@factiii/stack 0.1.6 → 0.1.8

package/dist/plugins/pipelines/aws/scanfix/ec2.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ec2.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/ec2.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAGH,4DAAsG;AAEtG;;GAEG;AACH,SAAS,OAAO,CAAC,WAAmB,EAAE,MAAc;IAClD,MAAM,MAAM,GAAG,IAAA,4BAAW,EACxB,mEAAmE,GAAG,WAAW,GAAG,yCAAyC,EAC7H,MAAM,CACP,CAAC;IACF,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACnE,OAAO,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,WAAmB,EAAE,MAAc,EAAE,IAAY;IACnE,MAAM,MAAM,GAAG,IAAA,4BAAW,EACxB,sEAAsE,GAAG,WAAW,GAAG,yCAAyC,GAAG,IAAI,GAAG,+CAA+C,EACzL,MAAM,CACP,CAAC;IACF,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACnE,OAAO,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,SAAiB,EAAE,KAAa,EAAE,MAAc;IACzE,MAAM,MAAM,GAAG,IAAA,4BAAW,EACxB,qEAAqE,GAAG,SAAS,GAAG,wBAAwB,GAAG,KAAK,GAAG,qDAAqD,EAC5K,MAAM,CACP,CAAC;IACF,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACnE,OAAO,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,OAAe,EAAE,MAAc;IAClD,MAAM,MAAM,GAAG,IAAA,4BAAW,EACxB,yCAAyC,GAAG,OAAO,GAAG,gDAAgD,EACtG,MAAM,CACP,CAAC;IACF,OAAO,CAAC,CAAC,MAAM,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,MAAM,CAAC;AAC5D,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,WAAmB,EAAE,MAAc;IACvD,MAAM,MAAM,GAAG,IAAA,4BAAW,EACxB,wEAAwE,GAAG,WAAW,GAAG,qHAAqH,EAC9M,MAAM,CACP,CAAC;IACF,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACnE,OAAO,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,UAAkB,EAAE,MAAc;IACvD,MAAM,MAAM,GAAG,IAAA,4BAAW,EACxB,gEAAgE,GAAG,UAAU,GAAG,iDAAiD,EACjI,MAAM,CACP,CAAC;IACF,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACnE,OAAO,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,MAAc;IAClC,MAAM,MAAM,GAAG,IAAA,4BAAW,EACxB,qOAAqO,EACrO,MAAM,CACP,CAAC;IACF,IAAI,CAAC,MAAM,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACnE,OAAO,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,MAAqB;IAC5C,IAAI,MAAM,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAC5B,iEAAiE;IACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,qCAAqC,CAAC,CAAC;IAC/E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACjD,OAAO,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CACrC,CAAC,CAAU,EAAE,EAAE,CAAE,CAA2B,CAAC,QAAQ,KAAK,KAAK,CAChE,CAAC;AACJ,CAAC;AAEY,QAAA,QAAQ,GAAU;IAC7B;QACE,EAAE,EAAE,qBAAqB;QACzB,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,yCAAyC;QACtD,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,OAAO,CAAC,WAAW,CAAC,UAAU,GAAG,WAAW,EAAE,MAAM,CAAC,CAAC;QACxD,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,OAAO,GAAG,UAAU,GAAG,WAAW,CAAC;YAEzC,IAAI,CAAC;gBACH,yDAAyD;gBACzD,MAAM,MAAM,GAAG,IAAA,wBAAO,EACpB,qCAAqC,GAAG,OAAO,GAAG,yDAAyD,EAC3G,MAAM,CACP,CAAC;gBAEF,6CAA6C;gBAC7C,MAAM,EAAE,GAAG,wDAAa,IAAI,GAAC,CAAC;gBAC9B,MAAM,EAAE,GAAG,wDAAa,IAAI,GAAC,CAAC;gBAC9B,MAAM,IAAI,GAAG,wDAAa,MAAM,GAAC,CAAC;gBAClC,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,MAAM,CAAC,CAAC;gBAC/C,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC3B,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;gBACxC,CAAC;gBACD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;gBACrD,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC1D,OAAO,CAAC,GAAG,CAAC,uBAAuB,GAAG,OAAO,CAAC,CAAC;gBAC/C,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,OAAO,CAAC,CAAC;gBAEnD,uCAAuC;gBACvC,IAAI,MAAM,CAAC,OAAO,EAAE,UAAU,EAAE,CAAC;oBAC/B,OAAO,CAAC,GAAG,CAAC,sEAAsE,CAAC,CAAC;gBACtF,CAAC;gBAED,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,gCAAgC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC7F,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,uFAAuF;KACnG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,UAAU;QACpB,WAAW,EAAE,mDAAmD;QAChE,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,OAAO,CAAC,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAC5C,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,KAAK,GAAG,OAAO,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YAC3C,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,8BAA8B,CAAC,CAAC;gBAC5C,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,YAAY,GAAG,UAAU,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YAC/D,IAAI,CAAC,YAAY,EAAE,CAAC;gBAClB,OAAO,CAAC,GAAG,CAAC,wCAAwC,CAAC,CAAC;gBACtD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,OAAO,GAAG,iBAAiB,CAAC,UAAU,GAAG,WAAW,GAAG,MAAM,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YACpF,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,CAAC,GAAG,CAAC,6CAA6C,CAAC,CAAC;gBAC3D,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,OAAO,GAAG,UAAU,GAAG,WAAW,CAAC;YACzC,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,MAAM,CAAC,EAAE,CAAC;gBAClC,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACjD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,8BAA8B;gBAC9B,MAAM,KAAK,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;gBACnC,IAAI,CAAC,KAAK,EAAE,CAAC;oBACX,OAAO,CAAC,GAAG,CAAC,gDAAgD,GAAG,MAAM,CAAC,CAAC;oBACvE,OAAO,KAAK,CAAC;gBACf,CAAC;gBACD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,KAAK,CAAC,CAAC;gBAEtC,kBAAkB;gBAClB,MAAM,cAAc,GAAG,IAAA,wBAAO,EAC5B,uBAAuB;oBACvB,cAAc,GAAG,KAAK;oBACtB,2BAA2B;oBAC3B,cAAc,GAAG,OAAO;oBACxB,wBAAwB,GAAG,OAAO;oBAClC,eAAe,GAAG,YAAY;oBAC9B,YAAY;oBACZ,GAAG,GAAG,IAAA,wBAAO,EAAC,UAAU,EAAE,WAAW,CAAC,EACtC,MAAM,CACP,CAAC;gBACF,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;gBACtE,OAAO,CAAC,GAAG,CAAC,4BAA4B,GAAG,UAAU,CAAC,CAAC;gBACvD,OAAO,CAAC,GAAG,CAAC,iDAAiD,CAAC,CAAC;gBAC/D,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;gBAExD,kCAAkC;gBAClC,IAAA,wBAAO,EACL,+CAA+C,GAAG,UAAU,EAC5D,MAAM,CACP,CAAC;gBAEF,gBAAgB;gBAChB,MAAM,QAAQ,GAAG,IAAA,4BAAW,EAC1B,4CAA4C,GAAG,UAAU,GAAG,uEAAuE,EACnI,MAAM,CACP,CAAC;gBACF,IAAI,QAAQ,IAAI,QAAQ,KAAK,MAAM,EAAE,CAAC;oBACpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,QAAQ,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;oBAC3D,OAAO,CAAC,GAAG,CAAC,wEAAwE,CAAC,CAAC;gBACxF,CAAC;gBAED,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,oCAAoC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,8GAA8G;KAC1H;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,iEAAiE;QAC9E,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACrD,IAAI,CAAC,UAAU;gBAAE,OAAO,KAAK,CAAC,CAAC,4BAA4B;YAC3D,OAAO,CAAC,aAAa,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC5C,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,UAAU,GAAG,YAAY,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;YACrD,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;gBACrD,OAAO,KAAK,CAAC;YACf,CAAC;YAED,IAAI,CAAC;gBACH,sBAAsB;gBACtB,MAAM,SAAS,GAAG,IAAA,wBAAO,EACvB,wCAAwC,GAAG,IAAA,wBAAO,EAAC,YAAY,EAAE,WAAW,CAAC,EAC7E,MAAM,CACP,CAAC;gBACF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrC,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;gBACzC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;gBACjC,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,QAAQ,CAAC,CAAC;gBAEpD,0BAA0B;gBAC1B,IAAA,wBAAO,EACL,4CAA4C,GAAG,YAAY,GAAG,iBAAiB,GAAG,UAAU,EAC5F,MAAM,CACP,CAAC;gBACF,OAAO,CAAC,GAAG,CAAC,+BAA+B,GAAG,UAAU,CAAC,CAAC;gBAC1D,OAAO,CAAC,GAAG,CAAC,wCAAwC,GAAG,QAAQ,CAAC,CAAC;gBAEjE,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,oCAAoC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,qDAAqD;KACjE;CACF,CAAC"}

package/dist/plugins/pipelines/aws/scanfix/ecr.d.ts

@@ -0,0 +1,9 @@
+/**
+ * AWS ECR Fixes
+ *
+ * Provisions ECR (Elastic Container Registry) repository
+ * with lifecycle policy to keep costs down.
+ */
+import type { Fix } from '../../../../types/index.js';
+export declare const ecrFixes: Fix[];
+//# sourceMappingURL=ecr.d.ts.map

package/dist/plugins/pipelines/aws/scanfix/ecr.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecr.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/ecr.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AA2BrE,eAAO,MAAM,QAAQ,EAAE,GAAG,EAgFzB,CAAC"}

package/dist/plugins/pipelines/aws/scanfix/ecr.js

@@ -0,0 +1,100 @@
+"use strict";
+/**
+ * AWS ECR Fixes
+ *
+ * Provisions ECR (Elastic Container Registry) repository
+ * with lifecycle policy to keep costs down.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ecrFixes = void 0;
+const aws_helpers_js_1 = require("../utils/aws-helpers.js");
+/**
+ * Check if ECR repository exists
+ */
+function findEcrRepo(repoName, region) {
+    const result = (0, aws_helpers_js_1.awsExecSafe)('aws ecr describe-repositories --repository-names ' + repoName, region);
+    return !!result && !result.includes('RepositoryNotFoundException');
+}
+/**
+ * Check if AWS is configured for this project
+ */
+function isAwsConfigured(config) {
+    if (config.aws)
+        return true;
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    const { extractEnvironments } = require('../../../../utils/config-helpers.js');
+    const environments = extractEnvironments(config);
+    return Object.values(environments).some((e) => e.pipeline === 'aws');
+}
+exports.ecrFixes = [
+    {
+        id: 'aws-ecr-repo-missing',
+        stage: 'prod',
+        severity: 'warning',
+        description: 'ECR repository not created for container images',
+        scan: async (config) => {
+            if (!isAwsConfigured(config))
+                return false;
+            const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
+            const projectName = (0, aws_helpers_js_1.getProjectName)(config);
+            return !findEcrRepo(projectName, region);
+        },
+        fix: async (config) => {
+            const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
+            const projectName = (0, aws_helpers_js_1.getProjectName)(config);
+            try {
+                // Create ECR repository
+                const result = (0, aws_helpers_js_1.awsExec)('aws ecr create-repository --repository-name ' + projectName +
+                    ' --image-scanning-configuration scanOnPush=true', region);
+                const parsed = JSON.parse(result);
+                const repoUri = parsed.repository?.repositoryUri;
+                console.log('   Created ECR repository: ' + projectName);
+                if (repoUri) {
+                    console.log('   Repository URI: ' + repoUri);
+                }
+                // Set lifecycle policy to keep only 10 images (control costs)
+                const lifecyclePolicy = JSON.stringify({
+                    rules: [{
+                            rulePriority: 1,
+                            description: 'Keep only 10 images',
+                            selection: {
+                                tagStatus: 'any',
+                                countType: 'imageCountMoreThan',
+                                countNumber: 10,
+                            },
+                            action: { type: 'expire' },
+                        }],
+                });
+                (0, aws_helpers_js_1.awsExec)('aws ecr put-lifecycle-policy --repository-name ' + projectName +
+                    " --lifecycle-policy-text '" + lifecyclePolicy + "'", region);
+                console.log('   Set lifecycle policy: keep 10 most recent images');
+                return true;
+            }
+            catch (e) {
+                console.log('   Failed to create ECR repository: ' + (e instanceof Error ? e.message : String(e)));
+                return false;
+            }
+        },
+        manualFix: 'Create ECR repository: aws ecr create-repository --repository-name <app-name>',
+    },
+    {
+        id: 'aws-ecr-login-test',
+        stage: 'dev',
+        severity: 'info',
+        description: 'ECR Docker login not working from dev machine',
+        scan: async (config) => {
+            if (!isAwsConfigured(config))
+                return false;
+            const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
+            const projectName = (0, aws_helpers_js_1.getProjectName)(config);
+            if (!findEcrRepo(projectName, region))
+                return false;
+            // Test ECR login
+            const result = (0, aws_helpers_js_1.awsExecSafe)('aws ecr get-login-password', region);
+            return !result;
+        },
+        fix: null,
+        manualFix: 'Test ECR login: aws ecr get-login-password --region <region> | docker login --username AWS --password-stdin <account-id>.dkr.ecr.<region>.amazonaws.com',
+    },
+];
+//# sourceMappingURL=ecr.js.map

package/dist/plugins/pipelines/aws/scanfix/ecr.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ecr.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/ecr.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AAGH,4DAA6F;AAE7F;;GAEG;AACH,SAAS,WAAW,CAAC,QAAgB,EAAE,MAAc;IACnD,MAAM,MAAM,GAAG,IAAA,4BAAW,EACxB,mDAAmD,GAAG,QAAQ,EAC9D,MAAM,CACP,CAAC;IACF,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,6BAA6B,CAAC,CAAC;AACrE,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,MAAqB;IAC5C,IAAI,MAAM,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAC5B,iEAAiE;IACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,qCAAqC,CAAC,CAAC;IAC/E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACjD,OAAO,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CACrC,CAAC,CAAU,EAAE,EAAE,CAAE,CAA2B,CAAC,QAAQ,KAAK,KAAK,CAChE,CAAC;AACJ,CAAC;AAEY,QAAA,QAAQ,GAAU;IAC7B;QACE,EAAE,EAAE,sBAAsB;QAC1B,KAAK,EAAE,MAAM;QACb,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,iDAAiD;QAC9D,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,OAAO,CAAC,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAC3C,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAE3C,IAAI,CAAC;gBACH,wBAAwB;gBACxB,MAAM,MAAM,GAAG,IAAA,wBAAO,EACpB,8CAA8C,GAAG,WAAW;oBAC5D,iDAAiD,EACjD,MAAM,CACP,CAAC;gBACF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAClC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,aAAa,CAAC;gBACjD,OAAO,CAAC,GAAG,CAAC,6BAA6B,GAAG,WAAW,CAAC,CAAC;gBACzD,IAAI,OAAO,EAAE,CAAC;oBACZ,OAAO,CAAC,GAAG,CAAC,qBAAqB,GAAG,OAAO,CAAC,CAAC;gBAC/C,CAAC;gBAED,8DAA8D;gBAC9D,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC;oBACrC,KAAK,EAAE,CAAC;4BACN,YAAY,EAAE,CAAC;4BACf,WAAW,EAAE,qBAAqB;4BAClC,SAAS,EAAE;gCACT,SAAS,EAAE,KAAK;gCAChB,SAAS,EAAE,oBAAoB;gCAC/B,WAAW,EAAE,EAAE;6BAChB;4BACD,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;yBAC3B,CAAC;iBACH,CAAC,CAAC;gBAEH,IAAA,wBAAO,EACL,iDAAiD,GAAG,WAAW;oBAC/D,4BAA4B,GAAG,eAAe,GAAG,GAAG,EACpD,MAAM,CACP,CAAC;gBACF,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;gBAEnE,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,sCAAsC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACnG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,+EAA+E;KAC3F;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,KAAK,EAAE,KAAK;QACZ,QAAQ,EAAE,MAAM;QAChB,WAAW,EAAE,+CAA+C;QAC5D,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAEpD,iBAAiB;YACjB,MAAM,MAAM,GAAG,IAAA,4BAAW,EACxB,4BAA4B,EAC5B,MAAM,CACP,CAAC;YACF,OAAO,CAAC,MAAM,CAAC;QACjB,CAAC;QACD,GAAG,EAAE,IAAI;QACT,SAAS,EAAE,yJAAyJ;KACrK;CACF,CAAC"}

package/dist/plugins/pipelines/aws/scanfix/iam.d.ts

@@ -0,0 +1,10 @@
+/**
+ * AWS IAM Fixes
+ *
+ * Creates IAM users with scoped policies:
+ * - Dev user: read-only access for development
+ * - Prod user: full access for deployment
+ */
+import type { Fix } from '../../../../types/index.js';
+export declare const iamFixes: Fix[];
+//# sourceMappingURL=iam.d.ts.map

package/dist/plugins/pipelines/aws/scanfix/iam.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"iam.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/iam.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AA0JrE,eAAO,MAAM,QAAQ,EAAE,GAAG,EA6HzB,CAAC"}

package/dist/plugins/pipelines/aws/scanfix/iam.js

@@ -0,0 +1,255 @@
+"use strict";
+/**
+ * AWS IAM Fixes
+ *
+ * Creates IAM users with scoped policies:
+ * - Dev user: read-only access for development
+ * - Prod user: full access for deployment
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.iamFixes = void 0;
+const aws_helpers_js_1 = require("../utils/aws-helpers.js");
+/**
+ * Check if IAM user exists
+ */
+function findIamUser(userName, region) {
+    const result = (0, aws_helpers_js_1.awsExecSafe)('aws iam get-user --user-name ' + userName, region);
+    return !!result && !result.includes('NoSuchEntity');
+}
+/**
+ * Check if AWS is configured for this project
+ */
+function isAwsConfigured(config) {
+    if (config.aws)
+        return true;
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    const { extractEnvironments } = require('../../../../utils/config-helpers.js');
+    const environments = extractEnvironments(config);
+    return Object.values(environments).some((e) => e.pipeline === 'aws');
+}
+/**
+ * Generate dev IAM policy (read-only)
+ */
+function getDevPolicy(projectName, region, accountId) {
+    return JSON.stringify({
+        Version: '2012-10-17',
+        Statement: [
+            {
+                Sid: 'ECRReadOnly',
+                Effect: 'Allow',
+                Action: [
+                    'ecr:GetAuthorizationToken',
+                    'ecr:BatchGetImage',
+                    'ecr:GetDownloadUrlForLayer',
+                    'ecr:DescribeRepositories',
+                    'ecr:ListImages',
+                ],
+                Resource: 'arn:aws:ecr:' + region + ':' + accountId + ':repository/' + projectName,
+            },
+            {
+                Sid: 'ECRAuth',
+                Effect: 'Allow',
+                Action: 'ecr:GetAuthorizationToken',
+                Resource: '*',
+            },
+            {
+                Sid: 'S3ReadOnly',
+                Effect: 'Allow',
+                Action: [
+                    's3:GetObject',
+                    's3:ListBucket',
+                ],
+                Resource: [
+                    'arn:aws:s3:::factiii-' + projectName,
+                    'arn:aws:s3:::factiii-' + projectName + '/*',
+                ],
+            },
+            {
+                Sid: 'EC2Describe',
+                Effect: 'Allow',
+                Action: [
+                    'ec2:DescribeInstances',
+                    'ec2:DescribeVpcs',
+                    'ec2:DescribeSubnets',
+                    'ec2:DescribeSecurityGroups',
+                ],
+                Resource: '*',
+            },
+            {
+                Sid: 'RDSDescribe',
+                Effect: 'Allow',
+                Action: [
+                    'rds:DescribeDBInstances',
+                    'rds:DescribeDBSubnetGroups',
+                ],
+                Resource: '*',
+            },
+        ],
+    });
+}
+/**
+ * Generate prod IAM policy (full access for deployment)
+ */
+function getProdPolicy(projectName, region, accountId) {
+    return JSON.stringify({
+        Version: '2012-10-17',
+        Statement: [
+            {
+                Sid: 'ECRFullAccess',
+                Effect: 'Allow',
+                Action: 'ecr:*',
+                Resource: 'arn:aws:ecr:' + region + ':' + accountId + ':repository/' + projectName,
+            },
+            {
+                Sid: 'ECRAuth',
+                Effect: 'Allow',
+                Action: 'ecr:GetAuthorizationToken',
+                Resource: '*',
+            },
+            {
+                Sid: 'S3FullAccess',
+                Effect: 'Allow',
+                Action: 's3:*',
+                Resource: [
+                    'arn:aws:s3:::factiii-' + projectName,
+                    'arn:aws:s3:::factiii-' + projectName + '/*',
+                ],
+            },
+            {
+                Sid: 'EC2Management',
+                Effect: 'Allow',
+                Action: [
+                    'ec2:DescribeInstances',
+                    'ec2:StartInstances',
+                    'ec2:StopInstances',
+                    'ec2:RebootInstances',
+                    'ec2:DescribeVpcs',
+                    'ec2:DescribeSubnets',
+                    'ec2:DescribeSecurityGroups',
+                    'ec2:DescribeAddresses',
+                ],
+                Resource: '*',
+            },
+            {
+                Sid: 'RDSManagement',
+                Effect: 'Allow',
+                Action: [
+                    'rds:DescribeDBInstances',
+                    'rds:StartDBInstance',
+                    'rds:StopDBInstance',
+                    'rds:RebootDBInstance',
+                    'rds:CreateDBSnapshot',
+                    'rds:DescribeDBSnapshots',
+                ],
+                Resource: '*',
+            },
+            {
+                Sid: 'SESFullAccess',
+                Effect: 'Allow',
+                Action: 'ses:*',
+                Resource: '*',
+            },
+        ],
+    });
+}
+exports.iamFixes = [
+    {
+        id: 'aws-iam-dev-user-missing',
+        stage: 'secrets',
+        severity: 'warning',
+        description: 'IAM dev user not created (read-only access)',
+        scan: async (config) => {
+            if (!isAwsConfigured(config))
+                return false;
+            const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
+            const projectName = (0, aws_helpers_js_1.getProjectName)(config);
+            return !findIamUser('factiii-' + projectName + '-dev', region);
+        },
+        fix: async (config) => {
+            const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
+            const projectName = (0, aws_helpers_js_1.getProjectName)(config);
+            const userName = 'factiii-' + projectName + '-dev';
+            try {
+                // Get account ID for ARNs
+                const accountResult = (0, aws_helpers_js_1.awsExec)('aws sts get-caller-identity --query Account --output text', region);
+                const accountId = accountResult.replace(/"/g, '').trim();
+                // Create IAM user
+                (0, aws_helpers_js_1.awsExec)('aws iam create-user --user-name ' + userName, region);
+                console.log('   Created IAM user: ' + userName);
+                // Create and attach inline policy
+                const policy = getDevPolicy(projectName, region, accountId);
+                (0, aws_helpers_js_1.awsExec)('aws iam put-user-policy --user-name ' + userName +
+                    ' --policy-name factiii-' + projectName + '-dev-policy' +
+                    " --policy-document '" + policy + "'", region);
+                console.log('   Attached dev policy (read-only ECR, S3, EC2, RDS)');
+                // Create access key
+                const keyResult = (0, aws_helpers_js_1.awsExec)('aws iam create-access-key --user-name ' + userName, region);
+                const parsed = JSON.parse(keyResult);
+                const accessKeyId = parsed.AccessKey?.AccessKeyId;
+                const secretKey = parsed.AccessKey?.SecretAccessKey;
+                console.log('');
+                console.log('   Dev credentials (save these!):');
+                console.log('   Access Key ID: ' + accessKeyId);
+                console.log('   Secret Access Key: ' + secretKey);
+                console.log('');
+                console.log('   TIP: Store in Ansible Vault: npx factiii secrets edit');
+                return true;
+            }
+            catch (e) {
+                console.log('   Failed to create dev IAM user: ' + (e instanceof Error ? e.message : String(e)));
+                return false;
+            }
+        },
+        manualFix: 'Create IAM dev user with read-only policy for ECR, S3, EC2, RDS',
+    },
+    {
+        id: 'aws-iam-prod-user-missing',
+        stage: 'secrets',
+        severity: 'warning',
+        description: 'IAM prod user not created (deployment access)',
+        scan: async (config) => {
+            if (!isAwsConfigured(config))
+                return false;
+            const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
+            const projectName = (0, aws_helpers_js_1.getProjectName)(config);
+            return !findIamUser('factiii-' + projectName + '-prod', region);
+        },
+        fix: async (config) => {
+            const { region } = (0, aws_helpers_js_1.getAwsConfig)(config);
+            const projectName = (0, aws_helpers_js_1.getProjectName)(config);
+            const userName = 'factiii-' + projectName + '-prod';
+            try {
+                // Get account ID for ARNs
+                const accountResult = (0, aws_helpers_js_1.awsExec)('aws sts get-caller-identity --query Account --output text', region);
+                const accountId = accountResult.replace(/"/g, '').trim();
+                // Create IAM user
+                (0, aws_helpers_js_1.awsExec)('aws iam create-user --user-name ' + userName, region);
+                console.log('   Created IAM user: ' + userName);
+                // Create and attach inline policy
+                const policy = getProdPolicy(projectName, region, accountId);
+                (0, aws_helpers_js_1.awsExec)('aws iam put-user-policy --user-name ' + userName +
+                    ' --policy-name factiii-' + projectName + '-prod-policy' +
+                    " --policy-document '" + policy + "'", region);
+                console.log('   Attached prod policy (full ECR, S3, EC2, RDS, SES)');
+                // Create access key
+                const keyResult = (0, aws_helpers_js_1.awsExec)('aws iam create-access-key --user-name ' + userName, region);
+                const parsed = JSON.parse(keyResult);
+                const accessKeyId = parsed.AccessKey?.AccessKeyId;
+                const secretKey = parsed.AccessKey?.SecretAccessKey;
+                console.log('');
+                console.log('   Prod credentials (save these!):');
+                console.log('   Access Key ID: ' + accessKeyId);
+                console.log('   Secret Access Key: ' + secretKey);
+                console.log('');
+                console.log('   TIP: Store in Ansible Vault: npx factiii secrets edit');
+                return true;
+            }
+            catch (e) {
+                console.log('   Failed to create prod IAM user: ' + (e instanceof Error ? e.message : String(e)));
+                return false;
+            }
+        },
+        manualFix: 'Create IAM prod user with deployment policy for ECR, S3, EC2, RDS, SES',
+    },
+];
+//# sourceMappingURL=iam.js.map

package/dist/plugins/pipelines/aws/scanfix/iam.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"iam.js","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/iam.ts"],"names":[],"mappings":";AAAA;;;;;;GAMG;;;AAGH,4DAA6F;AAE7F;;GAEG;AACH,SAAS,WAAW,CAAC,QAAgB,EAAE,MAAc;IACnD,MAAM,MAAM,GAAG,IAAA,4BAAW,EACxB,+BAA+B,GAAG,QAAQ,EAC1C,MAAM,CACP,CAAC;IACF,OAAO,CAAC,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,MAAqB;IAC5C,IAAI,MAAM,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IAC5B,iEAAiE;IACjE,MAAM,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,qCAAqC,CAAC,CAAC;IAC/E,MAAM,YAAY,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IACjD,OAAO,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CACrC,CAAC,CAAU,EAAE,EAAE,CAAE,CAA2B,CAAC,QAAQ,KAAK,KAAK,CAChE,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,WAAmB,EAAE,MAAc,EAAE,SAAiB;IAC1E,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,GAAG,EAAE,aAAa;gBAClB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,2BAA2B;oBAC3B,mBAAmB;oBACnB,4BAA4B;oBAC5B,0BAA0B;oBAC1B,gBAAgB;iBACjB;gBACD,QAAQ,EAAE,cAAc,GAAG,MAAM,GAAG,GAAG,GAAG,SAAS,GAAG,cAAc,GAAG,WAAW;aACnF;YACD;gBACE,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,2BAA2B;gBACnC,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,YAAY;gBACjB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,cAAc;oBACd,eAAe;iBAChB;gBACD,QAAQ,EAAE;oBACR,uBAAuB,GAAG,WAAW;oBACrC,uBAAuB,GAAG,WAAW,GAAG,IAAI;iBAC7C;aACF;YACD;gBACE,GAAG,EAAE,aAAa;gBAClB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,uBAAuB;oBACvB,kBAAkB;oBAClB,qBAAqB;oBACrB,4BAA4B;iBAC7B;gBACD,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,aAAa;gBAClB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,yBAAyB;oBACzB,4BAA4B;iBAC7B;gBACD,QAAQ,EAAE,GAAG;aACd;SACF;KACF,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,WAAmB,EAAE,MAAc,EAAE,SAAiB;IAC3E,OAAO,IAAI,CAAC,SAAS,CAAC;QACpB,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE;YACT;gBACE,GAAG,EAAE,eAAe;gBACpB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,cAAc,GAAG,MAAM,GAAG,GAAG,GAAG,SAAS,GAAG,cAAc,GAAG,WAAW;aACnF;YACD;gBACE,GAAG,EAAE,SAAS;gBACd,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,2BAA2B;gBACnC,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,cAAc;gBACnB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,MAAM;gBACd,QAAQ,EAAE;oBACR,uBAAuB,GAAG,WAAW;oBACrC,uBAAuB,GAAG,WAAW,GAAG,IAAI;iBAC7C;aACF;YACD;gBACE,GAAG,EAAE,eAAe;gBACpB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,uBAAuB;oBACvB,oBAAoB;oBACpB,mBAAmB;oBACnB,qBAAqB;oBACrB,kBAAkB;oBAClB,qBAAqB;oBACrB,4BAA4B;oBAC5B,uBAAuB;iBACxB;gBACD,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,eAAe;gBACpB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE;oBACN,yBAAyB;oBACzB,qBAAqB;oBACrB,oBAAoB;oBACpB,sBAAsB;oBACtB,sBAAsB;oBACtB,yBAAyB;iBAC1B;gBACD,QAAQ,EAAE,GAAG;aACd;YACD;gBACE,GAAG,EAAE,eAAe;gBACpB,MAAM,EAAE,OAAO;gBACf,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,GAAG;aACd;SACF;KACF,CAAC,CAAC;AACL,CAAC;AAEY,QAAA,QAAQ,GAAU;IAC7B;QACE,EAAE,EAAE,0BAA0B;QAC9B,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,6CAA6C;QAC1D,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,OAAO,CAAC,WAAW,CAAC,UAAU,GAAG,WAAW,GAAG,MAAM,EAAE,MAAM,CAAC,CAAC;QACjE,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,QAAQ,GAAG,UAAU,GAAG,WAAW,GAAG,MAAM,CAAC;YAEnD,IAAI,CAAC;gBACH,0BAA0B;gBAC1B,MAAM,aAAa,GAAG,IAAA,wBAAO,EAC3B,2DAA2D,EAC3D,MAAM,CACP,CAAC;gBACF,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBAEzD,kBAAkB;gBAClB,IAAA,wBAAO,EAAC,kCAAkC,GAAG,QAAQ,EAAE,MAAM,CAAC,CAAC;gBAC/D,OAAO,CAAC,GAAG,CAAC,uBAAuB,GAAG,QAAQ,CAAC,CAAC;gBAEhD,kCAAkC;gBAClC,MAAM,MAAM,GAAG,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;gBAC5D,IAAA,wBAAO,EACL,sCAAsC,GAAG,QAAQ;oBACjD,yBAAyB,GAAG,WAAW,GAAG,aAAa;oBACvD,sBAAsB,GAAG,MAAM,GAAG,GAAG,EACrC,MAAM,CACP,CAAC;gBACF,OAAO,CAAC,GAAG,CAAC,sDAAsD,CAAC,CAAC;gBAEpE,oBAAoB;gBACpB,MAAM,SAAS,GAAG,IAAA,wBAAO,EACvB,wCAAwC,GAAG,QAAQ,EACnD,MAAM,CACP,CAAC;gBACF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrC,MAAM,WAAW,GAAG,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC;gBAClD,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,EAAE,eAAe,CAAC;gBAEpD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;gBACjD,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,WAAW,CAAC,CAAC;gBAChD,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,SAAS,CAAC,CAAC;gBAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;gBAExE,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,oCAAoC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,iEAAiE;KAC7E;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,KAAK,EAAE,SAAS;QAChB,QAAQ,EAAE,SAAS;QACnB,WAAW,EAAE,+CAA+C;QAC5D,IAAI,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACtD,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;gBAAE,OAAO,KAAK,CAAC;YAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,OAAO,CAAC,WAAW,CAAC,UAAU,GAAG,WAAW,GAAG,OAAO,EAAE,MAAM,CAAC,CAAC;QAClE,CAAC;QACD,GAAG,EAAE,KAAK,EAAE,MAAqB,EAAoB,EAAE;YACrD,MAAM,EAAE,MAAM,EAAE,GAAG,IAAA,6BAAY,EAAC,MAAM,CAAC,CAAC;YACxC,MAAM,WAAW,GAAG,IAAA,+BAAc,EAAC,MAAM,CAAC,CAAC;YAC3C,MAAM,QAAQ,GAAG,UAAU,GAAG,WAAW,GAAG,OAAO,CAAC;YAEpD,IAAI,CAAC;gBACH,0BAA0B;gBAC1B,MAAM,aAAa,GAAG,IAAA,wBAAO,EAC3B,2DAA2D,EAC3D,MAAM,CACP,CAAC;gBACF,MAAM,SAAS,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBAEzD,kBAAkB;gBAClB,IAAA,wBAAO,EAAC,kCAAkC,GAAG,QAAQ,EAAE,MAAM,CAAC,CAAC;gBAC/D,OAAO,CAAC,GAAG,CAAC,uBAAuB,GAAG,QAAQ,CAAC,CAAC;gBAEhD,kCAAkC;gBAClC,MAAM,MAAM,GAAG,aAAa,CAAC,WAAW,EAAE,MAAM,EAAE,SAAS,CAAC,CAAC;gBAC7D,IAAA,wBAAO,EACL,sCAAsC,GAAG,QAAQ;oBACjD,yBAAyB,GAAG,WAAW,GAAG,cAAc;oBACxD,sBAAsB,GAAG,MAAM,GAAG,GAAG,EACrC,MAAM,CACP,CAAC;gBACF,OAAO,CAAC,GAAG,CAAC,uDAAuD,CAAC,CAAC;gBAErE,oBAAoB;gBACpB,MAAM,SAAS,GAAG,IAAA,wBAAO,EACvB,wCAAwC,GAAG,QAAQ,EACnD,MAAM,CACP,CAAC;gBACF,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;gBACrC,MAAM,WAAW,GAAG,MAAM,CAAC,SAAS,EAAE,WAAW,CAAC;gBAClD,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,EAAE,eAAe,CAAC;gBAEpD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,oCAAoC,CAAC,CAAC;gBAClD,OAAO,CAAC,GAAG,CAAC,oBAAoB,GAAG,WAAW,CAAC,CAAC;gBAChD,OAAO,CAAC,GAAG,CAAC,wBAAwB,GAAG,SAAS,CAAC,CAAC;gBAClD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBAChB,OAAO,CAAC,GAAG,CAAC,0DAA0D,CAAC,CAAC;gBAExE,OAAO,IAAI,CAAC;YACd,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,OAAO,CAAC,GAAG,CAAC,qCAAqC,GAAG,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClG,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,SAAS,EAAE,wEAAwE;KACpF;CACF,CAAC"}

package/dist/plugins/pipelines/aws/scanfix/rds.d.ts

@@ -0,0 +1,10 @@
+/**
+ * AWS RDS Fixes
+ *
+ * Provisions RDS PostgreSQL 15 instance (db.t2.micro free tier).
+ * Creates DB subnet group from private subnets, launches instance with RDS SG.
+ * Stores DATABASE_URL in Ansible Vault.
+ */
+import type { Fix } from '../../../../types/index.js';
+export declare const rdsFixes: Fix[];
+//# sourceMappingURL=rds.d.ts.map

package/dist/plugins/pipelines/aws/scanfix/rds.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rds.d.ts","sourceRoot":"","sources":["../../../../../src/plugins/pipelines/aws/scanfix/rds.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAiB,GAAG,EAAE,MAAM,4BAA4B,CAAC;AAmGrE,eAAO,MAAM,QAAQ,EAAE,GAAG,EA6KzB,CAAC"}