiB,EAAE,CAAC,SAAiB,EAAE,MAAc,EAAE,EAAE,CAAC,CAAC;QACzD,OAAO,EAAE,UAAU;QACnB,YAAY,EAAE,OAAO;QACrB,OAAO,EAAE,SAAS;QAClB,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE;YACR,gEAAgE;YAChE,uDAAuD;YACvD,uCAAuC;YACvC,KAAK,EAAE,MAAM;SACd;KACF,CAAC;IACF,WAAW,EAAE;QACX,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE;YAC5D,OAAO,IAAA,kCAAgB,EAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;gBAC5D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAChC,IAAI,0CAAwB,CAAC;oBAC3B,WAAW,EAAE,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC;iBAChE,CAAC,CACH,CAAA;gBACD,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;oBACpB,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;gBACpC,CAAC;gBACD,OAAO,SAAS,CAAA;YAClB,CAAC,CAAC,CAAA;QACJ,CAAC;QACD,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE;YAC1D,OAAO,IAAA,gCAAc,EAAC,KAAK,IAAI,EAAE;gBAC/B,MAAM,QAAQ,GAAG,MAAM,IAAA,+BAAgB,EACrC,MAAM,EACN,2CAAyB,EACzB,MAAM,EACN;oBACE,QAAQ,EAAE,WAAW;oBACrB,SAAS,EAAE,WAAW;iBACvB,EACD;oBACE,WAAW,EAAE,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC;iBAChE,CACF,CAAA;gBAED,OAAO,IAAA,6BAAmB,EAAC,QAAQ,CAAC,CAAA;YACtC,CAAC,CAAC,CAAA;QACJ,CAAC;KACF;IACD,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI;IACvC,GAAG,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,CAC3C,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC;IACpD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnB,QAAQ,EAAE;YACR,IAAI,EAAE,KAAK,CAAC,IAAK;YACjB,KAAK,EAAE,MAAM;SACd;QACD,MAAM,EAAE,KAAK,CAAC,WAAW,CAAC,MAAM;KACjC,CAAC;CACH,CAAC,CACH,CAAA;AAED;;;;;;;;GAQG;AACH,SAAS,QAAQ,CAAC,SAAiB,EAAE,MAAc,EAAE,SAAiB,EAAE,SAAiB;IACvF,OAAO,OAAO,SAAS,aAAa,MAAM,IAAI,SAAS,UAAU,SAAS,EAAE,CAAA;AAC9E,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"syncMap.d.ts","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAoB,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"syncMap.d.ts","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAoB,MAAM,gBAAgB,CAAA;AA2B7D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAkDhC;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,EAAE,CAMpE;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,EAAE,CAMtE"}
|
|
@@ -5,6 +5,7 @@ exports.getRegionalSyncsForService = getRegionalSyncsForService;
|
|
|
5
5
|
const services_js_1 = require("../services.js");
|
|
6
6
|
const gateways_js_1 = require("./apigateway/gateways.js");
|
|
7
7
|
const backupVaults_js_1 = require("./backup/backupVaults.js");
|
|
8
|
+
const dynamoDbStreams_js_1 = require("./dynamodb/dynamoDbStreams.js");
|
|
8
9
|
const tables_js_1 = require("./dynamodb/tables.js");
|
|
9
10
|
const vpcEndpoints_js_1 = require("./ec2/vpcEndpoints.js");
|
|
10
11
|
const ecrSyncs_js_1 = require("./ecr/ecrSyncs.js");
|
|
@@ -32,6 +33,7 @@ const allSyncs = [
|
|
|
32
33
|
accountBpa_js_1.AccountS3BpaSync,
|
|
33
34
|
authorizationDetails_js_1.AuthorizationDetailsSync,
|
|
34
35
|
backupVaults_js_1.BackupVaultsSync,
|
|
36
|
+
dynamoDbStreams_js_1.DynamoDbStreamsSync,
|
|
35
37
|
tables_js_1.DynamoDBTableSync,
|
|
36
38
|
...ecrSyncs_js_1.EcrSyncs,
|
|
37
39
|
fileSystems_js_1.ElasticFileSystemsSync,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"syncMap.js","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"syncMap.js","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":";;AAmFA,4DAMC;AAQD,gEAMC;AAvGD,gDAA6D;AAC7D,0DAAuD;AACvD,8DAA2D;AAC3D,sEAAmE;AACnE,oDAAwD;AACxD,2DAAwD;AACxD,mDAA4C;AAC5C,yDAA6D;AAC7D,oDAAoD;AACpD,2EAAwE;AACxE,qEAAkE;AAClE,mEAAgE;AAChE,yCAAsC;AACtC,kDAAwE;AACxE,uEAAmE;AACnE,qDAAqD;AACrD,0DAAyD;AACzD,sDAAqD;AACrD,gDAA4D;AAC5D,gFAA+E;AAC/E,8CAAkD;AAClD,qFAA8E;AAC9E,gEAA+D;AAC/D,4DAAwD;AACxD,+CAA+C;AAC/C,+CAA8C;AAC9C,2DAAmD;AAGnD,MAAM,QAAQ,GAAG;IACf,gCAAgB;IAChB,kDAAwB;IACxB,kCAAgB;IAChB,wCAAmB;IACnB,6BAAiB;IACjB,GAAG,sBAAQ;IACX,uCAAsB;IACtB,0CAAoB;IACpB,GAAG,4CAAqB;IACxB,6BAAiB;IACjB,6BAAe;IACf,gBAAO;IACP,sBAAU;IACV,mCAAuB;IACvB,mCAAgB;IAChB,+BAAgB;IAChB,0BAAY;IACZ,oCAAkB;IAClB,kDAAsB;IACtB,uCAA0B;IAC1B,0DAA6B;IAC7B,oCAAkB;IAClB,uBAAU;IACV,yBAAa;IACb,wBAAY;IACZ,6BAAW;IACX,kCAAgB;CACjB,CAAA;AAED,MAAM,OAAO,GAAG,IAAI,GAAG,EAAoD,CAAA;AAE3E,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAG,IAAA,8BAAgB,EAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACjD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE;YACnB,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,EAAE;SACX,CAAC,CAAA;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;IACnC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAgB,wBAAwB,CAAC,OAAmB;IAC1D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAA,8BAAgB,EAAC,OAAO,CAAC,CAAC,CAAA;IACpD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,0BAA0B,CAAC,OAAmB;IAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,IAAA,8BAAgB,EAAC,OAAO,CAAC,CAAC,CAAA;IACpD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,KAAK,CAAC,QAAQ,CAAA;AACvB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"indexMap.d.ts","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAoB,MAAM,gBAAgB,CAAA;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;
|
|
1
|
+
{"version":3,"file":"indexMap.d.ts","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAoB,MAAM,gBAAgB,CAAA;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AAyBtC;;;;;GAKG;AACH,wBAAgB,qBAAqB,CAAC,UAAU,EAAE,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,EAAE,CAE5E"}
|
|
@@ -2,10 +2,12 @@ import { lowerCaseService } from '../services.js';
|
|
|
2
2
|
import { AccountOrganizationIndexer } from './indexers/accountOrgs.js';
|
|
3
3
|
import { ApiGatewayIndexer } from './indexers/apigateways.js';
|
|
4
4
|
import { S3BucketIndexer } from './indexers/buckets.js';
|
|
5
|
+
import { IamPrincipalsToTrustPoliciesIndexer } from './indexers/iamPrincipalsToTrustPolicies.js';
|
|
5
6
|
import { VpcEndpointIndexer } from './indexers/vpcEndpoints.js';
|
|
6
7
|
const allIndexers = [
|
|
7
8
|
AccountOrganizationIndexer,
|
|
8
9
|
ApiGatewayIndexer,
|
|
10
|
+
IamPrincipalsToTrustPoliciesIndexer,
|
|
9
11
|
S3BucketIndexer,
|
|
10
12
|
VpcEndpointIndexer
|
|
11
13
|
];
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"indexMap.js","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAE7D,OAAO,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAA;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAA;AAE/D,MAAM,WAAW,GAAmB;IAClC,0BAA0B;IAC1B,iBAAiB;IACjB,eAAe;IACf,kBAAkB;CACnB,CAAA;AAED,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA0B,CAAA;AAElD,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;IACpD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;IAC3B,CAAC;IACD,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;AACtC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAsB;IAC1D,OAAO,QAAQ,CAAC,GAAG,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAA;AACzD,CAAC"}
|
|
1
|
+
{"version":3,"file":"indexMap.js","sourceRoot":"","sources":["../../../src/indexing/indexMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAE7D,OAAO,EAAE,0BAA0B,EAAE,MAAM,2BAA2B,CAAA;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,OAAO,EAAE,mCAAmC,EAAE,MAAM,4CAA4C,CAAA;AAChG,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAA;AAE/D,MAAM,WAAW,GAAmB;IAClC,0BAA0B;IAC1B,iBAAiB;IACjB,mCAAmC;IACnC,eAAe;IACf,kBAAkB;CACnB,CAAA;AAED,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA0B,CAAA;AAElD,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;IACpD,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAA;IAC3B,CAAC;IACD,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;AACtC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,qBAAqB,CAAC,UAAsB;IAC1D,OAAO,QAAQ,CAAC,GAAG,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAA;AACzD,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import { Indexer } from '../indexer.js';
|
|
2
|
+
interface PrincipalsToTrustPoliciesIndex {
|
|
3
|
+
[key: string]: Partial<Record<'principal' | 'notprincipal', Record<string, string[]>>>;
|
|
4
|
+
}
|
|
5
|
+
export declare const IamPrincipalsToTrustPoliciesIndexer: Indexer<PrincipalsToTrustPoliciesIndex>;
|
|
6
|
+
export {};
|
|
7
|
+
//# sourceMappingURL=iamPrincipalsToTrustPolicies.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iamPrincipalsToTrustPolicies.d.ts","sourceRoot":"","sources":["../../../../src/indexing/indexers/iamPrincipalsToTrustPolicies.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;AAEvC,UAAU,8BAA8B;IACtC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,WAAW,GAAG,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,CAAA;CACvF;AAID,eAAO,MAAM,mCAAmC,EAAE,OAAO,CAAC,8BAA8B,CAiCvF,CAAA"}
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
import { loadPolicy } from '@cloud-copilot/iam-policy';
|
|
2
|
+
const indexName = 'principals-to-trust-policies';
|
|
3
|
+
export const IamPrincipalsToTrustPoliciesIndexer = {
|
|
4
|
+
awsService: 'iam',
|
|
5
|
+
name: 'principalsToTrustPolicies',
|
|
6
|
+
getCache: async (storage) => {
|
|
7
|
+
const data = await storage.getIndex(indexName, {});
|
|
8
|
+
return data;
|
|
9
|
+
},
|
|
10
|
+
saveCache: async (storage, cache, lockId) => {
|
|
11
|
+
return storage.saveIndex(indexName, cache, lockId);
|
|
12
|
+
},
|
|
13
|
+
updateCache: async (existingCache, accountId, regions, storage) => {
|
|
14
|
+
// Delete any existing record for the account
|
|
15
|
+
existingCache[accountId] = {};
|
|
16
|
+
// Get all the trust policies for the account
|
|
17
|
+
const roles = await storage.findResourceMetadata(accountId, {
|
|
18
|
+
service: 'iam',
|
|
19
|
+
resourceType: 'role',
|
|
20
|
+
account: accountId
|
|
21
|
+
});
|
|
22
|
+
for (const role of roles) {
|
|
23
|
+
const trustPolicy = await storage.getResourceMetadata(accountId, role.arn, 'trust-policy');
|
|
24
|
+
if (trustPolicy) {
|
|
25
|
+
const parsedPolicy = loadPolicy(trustPolicy);
|
|
26
|
+
updateCacheForPolicy(existingCache, accountId, role.arn, parsedPolicy);
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
};
|
|
31
|
+
function updateCacheForPolicy(cache, accountId, roleArn, policy) {
|
|
32
|
+
for (const statement of policy.statements()) {
|
|
33
|
+
if (statement.isAllow()) {
|
|
34
|
+
if (statement.isPrincipalStatement()) {
|
|
35
|
+
for (const principal of statement.principals()) {
|
|
36
|
+
updateCacheForPrincipal(cache, accountId, roleArn, 'principal', principal.value());
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
else if (statement.isNotPrincipalStatement()) {
|
|
40
|
+
for (const principal of statement.notPrincipals()) {
|
|
41
|
+
updateCacheForPrincipal(cache, accountId, roleArn, 'notprincipal', principal.value());
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
}
|
|
47
|
+
function updateCacheForPrincipal(cache, accountId, roleArn, type, principal) {
|
|
48
|
+
if (!cache[accountId][type]) {
|
|
49
|
+
cache[accountId][type] = {};
|
|
50
|
+
}
|
|
51
|
+
if (!cache[accountId][type][principal]) {
|
|
52
|
+
cache[accountId][type][principal] = [];
|
|
53
|
+
}
|
|
54
|
+
cache[accountId][type][principal].push(roleArn);
|
|
55
|
+
}
|
|
56
|
+
//# sourceMappingURL=iamPrincipalsToTrustPolicies.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iamPrincipalsToTrustPolicies.js","sourceRoot":"","sources":["../../../../src/indexing/indexers/iamPrincipalsToTrustPolicies.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAU,MAAM,2BAA2B,CAAA;AAO9D,MAAM,SAAS,GAAG,8BAA8B,CAAA;AAEhD,MAAM,CAAC,MAAM,mCAAmC,GAA4C;IAC1F,UAAU,EAAE,KAAK;IACjB,IAAI,EAAE,2BAA2B;IACjC,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAC1B,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;QAClD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,SAAS,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE;QAC1C,OAAO,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAA;IACpD,CAAC;IACD,WAAW,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,EAAE;QAChE,6CAA6C;QAC7C,aAAa,CAAC,SAAS,CAAC,GAAG,EAAE,CAAA;QAE7B,6CAA6C;QAC7C,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,oBAAoB,CAAkB,SAAS,EAAE;YAC3E,OAAO,EAAE,KAAK;YACd,YAAY,EAAE,MAAM;YACpB,OAAO,EAAE,SAAS;SACnB,CAAC,CAAA;QAEF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,mBAAmB,CACnD,SAAS,EACT,IAAI,CAAC,GAAG,EACR,cAAc,CACf,CAAA;YACD,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,YAAY,GAAG,UAAU,CAAC,WAAW,CAAC,CAAA;gBAC5C,oBAAoB,CAAC,aAAa,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAA;YACxE,CAAC;QACH,CAAC;IACH,CAAC;CACF,CAAA;AAED,SAAS,oBAAoB,CAC3B,KAAqC,EACrC,SAAiB,EACjB,OAAe,EACf,MAAc;IAEd,KAAK,MAAM,SAAS,IAAI,MAAM,CAAC,UAAU,EAAE,EAAE,CAAC;QAC5C,IAAI,SAAS,CAAC,OAAO,EAAE,EAAE,CAAC;YACxB,IAAI,SAAS,CAAC,oBAAoB,EAAE,EAAE,CAAC;gBACrC,KAAK,MAAM,SAAS,IAAI,SAAS,CAAC,UAAU,EAAE,EAAE,CAAC;oBAC/C,uBAAuB,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAA;gBACpF,CAAC;YACH,CAAC;iBAAM,IAAI,SAAS,CAAC,uBAAuB,EAAE,EAAE,CAAC;gBAC/C,KAAK,MAAM,SAAS,IAAI,SAAS,CAAC,aAAa,EAAE,EAAE,CAAC;oBAClD,uBAAuB,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,cAAc,EAAE,SAAS,CAAC,KAAK,EAAE,CAAC,CAAA;gBACvF,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,uBAAuB,CAC9B,KAAqC,EACrC,SAAiB,EACjB,OAAe,EACf,IAAkC,EAClC,SAAiB;IAEjB,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAA;IAC7B,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,GAAG,EAAE,CAAA;IACxC,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;AACjD,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dynamoDbStreams.d.ts","sourceRoot":"","sources":["../../../../src/syncs/dynamodb/dynamoDbStreams.ts"],"names":[],"mappings":"AAKA,OAAO,EAAc,IAAI,EAAY,MAAM,YAAY,CAAA;AAGvD,eAAO,MAAM,mBAAmB,EAAE,IAwDjC,CAAA"}
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
import { DynamoDBClient, GetResourcePolicyCommand } from '@aws-sdk/client-dynamodb';
|
|
2
|
+
import { DynamoDBStreamsClient, ListStreamsCommand } from '@aws-sdk/client-dynamodb-streams';
|
|
3
|
+
import { AwsClientPool } from '../../aws/ClientPool.js';
|
|
4
|
+
import { runAndCatchError } from '../../utils/client-tools.js';
|
|
5
|
+
import { parseIfPresent } from '../../utils/json.js';
|
|
6
|
+
import { syncData } from '../sync.js';
|
|
7
|
+
import { paginateResource } from '../typedSync.js';
|
|
8
|
+
export const DynamoDbStreamsSync = {
|
|
9
|
+
awsService: 'dynamodb',
|
|
10
|
+
name: 'dynamoDbStreams',
|
|
11
|
+
execute: async (accountId, region, credentials, storage, endpoint, syncOptions) => {
|
|
12
|
+
const streamsClient = AwsClientPool.defaultInstance.client(DynamoDBStreamsClient, credentials, region, endpoint);
|
|
13
|
+
const dynamoClient = AwsClientPool.defaultInstance.client(DynamoDBClient, credentials, region, endpoint);
|
|
14
|
+
const allStreams = await paginateResource(streamsClient, ListStreamsCommand, 'Streams', {
|
|
15
|
+
inputKey: 'ExclusiveStartStreamArn',
|
|
16
|
+
outputKey: 'LastEvaluatedStreamArn'
|
|
17
|
+
});
|
|
18
|
+
const streams = [];
|
|
19
|
+
for (const stream of allStreams) {
|
|
20
|
+
const streamArn = stream.StreamArn;
|
|
21
|
+
const tableName = streamArn.split('/')[1];
|
|
22
|
+
const policy = await runAndCatchError('PolicyNotFoundException', async () => {
|
|
23
|
+
const result = await dynamoClient.send(new GetResourcePolicyCommand({ ResourceArn: streamArn }));
|
|
24
|
+
return parseIfPresent(result.Policy);
|
|
25
|
+
});
|
|
26
|
+
streams.push({
|
|
27
|
+
arn: streamArn,
|
|
28
|
+
metadata: {
|
|
29
|
+
arn: streamArn,
|
|
30
|
+
label: stream.StreamLabel,
|
|
31
|
+
tableName,
|
|
32
|
+
stream: 'true'
|
|
33
|
+
},
|
|
34
|
+
policy
|
|
35
|
+
});
|
|
36
|
+
}
|
|
37
|
+
await syncData(streams, storage, accountId, {
|
|
38
|
+
// Stream ARNS start with the table ARN, so we use table as the resource type
|
|
39
|
+
// and then set the metadata to indicate that this is a stream resource
|
|
40
|
+
service: 'dynamodb',
|
|
41
|
+
resourceType: 'table',
|
|
42
|
+
account: accountId,
|
|
43
|
+
region: region,
|
|
44
|
+
metadata: {
|
|
45
|
+
stream: 'true'
|
|
46
|
+
}
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
};
|
|
50
|
+
//# sourceMappingURL=dynamoDbStreams.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"dynamoDbStreams.js","sourceRoot":"","sources":["../../../../src/syncs/dynamodb/dynamoDbStreams.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,wBAAwB,EAAE,MAAM,0BAA0B,CAAA;AACnF,OAAO,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,MAAM,kCAAkC,CAAA;AAC5F,OAAO,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAA;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAA;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AACpD,OAAO,EAAoB,QAAQ,EAAE,MAAM,YAAY,CAAA;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAElD,MAAM,CAAC,MAAM,mBAAmB,GAAS;IACvC,UAAU,EAAE,UAAU;IACtB,IAAI,EAAE,iBAAiB;IACvB,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE;QAChF,MAAM,aAAa,GAAG,aAAa,CAAC,eAAe,CAAC,MAAM,CACxD,qBAAqB,EACrB,WAAW,EACX,MAAM,EACN,QAAQ,CACT,CAAA;QACD,MAAM,YAAY,GAAG,aAAa,CAAC,eAAe,CAAC,MAAM,CACvD,cAAc,EACd,WAAW,EACX,MAAM,EACN,QAAQ,CACT,CAAA;QAED,MAAM,UAAU,GAAG,MAAM,gBAAgB,CAAC,aAAa,EAAE,kBAAkB,EAAE,SAAS,EAAE;YACtF,QAAQ,EAAE,yBAAyB;YACnC,SAAS,EAAE,wBAAwB;SACpC,CAAC,CAAA;QAEF,MAAM,OAAO,GAAiB,EAAE,CAAA;QAChC,KAAK,MAAM,MAAM,IAAI,UAAU,EAAE,CAAC;YAChC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAU,CAAA;YACnC,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;YACzC,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;gBAC1E,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,CACpC,IAAI,wBAAwB,CAAC,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC,CACzD,CAAA;gBACD,OAAO,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;YACtC,CAAC,CAAC,CAAA;YACF,OAAO,CAAC,IAAI,CAAC;gBACX,GAAG,EAAE,SAAS;gBACd,QAAQ,EAAE;oBACR,GAAG,EAAE,SAAS;oBACd,KAAK,EAAE,MAAM,CAAC,WAAW;oBACzB,SAAS;oBACT,MAAM,EAAE,MAAM;iBACf;gBACD,MAAM;aACP,CAAC,CAAA;QACJ,CAAC;QAED,MAAM,QAAQ,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE;YAC1C,6EAA6E;YAC7E,uEAAuE;YACvE,OAAO,EAAE,UAAU;YACnB,YAAY,EAAE,OAAO;YACrB,OAAO,EAAE,SAAS;YAClB,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE;gBACR,MAAM,EAAE,MAAM;aACf;SACF,CAAC,CAAA;IACJ,CAAC;CACF,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tables.d.ts","sourceRoot":"","sources":["../../../../src/syncs/dynamodb/tables.ts"],"names":[],"mappings":"AAUA;;GAEG;AACH,eAAO,MAAM,iBAAiB,
|
|
1
|
+
{"version":3,"file":"tables.d.ts","sourceRoot":"","sources":["../../../../src/syncs/dynamodb/tables.ts"],"names":[],"mappings":"AAUA;;GAEG;AACH,eAAO,MAAM,iBAAiB,2BAmE7B,CAAA"}
|
|
@@ -17,7 +17,13 @@ export const DynamoDBTableSync = createTypedSyncOperation('dynamodb', 'tables',
|
|
|
17
17
|
service: 'dynamodb',
|
|
18
18
|
resourceType: 'table',
|
|
19
19
|
account: accountId,
|
|
20
|
-
region: region
|
|
20
|
+
region: region,
|
|
21
|
+
metadata: {
|
|
22
|
+
// We set this to true to indicate that this is a table resource
|
|
23
|
+
// and not a stream resource. This is important for the
|
|
24
|
+
// DynamoDBTableSync to work correctly.
|
|
25
|
+
table: 'true'
|
|
26
|
+
}
|
|
21
27
|
}),
|
|
22
28
|
extraFields: {
|
|
23
29
|
policy: async (client, table, accountId, region, partition) => {
|
|
@@ -47,7 +53,8 @@ export const DynamoDBTableSync = createTypedSyncOperation('dynamodb', 'tables',
|
|
|
47
53
|
arn: (table, region, accountId, partition) => tableArn(partition, region, accountId, table.name),
|
|
48
54
|
results: (table) => ({
|
|
49
55
|
metadata: {
|
|
50
|
-
name: table.name
|
|
56
|
+
name: table.name,
|
|
57
|
+
table: 'true'
|
|
51
58
|
},
|
|
52
59
|
policy: table.extraFields.policy
|
|
53
60
|
})
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tables.js","sourceRoot":"","sources":["../../../../src/syncs/dynamodb/tables.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,wBAAwB,EACxB,iBAAiB,EACjB,yBAAyB,EAC1B,MAAM,0BAA0B,CAAA;AACjC,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAA;AAC9E,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAA;AACzD,OAAO,EAAE,sBAAsB,EAAE,wBAAwB,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAEpG;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,wBAAwB,CACvD,UAAU,EACV,QAAQ,EACR,sBAAsB,CAAC;IACrB,MAAM,EAAE,cAAc;IACtB,OAAO,EAAE,iBAAiB;IAC1B,GAAG,EAAE,YAAY;IACjB,gBAAgB,EAAE;QAChB,QAAQ,EAAE,yBAAyB;QACnC,SAAS,EAAE,wBAAwB;KACpC;IACD,iBAAiB,EAAE,CAAC,SAAiB,EAAE,MAAc,EAAE,EAAE,CAAC,CAAC;QACzD,OAAO,EAAE,UAAU;QACnB,YAAY,EAAE,OAAO;QACrB,OAAO,EAAE,SAAS;QAClB,MAAM,EAAE,MAAM;
|
|
1
|
+
{"version":3,"file":"tables.js","sourceRoot":"","sources":["../../../../src/syncs/dynamodb/tables.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,wBAAwB,EACxB,iBAAiB,EACjB,yBAAyB,EAC1B,MAAM,0BAA0B,CAAA;AACjC,OAAO,EAAE,cAAc,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAA;AAC9E,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAA;AACzD,OAAO,EAAE,sBAAsB,EAAE,wBAAwB,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAA;AAEpG;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,wBAAwB,CACvD,UAAU,EACV,QAAQ,EACR,sBAAsB,CAAC;IACrB,MAAM,EAAE,cAAc;IACtB,OAAO,EAAE,iBAAiB;IAC1B,GAAG,EAAE,YAAY;IACjB,gBAAgB,EAAE;QAChB,QAAQ,EAAE,yBAAyB;QACnC,SAAS,EAAE,wBAAwB;KACpC;IACD,iBAAiB,EAAE,CAAC,SAAiB,EAAE,MAAc,EAAE,EAAE,CAAC,CAAC;QACzD,OAAO,EAAE,UAAU;QACnB,YAAY,EAAE,OAAO;QACrB,OAAO,EAAE,SAAS;QAClB,MAAM,EAAE,MAAM;QACd,QAAQ,EAAE;YACR,gEAAgE;YAChE,uDAAuD;YACvD,uCAAuC;YACvC,KAAK,EAAE,MAAM;SACd;KACF,CAAC;IACF,WAAW,EAAE;QACX,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE;YAC5D,OAAO,gBAAgB,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;gBAC5D,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,IAAI,CAChC,IAAI,wBAAwB,CAAC;oBAC3B,WAAW,EAAE,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC;iBAChE,CAAC,CACH,CAAA;gBACD,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;oBACpB,OAAO,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAA;gBACpC,CAAC;gBACD,OAAO,SAAS,CAAA;YAClB,CAAC,CAAC,CAAA;QACJ,CAAC;QACD,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE;YAC1D,OAAO,cAAc,CAAC,KAAK,IAAI,EAAE;gBAC/B,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CACrC,MAAM,EACN,yBAAyB,EACzB,MAAM,EACN;oBACE,QAAQ,EAAE,WAAW;oBACrB,SAAS,EAAE,WAAW;iBACvB,EACD;oBACE,WAAW,EAAE,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC;iBAChE,CACF,CAAA;gBAED,OAAO,mBAAmB,CAAC,QAAQ,CAAC,CAAA;YACtC,CAAC,CAAC,CAAA;QACJ,CAAC;KACF;IACD,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI;IACvC,GAAG,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,CAC3C,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,KAAK,CAAC,IAAI,CAAC;IACpD,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnB,QAAQ,EAAE;YACR,IAAI,EAAE,KAAK,CAAC,IAAK;YACjB,KAAK,EAAE,MAAM;SACd;QACD,MAAM,EAAE,KAAK,CAAC,WAAW,CAAC,MAAM;KACjC,CAAC;CACH,CAAC,CACH,CAAA;AAED;;;;;;;;GAQG;AACH,SAAS,QAAQ,CAAC,SAAiB,EAAE,MAAc,EAAE,SAAiB,EAAE,SAAiB;IACvF,OAAO,OAAO,SAAS,aAAa,MAAM,IAAI,SAAS,UAAU,SAAS,EAAE,CAAA;AAC9E,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"syncMap.d.ts","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAoB,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"syncMap.d.ts","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAoB,MAAM,gBAAgB,CAAA;AA2B7D,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAkDhC;;;;;GAKG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,EAAE,CAMpE;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,OAAO,EAAE,UAAU,GAAG,IAAI,EAAE,CAMtE"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { lowerCaseService } from '../services.js';
|
|
2
2
|
import { RestApisSync } from './apigateway/gateways.js';
|
|
3
3
|
import { BackupVaultsSync } from './backup/backupVaults.js';
|
|
4
|
+
import { DynamoDbStreamsSync } from './dynamodb/dynamoDbStreams.js';
|
|
4
5
|
import { DynamoDBTableSync } from './dynamodb/tables.js';
|
|
5
6
|
import { VpcEndpointsSync } from './ec2/vpcEndpoints.js';
|
|
6
7
|
import { EcrSyncs } from './ecr/ecrSyncs.js';
|
|
@@ -28,6 +29,7 @@ const allSyncs = [
|
|
|
28
29
|
AccountS3BpaSync,
|
|
29
30
|
AuthorizationDetailsSync,
|
|
30
31
|
BackupVaultsSync,
|
|
32
|
+
DynamoDbStreamsSync,
|
|
31
33
|
DynamoDBTableSync,
|
|
32
34
|
...EcrSyncs,
|
|
33
35
|
ElasticFileSystemsSync,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"syncMap.js","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAC7D,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAA;AAC5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAA;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AACpD,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAA;AACxE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAA;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAChE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EAAE,uBAAuB,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAA;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAA;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AACrD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAA;AAC5D,OAAO,EAAE,6BAA6B,EAAE,MAAM,iCAAiC,CAAA;AAC/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAClD,OAAO,EAAE,sBAAsB,EAAE,MAAM,uCAAuC,CAAA;AAC9E,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAA;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAGnD,MAAM,QAAQ,GAAG;IACf,gBAAgB;IAChB,wBAAwB;IACxB,gBAAgB;IAChB,iBAAiB;IACjB,GAAG,QAAQ;IACX,sBAAsB;IACtB,oBAAoB;IACpB,GAAG,qBAAqB;IACxB,iBAAiB;IACjB,eAAe;IACf,OAAO;IACP,UAAU;IACV,uBAAuB;IACvB,gBAAgB;IAChB,gBAAgB;IAChB,YAAY;IACZ,kBAAkB;IAClB,sBAAsB;IACtB,0BAA0B;IAC1B,6BAA6B;IAC7B,kBAAkB;IAClB,UAAU;IACV,aAAa;IACb,YAAY;IACZ,WAAW;IACX,gBAAgB;CACjB,CAAA;AAED,MAAM,OAAO,GAAG,IAAI,GAAG,EAAoD,CAAA;AAE3E,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACjD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE;YACnB,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,EAAE;SACX,CAAC,CAAA;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;IACnC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAmB;IAC1D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAA;IACpD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CAAC,OAAmB;IAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAA;IACpD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,KAAK,CAAC,QAAQ,CAAA;AACvB,CAAC"}
|
|
1
|
+
{"version":3,"file":"syncMap.js","sourceRoot":"","sources":["../../../src/syncs/syncMap.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,gBAAgB,EAAE,MAAM,gBAAgB,CAAA;AAC7D,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAA;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAA;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAA;AACxD,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAA;AAC5C,OAAO,EAAE,sBAAsB,EAAE,MAAM,sBAAsB,CAAA;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAA;AACpD,OAAO,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAA;AACxE,OAAO,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAA;AAClE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAA;AAChE,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AACtC,OAAO,EAAE,uBAAuB,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAA;AACxE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAA;AACnE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AACrD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iBAAiB,CAAA;AAC5D,OAAO,EAAE,6BAA6B,EAAE,MAAM,iCAAiC,CAAA;AAC/E,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAA;AAClD,OAAO,EAAE,sBAAsB,EAAE,MAAM,uCAAuC,CAAA;AAC9E,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAA;AAC/D,OAAO,EAAE,UAAU,EAAE,MAAM,6BAA6B,CAAA;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAA;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAA;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAA;AAGnD,MAAM,QAAQ,GAAG;IACf,gBAAgB;IAChB,wBAAwB;IACxB,gBAAgB;IAChB,mBAAmB;IACnB,iBAAiB;IACjB,GAAG,QAAQ;IACX,sBAAsB;IACtB,oBAAoB;IACpB,GAAG,qBAAqB;IACxB,iBAAiB;IACjB,eAAe;IACf,OAAO;IACP,UAAU;IACV,uBAAuB;IACvB,gBAAgB;IAChB,gBAAgB;IAChB,YAAY;IACZ,kBAAkB;IAClB,sBAAsB;IACtB,0BAA0B;IAC1B,6BAA6B;IAC7B,kBAAkB;IAClB,UAAU;IACV,aAAa;IACb,YAAY;IACZ,WAAW;IACX,gBAAgB;CACjB,CAAA;AAED,MAAM,OAAO,GAAG,IAAI,GAAG,EAAoD,CAAA;AAE3E,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAG,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAA;IACjD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE;YACnB,QAAQ,EAAE,EAAE;YACZ,MAAM,EAAE,EAAE;SACX,CAAC,CAAA;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAE,CAAA;IACnC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACzB,CAAC;SAAM,CAAC;QACN,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC3B,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CAAC,OAAmB;IAC1D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAA;IACpD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,KAAK,CAAC,MAAM,CAAA;AACrB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CAAC,OAAmB;IAC5D,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAA;IACpD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,CAAA;IACX,CAAC;IACD,OAAO,KAAK,CAAC,QAAQ,CAAA;AACvB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cloud-copilot/iam-collect",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.70",
|
|
4
4
|
"description": "Collect IAM information from AWS Accounts",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -112,6 +112,7 @@
|
|
|
112
112
|
"@aws-sdk/client-api-gateway": "^3.799.0",
|
|
113
113
|
"@aws-sdk/client-backup": "^3.812.0",
|
|
114
114
|
"@aws-sdk/client-dynamodb": "^3.788.0",
|
|
115
|
+
"@aws-sdk/client-dynamodb-streams": "^3.816.0",
|
|
115
116
|
"@aws-sdk/client-ec2": "^3.798.0",
|
|
116
117
|
"@aws-sdk/client-ecr": "^3.798.0",
|
|
117
118
|
"@aws-sdk/client-efs": "^3.806.0",
|
|
@@ -133,6 +134,7 @@
|
|
|
133
134
|
"@aws-sdk/credential-providers": "^3.772.0",
|
|
134
135
|
"@aws-sdk/types": "^3.734.0",
|
|
135
136
|
"@cloud-copilot/cli": "^0.1.20",
|
|
137
|
+
"@cloud-copilot/iam-policy": "^0.1.24",
|
|
136
138
|
"@smithy/smithy-client": "^4.2.0",
|
|
137
139
|
"@smithy/util-retry": "^4.0.2",
|
|
138
140
|
"jsonc-parser": "^3.3.1"
|