npm - @cloud-copilot/iam-lens - Versions diffs - 0.1.8 → 0.1.10 - Mend

@cloud-copilot/iam-lens 0.1.8 → 0.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -4,7 +4,7 @@
 ## iam-lens
-Get visibility into the actual IAM policies that apply in your AWS organizations and accounts. This will use your existing AWS IAM policies (downloaded via [iam-collect](https://github.com/cloud-copilot/iam-collect)) and evaluate the effective permissions.
+Get visibility into the IAM permissions in your AWS organizations and accounts. Use your actual AWS IAM policies (downloaded via [iam-collect](https://github.com/cloud-copilot/iam-collect)) and evaluate the effective permissions.
 ## Quick Start
@@ -12,7 +12,7 @@ Get visibility into the actual IAM policies that apply in your AWS organizations
 # Install
 npm install -g @cloud-copilot/iam-collect @cloud-copilot/iam-lens
-# Download all IAM policies in your accounts
+# Download all IAM policies in your account using default credentials, run download once per account
 iam-collect init
 iam-collect download
@@ -20,27 +20,27 @@ iam-collect download
 iam-lens simulate --principal arn:aws:iam::123456789012:role/ExampleRole --resource arn:aws:s3:::example-bucket/secret-file.txt --action s3:GetObject
 # Find out who can do something
-iam-lens who-can --resource arn:aws:s3:::example-bucket --actions s3:GetObject
+iam-lens who-can --resource arn:aws:s3:::example-bucket --actions s3:ListBucket
 # Find out who can do all actions on a resource
-iam-lens who-can --resource arn:aws:iam::123456789012:role/ExampleRole
+iam-lens who-can --resource arn:aws:s3:::example-bucket
 ```
 ## What is iam-lens?
-iam-lens uses real IAM data from your AWS accounts (collected via [iam-collect](https://github.com/cloud-copilot/iam-collect)) and allows you to quickly simulate requests and discover the actual effective permissions that apply to a principal or resource.
+iam-lens uses the IAM data from your AWS accounts (collected via [iam-collect](https://github.com/cloud-copilot/iam-collect)) to quickly simulate requests and understand the effective permissions that apply to a principal or resource.
 ## Why use it?
-1. **Understand** what permissions are actually in place and why. See the policies that determine the outcome of a given request.
-2. **Verify** specific actions are allowed or not allowed for a principal or resource.
-3. **Discover** who can take action on a sensitive resource with a single command.
+1. **Understand** what permissions are actually in place and why. See the policies that determine the outcome of a request.
+2. **Verify** what's allowed or not after everything is deployed.
+3. **Discover** who can take action on a sensitive resource or account.
 4. **Audit** your IAM policies and ensure they are configured correctly.
 5. **Debug** permissions by simulating requests locally and iterate quickly without needing to deploy changes to your AWS environment.
 ## Getting Started
-1. **Download Your Policies** Use [iam-collect](https://github.com/cloud-copilot/iam-collect) to download all your policies from all your AWS accounts. iam-collect is highly configurable and can be customized to collect the policies you need. It only downloads information to your file system or an S3 bucket, so you're in full control of your data.
+1. **Download Your Policies** with [iam-collect](https://github.com/cloud-copilot/iam-collect) to get all policies from your AWS accounts. iam-collect is highly configurable and can be customized to collect the policies you need. It only downloads information to your file system or an S3 bucket, so you're in full control of your data.
 ```bash
 npm install -g @cloud-copilot/iam-collect
@@ -48,7 +48,9 @@ iam-collect init
 iam-collect download
 ```
-To see the effect of SCPs and RCPs, you should download data from your management account; or an account with permissions do download organization information. Download data for member accounts you want to analyze. `iam-lens` will analyze cross-account and cross-organization requests if you have the data available.
+To see the effect of SCPs and RCPs, you should download data from your management account; or an account with permission to download organization information. Download data for member accounts you want to analyze. `iam-lens` will analyze cross-account and cross-organization requests if the data is available.
+You can download information for as many accounts, organizations, and regions as you like. The more data you have, the more accurate your answers will be.
 2. **Install iam-lens**
@@ -61,7 +63,10 @@ npm install -g @cloud-copilot/iam-lens
 Simulate a request:
 ```bash
-iam-lens simulate --principal arn:aws:iam::123456789012:role/ExampleRole --resource arn:aws:s3:::example-bucket/secret-file.txt --action s3:GetObject
+iam-lens simulate \
+  --principal arn:aws:iam::123456789012:role/ExampleRole \
+  --resource arn:aws:s3:::example-bucket/secret-file.txt \
+  --action s3:GetObject
 ```
 or
@@ -69,7 +74,9 @@ or
 Discover who can perform an action on a resource:
 ```bash
-iam-lens who-can --resource arn:aws:iam::111111111111:role/ImportantRole --actions sts:AssumeRole iam:PassRole
+iam-lens who-can \
+  --resource arn:aws:iam::111111111111:role/ImportantRole \
+  --actions sts:AssumeRole iam:PassRole
 ```
 ## Commands
@@ -80,19 +87,19 @@ iam-lens who-can --resource arn:aws:iam::111111111111:role/ImportantRole --actio
 iam-lens simulate [options]
 ```
-Evaluates whether a given principal can perform a specified action on a resource (or wildcard). Returns a decision (Allowed/ImplicitlyDenied/ExplicitlyDenied), and exits nonzero if you provided an `--expect` that doesn’t match the result.
+Evaluates whether a principal can perform a specified action on a resource (or account for wildcard only actions). Returns a decision: `Allowed`, `ImplicitlyDenied`, or `ExplicitlyDenied`.
 **Options:**
-| Flag                        | Description                                                                                                                                                                                         |
-| --------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `--principal <arn>`         | The principal the request is from. Can be a user, role, session, or AWS service.                                                                                                                    |
-| `--resource <arn>`          | The ARN of the resource to simulate access to. Ignore for wildcard-only actions (e.g. `s3:ListAllMyBuckets`).                                                                                       |
-| `--resourceAccountId <id>`  | The account ID of the resource, only required if it cannot be determined from the resource ARN.                                                                                                     |
-| `--action <service:action>` | The action to simulate; must be a valid IAM service and action such as `s3:ListBucket`.                                                                                                             |
-| `--context <key=value>`     | One or more context keys to use for the simulation. Keys are formatted as `key=value1,value2`. Multiple values can be separated by commas.                                                          |
-| `-v, --verbose`             | Enable verbose output for the simulation (prints evaluation steps and policy checks).                                                                                                               |
-| `--expect <result>`         | The expected outcome of the simulation. Valid values: `Allowed`, `ImplicitlyDenied`, `ExplicitlyDenied`, `AnyDeny`. If the result does not match the expect value, a non-zero exit code is returned |
+| Flag                        | Description                                                                                                                                                                                                                                                          |
+| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `--principal <arn>`         | The principal the request is from. Can be a user, role, session, or AWS service.                                                                                                                                                                                     |
+| `--resource <arn>`          | The ARN of the resource to simulate access to. Ignore for wildcard-only actions such as `s3:ListAllMyBuckets`.                                                                                                                                                       |
+| `--resource-account <id>`   | The account ID of the resource. Only required if it cannot be determined from the resource ARN or the principal ARN for wildcard only actions.                                                                                                                       |
+| `--action <service:action>` | The action to simulate; must be a valid IAM service and action such as `s3:ListBucket`.                                                                                                                                                                              |
+| `--context <key=value>`     | One or more context keys to use for the simulation. Keys are formatted as `keyA=value1,value2 keyB=value1,value2`. Multiple keys are separated by spaces. Multiple values separated by commas. See [Context Keys](#context-keys) for what keys are set automatically |
+| `-v, --verbose`             | Enable verbose output for the simulation to see exactly what statements applied or not and why.                                                                                                                                                                      |
+| `--expect <result>`         | Optional expected outcome of the simulation. Valid values are `Allowed`, `ImplicitlyDenied`, `ExplicitlyDenied`, `AnyDeny`. If the result does not match the expected value, a non-zero exit code is returned                                                        |
 **Examples:**
@@ -103,19 +110,17 @@ iam-lens simulate \
   --resource arn:aws:s3:::my-bucket \
   --action s3:ListBucket
-# Simulate a wildcard action (ListAllMyBuckets) – must supply resourceAccountId
+# Simulate a wildcard action (ListAllMyBuckets) – this will assume the principals account
 iam-lens simulate \
   --principal arn:aws:iam::222222222222:user/Alice \
-  --action s3:ListAllMyBuckets \
-  --resourceAccountId 222222222222
+  --action s3:ListAllMyBuckets
-# Include context keys (e.g. resource tags or org IDs)
+# Include custom context keys
 iam-lens simulate \
   --principal arn:aws:iam::333333333333:role/DevRole \
   --resource arn:aws:sqs:us-east-1:333333333333:my-queue \
   --action sqs:SendMessage \
-  --context aws:PrincipalOrgID=o-aaaaaaaaaa \
-  --context aws:ResourceTag/Env=prod,staging \
+  --context aws:SourceVpc=vpc-1234567890abcdef0 \
   --verbose
 # Assert the result must be “Allowed”; exit code will be nonzero if not
@@ -132,35 +137,42 @@ iam-lens simulate \
 iam-lens who-can [options]
 ```
-Lists all principals in your IAM data who are allowed to perform one or more specified actions on a resource (or wildcard). If applicable it will check the resource policy to find cross-account permissions and AWS service principals.
+Lists all principals in your IAM data who are allowed to perform one or more specified actions on a resource (or account for wildcard only actions). If applicable it will check the resource policy to find cross-account permissions and AWS service principals.
 **Options:**
-| Flag                         | Description                                                                                                                                                                                                          |
-| ---------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `--resource <arn>`           | The ARN of the resource to check permissions for. Ignore for wildcard-only actions (`iam:ListRoles`, etc.).                                                                                                          |
-| `--resourceAccount <id>`     | The account ID of the resource, only required if it cannot be determined from the resource ARN. Required for wildcard actions such as `s3:ListAllMyBuckets`                                                          |
-| `--actions <service:action>` | One or more actions to check, e.g. `s3:GetObject`. Specify as many actions as you want. If omitted it will analyze all valid actions for the resource. If no `--resource` is specified then actions must be entered. |
+| Flag                         | Description                                                                                                                                                                                                            |
+| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `--resource <arn>`           | The ARN of the resource to check permissions for. Ignore for wildcard-only actions such as `iam:ListRoles`                                                                                                             |
+| `--resource-account <id>`    | The account ID of the resource, only required if it cannot be determined from the resource ARN. Required for wildcard actions such as `ec2:DescribeInstances`                                                          |
+| `--actions <service:action>` | One or more actions to check such as `s3:GetObject`. Specify as many actions as you want. If omitted it will analyze all valid actions for the resource. If no `--resource` is specified then actions must be entered. |
 **Examples:**
 ```bash
-# Who can get objects from this bucket?
+# Who can get this object?
 iam-lens who-can \
-  --resource arn:aws:s3:::my-bucket \
+  --resource arn:aws:s3:::my-bucket/secret-file.txt \
   --actions s3:GetObject
-# Who can list all IAM roles in any account? (wildcard action – no resource)
+# Who can list all IAM roles in this account? (wildcard action – no resource)
 iam-lens who-can \
+  --resource-account 555555555555 \
   --actions iam:ListRoles
 # Check multiple actions at once
 iam-lens who-can \
   --resource arn:aws:dynamodb:us-east-1:555555555555:table/Books \
-  --actions dynamodb:Query,dynamodb:UpdateItem
+  --actions dynamodb:Query dynamodb:UpdateItem
+# Check all actions for a bucket
+iam-lens who-can \
+  --resource arn:aws:s3:::my-bucket
 ```
-**Global Options:**
+### Global Options:
+These options are available for all commands:
 | Flag                       | Description                                                           | Default             |
 | -------------------------- | --------------------------------------------------------------------- | ------------------- |
@@ -169,7 +181,7 @@ iam-lens who-can \
 ## Context Keys
-Below are the context keys that iam-lens populates by default during simulation. These keys are set based on your principal, resource, and organization data. Any keys provided via `--context` will override the defaults.
+iam-lens automatically populates the context keys below when simulating requests. These keys are set based on your principal, resource, and organization data. Any keys provided via `--context` will override the defaults.
 ### Default Context Keys
@@ -182,10 +194,10 @@ Below are the context keys that iam-lens populates by default during simulation.
 - **`aws:EpochTime`**
   Unix epoch time in seconds (e.g., `1717290896`).
-#### Principal Context (if principal is an ARN)
+#### IAM Principal Context
 - **`aws:PrincipalArn`**
-  The full ARN of the principal (user, role, federated user, or service) being simulated.
+  The full ARN of the principal (user, role, role session, or federated user) being simulated.
 - **`aws:PrincipalAccount`**
   The AWS account ID extracted from the principal ARN.
@@ -200,7 +212,7 @@ Below are the context keys that iam-lens populates by default during simulation.
   For each tag on the IAM principal, a context key of the form `aws:PrincipalTag/<TagKey>` with its tag value.
 - **`aws:PrincipalIsAWSService`**
-  Set to `true` if the principal is an AWS service principal (e.g. `lambda.amazonaws.com`), otherwise `false`.
+  Set to `false` for all IAM principals (users, roles, federated users).
 - **`aws:PrincipalType`**
   One of: `Account`, `User`, `FederatedUser`, `AssumedRole`, indicating the type of principal.
@@ -213,38 +225,47 @@ Below are the context keys that iam-lens populates by default during simulation.
   - For a federated user: `<AccountId>:<FederatedName>`
   - For an assumed role: `<RoleUniqueId>:<SessionName>`
+  Setting `role-id:ec2-instance-id` for EC2 instances is not supported at this time.
 - **`aws:username`** _(only for IAM users)_
   The IAM username portion of the principal ARN (e.g. `Alice`).
-- **`aws:PrincipalServiceName`** _(only for AWS service principals)_
+#### Service Principal Context
+The following context keys are set when the principal is an AWS service (e.g., `lambda.amazonaws.com`, `ec2.amazonaws.com`):
+- **`aws:PrincipalServiceName`**
   The service principal string (e.g. `lambda.amazonaws.com`).
-- **`aws:SourceAccount`** _(only for AWS service principals)_
-  The account ID of the simulated resource, used when interpreting a service principal’s context.
+- **`aws:SourceAccount`**
+  The account ID of the resource.
+- **`aws:SourceOrgID`**
+  The organization ID of the resource’s account (if part of an organization).
-- **`aws:SourceOrgID`** _(only for AWS service principals)_
-  The organization ID of the simulated resource’s account (if any).
+- **`aws:SourceOrgPaths`**
+  The OU hierarchy path for the resource’s account (if part of an organization).
-- **`aws:SourceOrgPaths`** _(only for AWS service principals)_
-  The OU hierarchy path for the simulated resource’s account (if any).
+- **`aws:PrincipalIsAWSService`**
+  Set to `true` for all service principals.
-#### Resource Context (unless action is excluded)
+#### Resource Context ([unless action is excluded](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-resourceaccount))
 - **`aws:ResourceAccount`**
-  The AWS account ID of the simulated resource.
+  The AWS account ID of the resource.
-- **`aws:ResourceOrgID`** _(if the resource account is in an organization)_
-  The Organization ID for the resource’s account.
+- **`aws:ResourceOrgID`**
+  The Organization ID for the resource’s account (if part of an organization).
 - **`aws:ResourceOrgPaths`** _(if the resource account is in an organization)_
-  A list containing a single string of the form `<OrgId>/<OU1>/<OU2>/…/` for the resource’s account.
+  A list containing a single string of the form `<OrgId>/<OU1>/<OU2>/…/` for the resource’s account (if part of an organization).
 - **`aws:ResourceTag/<TagKey>`**
-  For each tag on the resource ARN, a context key `aws:ResourceTag/TagKey` with its tag value. **This is only for resources that are stored in your `iam-collect` data**, such as Roles, S3 Buckets, DynamoDB Tables, etc. For resources not stored in `iam-collect`, this key will not be set.
+  For each tag on the resource ARN, a context key `aws:ResourceTag/TagKey` with its tag value. **This is only for resources that are stored in your `iam-collect` data**, such as Roles, S3 Buckets, DynamoDB Tables, etc. For resources not stored in `iam-collect`, this key should be set manually.
 ### Overriding Default Context Keys
-Any context keys supplied via the `--context key=value[,value2,…]` option will override the defaults described above. For example:
+Any context keys supplied via the `--context key=value[,value2,…]` argument will override the defaults described above. For example:
 ```bash
 iam-lens simulate \

package/dist/cjs/cli.js CHANGED Viewed

@@ -22,7 +22,7 @@ const main = async () => {
                     values: 'single',
                     description: 'The ARN of the resource to simulate access to. Ignore for wildcard actions'
                 },
-                resourceAccountId: {
+                resourceAccount: {
                     type: 'string',
                     values: 'single',
                     description: 'The account ID of the resource, only required if it cannot be determined from the resource ARN.'
@@ -94,12 +94,12 @@ const main = async () => {
     const collectConfigs = await (0, collect_js_1.loadCollectConfigs)(cli.args.collectConfigs);
     const collectClient = (0, collect_js_1.getCollectClient)(collectConfigs, thePartition);
     if (cli.subcommand === 'simulate') {
-        const { principal, resource, resourceAccountId, action, context } = cli.args;
+        const { principal, resource, resourceAccount, action, context } = cli.args;
         const contextKeys = convertContextKeysToMap(context);
         const result = await (0, simulate_js_1.simulateRequest)({
             principal: principal,
             resourceArn: resource,
-            resourceAccount: resourceAccountId,
+            resourceAccount: resourceAccount,
             action: action,
             customContextKeys: contextKeys
         }, collectClient);

package/dist/cjs/cli.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;AAEA,4CAAsD;AACtD,qDAA2E;AAE3E,wDAAkF;AAClF,iEAA0D;AAC1D,kDAA2C;AAE3C,MAAM,IAAI,GAAG,KAAK,IAAI,EAAE;IACtB,MAAM,OAAO,GAAG,MAAM,IAAA,kCAAc,GAAE,CAAA;IACtC,MAAM,GAAG,GAAG,IAAA,uBAAiB,EAC3B,UAAU,EACV;QACE,QAAQ,EAAE;YACR,WAAW,EAAE,yBAAyB;YACtC,OAAO,EAAE;gBACP,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EAAE,yEAAyE;iBACvF;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,4EAA4E;iBAC/E;gBACD,~~iBAAiB~~,EAAE;~~oBACjB~~,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,iGAAiG;iBACpG;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,wFAAwF;iBAC3F;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,UAAU;oBAClB,WAAW,EACT,oJAAoJ;iBACvJ;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,0CAA0C;oBACvD,SAAS,EAAE,GAAG;iBACf;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,MAAM;oBACZ,MAAM,EAAE,QAAQ;oBAChB,WAAW,EAAE,CAAC,SAAS,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,SAAS,CAAC;oBAC3E,WAAW,EACT,iIAAiI;iBACpI;aACF;SACF;QACD,SAAS,EAAE;YACT,WAAW,EAAE,8CAA8C;YAC3D,OAAO,EAAE;gBACP,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,+EAA+E;iBAClF;gBACD,eAAe,EAAE;oBACf,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,+HAA+H;iBAClI;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,UAAU;oBAClB,WAAW,EACT,oGAAoG;iBACvG;aACF;SACF;KACF,EACD;QACE,cAAc,EAAE;YACd,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,4CAA4C;YACzD,MAAM,EAAE,UAAU;SACnB;QACD,SAAS,EAAE;YACT,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,sEAAsE;YACnF,MAAM,EAAE,QAAQ;SACjB;KACF,EACD;QACE,SAAS,EAAE,UAAU;QACrB,gBAAgB,EAAE,IAAI;QACtB,iBAAiB,EAAE,IAAI;QACvB,OAAO;KACR,CACF,CAAA;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAA;IACrD,CAAC;IACD,MAAM,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,KAAK,CAAA;IAChD,MAAM,cAAc,GAAG,MAAM,IAAA,+BAAkB,EAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;IACxE,MAAM,aAAa,GAAG,IAAA,6BAAgB,EAAC,cAAc,EAAE,YAAY,CAAC,CAAA;IAEpE,IAAI,GAAG,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;QAClC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,~~iBAAiB~~,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,IAAI,CAAA;~~QAC5E~~,MAAM,WAAW,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAA;QAEpD,MAAM,MAAM,GAAG,MAAM,IAAA,6BAAe,EAClC;YACE,SAAS,EAAE,SAAU;YACrB,WAAW,EAAE,QAAQ;YACrB,eAAe,EAAE,~~iBAAiB~~;~~YAClC~~,MAAM,EAAE,MAAO;YACf,iBAAiB,EAAE,WAAW;SAC/B,EACD,aAAa,CACd,CAAA;QAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAA;YACnC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;QAC5D,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;QAC9C,CAAC;QAED,IAAI,CAAC,IAAA,sCAAwB,EAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAO,CAAC,EAAE,CAAC;YACzE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,IAAI,CAAA;QACvD,IAAI,CAAC,eAAe,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1D,OAAO,CAAC,KAAK,CACX,qGAAqG,CACtG,CAAA;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAA,kBAAM,EAAC,aAAa,EAAE;YAC1C,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAS;YAC5B,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,OAAQ;YAC1B,eAAe,EAAE,GAAG,CAAC,IAAI,CAAC,eAAe;SAC1C,CAAC,CAAA;QAEF,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;IAC/C,CAAC;AACH,CAAC,CAAA;AAED,IAAI,EAAE;KACH,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC;KACD,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;KACd,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;AAEpB;;;;;GAKG;AACH,SAAS,uBAAuB,CAAC,WAAqB;IACpD,MAAM,UAAU,GAAsC,EAAE,CAAA;IACxD,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACvC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAC/B,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtB,UAAU,CAAC,OAAO,CAAC,GAAG,MAAM,CAAA;YAC9B,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAA;AACnB,CAAC"}
1	+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";;;AAEA,4CAAsD;AACtD,qDAA2E;AAE3E,wDAAkF;AAClF,iEAA0D;AAC1D,kDAA2C;AAE3C,MAAM,IAAI,GAAG,KAAK,IAAI,EAAE;IACtB,MAAM,OAAO,GAAG,MAAM,IAAA,kCAAc,GAAE,CAAA;IACtC,MAAM,GAAG,GAAG,IAAA,uBAAiB,EAC3B,UAAU,EACV;QACE,QAAQ,EAAE;YACR,WAAW,EAAE,yBAAyB;YACtC,OAAO,EAAE;gBACP,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EAAE,yEAAyE;iBACvF;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,4EAA4E;iBAC/E;gBACD,eAAe,EAAE;oBACf,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,iGAAiG;iBACpG;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,wFAAwF;iBAC3F;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,UAAU;oBAClB,WAAW,EACT,oJAAoJ;iBACvJ;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,0CAA0C;oBACvD,SAAS,EAAE,GAAG;iBACf;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,MAAM;oBACZ,MAAM,EAAE,QAAQ;oBAChB,WAAW,EAAE,CAAC,SAAS,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,SAAS,CAAC;oBAC3E,WAAW,EACT,iIAAiI;iBACpI;aACF;SACF;QACD,SAAS,EAAE;YACT,WAAW,EAAE,8CAA8C;YAC3D,OAAO,EAAE;gBACP,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,+EAA+E;iBAClF;gBACD,eAAe,EAAE;oBACf,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,+HAA+H;iBAClI;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,UAAU;oBAClB,WAAW,EACT,oGAAoG;iBACvG;aACF;SACF;KACF,EACD;QACE,cAAc,EAAE;YACd,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,4CAA4C;YACzD,MAAM,EAAE,UAAU;SACnB;QACD,SAAS,EAAE;YACT,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,sEAAsE;YACnF,MAAM,EAAE,QAAQ;SACjB;KACF,EACD;QACE,SAAS,EAAE,UAAU;QACrB,gBAAgB,EAAE,IAAI;QACtB,iBAAiB,EAAE,IAAI;QACvB,OAAO;KACR,CACF,CAAA;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAA;IACrD,CAAC;IACD,MAAM,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,KAAK,CAAA;IAChD,MAAM,cAAc,GAAG,MAAM,IAAA,+BAAkB,EAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;IACxE,MAAM,aAAa,GAAG,IAAA,6BAAgB,EAAC,cAAc,EAAE,YAAY,CAAC,CAAA;IAEpE,IAAI,GAAG,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;QAClC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,IAAI,CAAA;QAC1E,MAAM,WAAW,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAA;QAEpD,MAAM,MAAM,GAAG,MAAM,IAAA,6BAAe,EAClC;YACE,SAAS,EAAE,SAAU;YACrB,WAAW,EAAE,QAAQ;YACrB,eAAe,EAAE,eAAe;YAChC,MAAM,EAAE,MAAO;YACf,iBAAiB,EAAE,WAAW;SAC/B,EACD,aAAa,CACd,CAAA;QAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAA;YACnC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;QAC5D,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;QAC9C,CAAC;QAED,IAAI,CAAC,IAAA,sCAAwB,EAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAO,CAAC,EAAE,CAAC;YACzE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,IAAI,CAAA;QACvD,IAAI,CAAC,eAAe,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1D,OAAO,CAAC,KAAK,CACX,qGAAqG,CACtG,CAAA;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAA,kBAAM,EAAC,aAAa,EAAE;YAC1C,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAS;YAC5B,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,OAAQ;YAC1B,eAAe,EAAE,GAAG,CAAC,IAAI,CAAC,eAAe;SAC1C,CAAC,CAAA;QAEF,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;IAC/C,CAAC;AACH,CAAC,CAAA;AAED,IAAI,EAAE;KACH,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC;KACD,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;KACd,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;AAEpB;;;;;GAKG;AACH,SAAS,uBAAuB,CAAC,WAAqB;IACpD,MAAM,UAAU,GAAsC,EAAE,CAAA;IACxD,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACvC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAC/B,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtB,UAAU,CAAC,OAAO,CAAC,GAAG,MAAM,CAAA;YAC9B,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAA;AACnB,CAAC"}

package/dist/esm/cli.js CHANGED Viewed

@@ -20,7 +20,7 @@ const main = async () => {
                     values: 'single',
                     description: 'The ARN of the resource to simulate access to. Ignore for wildcard actions'
                 },
-                resourceAccountId: {
+                resourceAccount: {
                     type: 'string',
                     values: 'single',
                     description: 'The account ID of the resource, only required if it cannot be determined from the resource ARN.'
@@ -92,12 +92,12 @@ const main = async () => {
     const collectConfigs = await loadCollectConfigs(cli.args.collectConfigs);
     const collectClient = getCollectClient(collectConfigs, thePartition);
     if (cli.subcommand === 'simulate') {
-        const { principal, resource, resourceAccountId, action, context } = cli.args;
+        const { principal, resource, resourceAccount, action, context } = cli.args;
         const contextKeys = convertContextKeysToMap(context);
         const result = await simulateRequest({
             principal: principal,
             resourceArn: resource,
-            resourceAccount: resourceAccountId,
+            resourceAccount: resourceAccount,
             action: action,
             customContextKeys: contextKeys
         }, collectClient);

package/dist/esm/cli.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AACtD,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AAE3E,OAAO,EAAE,wBAAwB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAClF,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAA;AAC1D,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAE3C,MAAM,IAAI,GAAG,KAAK,IAAI,EAAE;IACtB,MAAM,OAAO,GAAG,MAAM,cAAc,EAAE,CAAA;IACtC,MAAM,GAAG,GAAG,iBAAiB,CAC3B,UAAU,EACV;QACE,QAAQ,EAAE;YACR,WAAW,EAAE,yBAAyB;YACtC,OAAO,EAAE;gBACP,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EAAE,yEAAyE;iBACvF;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,4EAA4E;iBAC/E;gBACD,~~iBAAiB~~,EAAE;~~oBACjB~~,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,iGAAiG;iBACpG;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,wFAAwF;iBAC3F;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,UAAU;oBAClB,WAAW,EACT,oJAAoJ;iBACvJ;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,0CAA0C;oBACvD,SAAS,EAAE,GAAG;iBACf;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,MAAM;oBACZ,MAAM,EAAE,QAAQ;oBAChB,WAAW,EAAE,CAAC,SAAS,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,SAAS,CAAC;oBAC3E,WAAW,EACT,iIAAiI;iBACpI;aACF;SACF;QACD,SAAS,EAAE;YACT,WAAW,EAAE,8CAA8C;YAC3D,OAAO,EAAE;gBACP,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,+EAA+E;iBAClF;gBACD,eAAe,EAAE;oBACf,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,+HAA+H;iBAClI;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,UAAU;oBAClB,WAAW,EACT,oGAAoG;iBACvG;aACF;SACF;KACF,EACD;QACE,cAAc,EAAE;YACd,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,4CAA4C;YACzD,MAAM,EAAE,UAAU;SACnB;QACD,SAAS,EAAE;YACT,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,sEAAsE;YACnF,MAAM,EAAE,QAAQ;SACjB;KACF,EACD;QACE,SAAS,EAAE,UAAU;QACrB,gBAAgB,EAAE,IAAI;QACtB,iBAAiB,EAAE,IAAI;QACvB,OAAO;KACR,CACF,CAAA;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAA;IACrD,CAAC;IACD,MAAM,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,KAAK,CAAA;IAChD,MAAM,cAAc,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;IACxE,MAAM,aAAa,GAAG,gBAAgB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAA;IAEpE,IAAI,GAAG,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;QAClC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,~~iBAAiB~~,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,IAAI,CAAA;~~QAC5E~~,MAAM,WAAW,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAA;QAEpD,MAAM,MAAM,GAAG,MAAM,eAAe,CAClC;YACE,SAAS,EAAE,SAAU;YACrB,WAAW,EAAE,QAAQ;YACrB,eAAe,EAAE,~~iBAAiB~~;~~YAClC~~,MAAM,EAAE,MAAO;YACf,iBAAiB,EAAE,WAAW;SAC/B,EACD,aAAa,CACd,CAAA;QAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAA;YACnC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;QAC5D,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;QAC9C,CAAC;QAED,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAO,CAAC,EAAE,CAAC;YACzE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,IAAI,CAAA;QACvD,IAAI,CAAC,eAAe,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1D,OAAO,CAAC,KAAK,CACX,qGAAqG,CACtG,CAAA;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,aAAa,EAAE;YAC1C,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAS;YAC5B,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,OAAQ;YAC1B,eAAe,EAAE,GAAG,CAAC,IAAI,CAAC,eAAe;SAC1C,CAAC,CAAA;QAEF,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;IAC/C,CAAC;AACH,CAAC,CAAA;AAED,IAAI,EAAE;KACH,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC;KACD,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;KACd,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;AAEpB;;;;;GAKG;AACH,SAAS,uBAAuB,CAAC,WAAqB;IACpD,MAAM,UAAU,GAAsC,EAAE,CAAA;IACxD,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACvC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAC/B,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtB,UAAU,CAAC,OAAO,CAAC,GAAG,MAAM,CAAA;YAC9B,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAA;AACnB,CAAC"}
1	+ {"version":3,"file":"cli.js","sourceRoot":"","sources":["../../src/cli.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAA;AACtD,OAAO,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAA;AAE3E,OAAO,EAAE,wBAAwB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAClF,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAA;AAC1D,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAE3C,MAAM,IAAI,GAAG,KAAK,IAAI,EAAE;IACtB,MAAM,OAAO,GAAG,MAAM,cAAc,EAAE,CAAA;IACtC,MAAM,GAAG,GAAG,iBAAiB,CAC3B,UAAU,EACV;QACE,QAAQ,EAAE;YACR,WAAW,EAAE,yBAAyB;YACtC,OAAO,EAAE;gBACP,SAAS,EAAE;oBACT,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EAAE,yEAAyE;iBACvF;gBACD,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,4EAA4E;iBAC/E;gBACD,eAAe,EAAE;oBACf,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,iGAAiG;iBACpG;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,wFAAwF;iBAC3F;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,UAAU;oBAClB,WAAW,EACT,oJAAoJ;iBACvJ;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,SAAS;oBACf,WAAW,EAAE,0CAA0C;oBACvD,SAAS,EAAE,GAAG;iBACf;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,MAAM;oBACZ,MAAM,EAAE,QAAQ;oBAChB,WAAW,EAAE,CAAC,SAAS,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,SAAS,CAAC;oBAC3E,WAAW,EACT,iIAAiI;iBACpI;aACF;SACF;QACD,SAAS,EAAE;YACT,WAAW,EAAE,8CAA8C;YAC3D,OAAO,EAAE;gBACP,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,+EAA+E;iBAClF;gBACD,eAAe,EAAE;oBACf,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ;oBAChB,WAAW,EACT,+HAA+H;iBAClI;gBACD,OAAO,EAAE;oBACP,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,UAAU;oBAClB,WAAW,EACT,oGAAoG;iBACvG;aACF;SACF;KACF,EACD;QACE,cAAc,EAAE;YACd,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,4CAA4C;YACzD,MAAM,EAAE,UAAU;SACnB;QACD,SAAS,EAAE;YACT,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,sEAAsE;YACnF,MAAM,EAAE,QAAQ;SACjB;KACF,EACD;QACE,SAAS,EAAE,UAAU;QACrB,gBAAgB,EAAE,IAAI;QACtB,iBAAiB,EAAE,IAAI;QACvB,OAAO;KACR,CACF,CAAA;IAED,IAAI,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAA;IACrD,CAAC;IACD,MAAM,YAAY,GAAG,GAAG,CAAC,IAAI,CAAC,SAAS,IAAI,KAAK,CAAA;IAChD,MAAM,cAAc,GAAG,MAAM,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,CAAA;IACxE,MAAM,aAAa,GAAG,gBAAgB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAA;IAEpE,IAAI,GAAG,CAAC,UAAU,KAAK,UAAU,EAAE,CAAC;QAClC,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,IAAI,CAAA;QAC1E,MAAM,WAAW,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAA;QAEpD,MAAM,MAAM,GAAG,MAAM,eAAe,CAClC;YACE,SAAS,EAAE,SAAU;YACrB,WAAW,EAAE,QAAQ;YACrB,eAAe,EAAE,eAAe;YAChC,MAAM,EAAE,MAAO;YACf,iBAAiB,EAAE,WAAW;SAC/B,EACD,aAAa,CACd,CAAA;QAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAA;YACnC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;YACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,sBAAsB,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAA;QAC5D,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACrB,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;QAC9C,CAAC;QAED,IAAI,CAAC,wBAAwB,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,QAAQ,EAAE,MAAO,CAAC,EAAE,CAAC;YACzE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;IACH,CAAC;SAAM,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACxC,MAAM,EAAE,QAAQ,EAAE,eAAe,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,IAAI,CAAA;QACvD,IAAI,CAAC,eAAe,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC1D,OAAO,CAAC,KAAK,CACX,qGAAqG,CACtG,CAAA;YACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACjB,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,aAAa,EAAE;YAC1C,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAS;YAC5B,OAAO,EAAE,GAAG,CAAC,IAAI,CAAC,OAAQ;YAC1B,eAAe,EAAE,GAAG,CAAC,IAAI,CAAC,eAAe;SAC1C,CAAC,CAAA;QAEF,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAA;IAC/C,CAAC;AACH,CAAC,CAAA;AAED,IAAI,EAAE;KACH,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IACX,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAChB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;AACjB,CAAC,CAAC;KACD,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;KACd,OAAO,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;AAEpB;;;;;GAKG;AACH,SAAS,uBAAuB,CAAC,WAAqB;IACpD,MAAM,UAAU,GAAsC,EAAE,CAAA;IACxD,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACvC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAC/B,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtB,UAAU,CAAC,OAAO,CAAC,GAAG,MAAM,CAAA;YAC9B,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;YACjC,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,UAAU,CAAA;AACnB,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cloud-copilot/iam-lens",
-  "version": "0.1.8",
+  "version": "0.1.10",
   "description": "Visibility in IAM in and across AWS accounts",
   "keywords": [
     "aws",