@sureshgururajan/aws-console-private-access-validator 1.0.5 → 1.0.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.npmrc.bak +2 -0
- package/dist/index.js +23 -4
- package/dist/index.js.map +1 -1
- package/dist/validator.d.ts.map +1 -1
- package/dist/validator.js +16 -22
- package/dist/validator.js.map +1 -1
- package/package.json +1 -1
- package/src/index.ts +25 -5
- package/src/validator.ts +20 -32
package/.npmrc.bak
ADDED
package/dist/index.js
CHANGED
|
@@ -3,6 +3,8 @@ import { Server } from '@modelcontextprotocol/sdk/server/index.js';
|
|
|
3
3
|
import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
|
|
4
4
|
import { CallToolRequestSchema, ListToolsRequestSchema, } from '@modelcontextprotocol/sdk/types.js';
|
|
5
5
|
import { ConsolePrivateAccessValidator } from './validator.js';
|
|
6
|
+
import { readFileSync } from 'fs';
|
|
7
|
+
import { resolve } from 'path';
|
|
6
8
|
const server = new Server({
|
|
7
9
|
name: 'aws-console-private-access-validator',
|
|
8
10
|
version: '1.0.0',
|
|
@@ -22,13 +24,17 @@ const tools = [
|
|
|
22
24
|
type: 'string',
|
|
23
25
|
description: 'CloudFormation template as JSON string',
|
|
24
26
|
},
|
|
27
|
+
templateFile: {
|
|
28
|
+
type: 'string',
|
|
29
|
+
description: 'Path to CloudFormation template file (alternative to template parameter)',
|
|
30
|
+
},
|
|
25
31
|
region: {
|
|
26
32
|
type: 'string',
|
|
27
33
|
description: 'AWS region (default: us-east-1)',
|
|
28
34
|
default: 'us-east-1',
|
|
29
35
|
},
|
|
30
36
|
},
|
|
31
|
-
required: [
|
|
37
|
+
required: [],
|
|
32
38
|
},
|
|
33
39
|
},
|
|
34
40
|
];
|
|
@@ -37,9 +43,22 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
|
|
|
37
43
|
}));
|
|
38
44
|
server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
39
45
|
if (request.params.name === 'validate-cloudformation') {
|
|
40
|
-
const { template, region = 'us-east-1' } = request.params.arguments;
|
|
46
|
+
const { template, templateFile, region = 'us-east-1' } = request.params.arguments;
|
|
41
47
|
try {
|
|
42
|
-
|
|
48
|
+
let parsedTemplate;
|
|
49
|
+
if (templateFile) {
|
|
50
|
+
// Read template from file
|
|
51
|
+
const filePath = resolve(templateFile);
|
|
52
|
+
const fileContent = readFileSync(filePath, 'utf-8');
|
|
53
|
+
parsedTemplate = JSON.parse(fileContent);
|
|
54
|
+
}
|
|
55
|
+
else if (template) {
|
|
56
|
+
// Parse template from string
|
|
57
|
+
parsedTemplate = JSON.parse(template);
|
|
58
|
+
}
|
|
59
|
+
else {
|
|
60
|
+
throw new Error('Either template or templateFile parameter must be provided');
|
|
61
|
+
}
|
|
43
62
|
const validator = new ConsolePrivateAccessValidator(parsedTemplate, region);
|
|
44
63
|
const result = validator.validate();
|
|
45
64
|
return {
|
|
@@ -60,7 +79,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
60
79
|
text: JSON.stringify({
|
|
61
80
|
valid: false,
|
|
62
81
|
checks: [],
|
|
63
|
-
summary: `Error
|
|
82
|
+
summary: `Error processing template: ${errorMessage}`,
|
|
64
83
|
}, null, 2),
|
|
65
84
|
},
|
|
66
85
|
],
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GAEvB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,6BAA6B,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GAEvB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,6BAA6B,EAAE,MAAM,gBAAgB,CAAC;AAE/D,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAE/B,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB;IACE,IAAI,EAAE,sCAAsC;IAC5C,OAAO,EAAE,OAAO;CACjB,EACD;IACE,YAAY,EAAE;QACZ,KAAK,EAAE,EAAE;KACV;CACF,CACF,CAAC;AAEF,MAAM,KAAK,GAAW;IACpB;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EACT,iFAAiF;QACnF,WAAW,EAAE;YACX,IAAI,EAAE,QAAiB;YACvB,UAAU,EAAE;gBACV,QAAQ,EAAE;oBACR,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,wCAAwC;iBACtD;gBACD,YAAY,EAAE;oBACZ,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,0EAA0E;iBACxF;gBACD,MAAM,EAAE;oBACN,IAAI,EAAE,QAAQ;oBACd,WAAW,EAAE,iCAAiC;oBAC9C,OAAO,EAAE,WAAW;iBACrB;aACF;YACD,QAAQ,EAAE,EAAE;SACb;KACF;CACF,CAAC;AAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;IAC5D,KAAK;CACN,CAAC,CAAC,CAAC;AAEJ,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;IAChE,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,KAAK,yBAAyB,EAAE,CAAC;QACtD,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,GAAG,WAAW,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,SAIvE,CAAC;QAEF,IAAI,CAAC;YACH,IAAI,cAAsC,CAAC;YAE3C,IAAI,YAAY,EAAE,CAAC;gBACjB,0BAA0B;gBAC1B,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;gBACvC,MAAM,WAAW,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;gBACpD,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YAC3C,CAAC;iBAAM,IAAI,QAAQ,EAAE,CAAC;gBACpB,6BAA6B;gBAC7B,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACxC,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;YAChF,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;YAC5E,MAAM,MAAM,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAC;YAEpC,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;qBACtC;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC5E,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAM;wBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;4BACE,KAAK,EAAE,KAAK;4BACZ,MAAM,EAAE,EAAE;4BACV,OAAO,EAAE,8BAA8B,YAAY,EAAE;yBACtD,EACD,IAAI,EACJ,CAAC,CACF;qBACF;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,iBAAiB,OAAO,CAAC,MAAM,CAAC,IAAI,EAAE;aAC7C;SACF;QACD,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
package/dist/validator.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validator.d.ts","sourceRoot":"","sources":["../src/validator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAmB,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAC;AAEpF,qBAAa,6BAA6B;IACxC,OAAO,CAAC,QAAQ,CAAyB;IACzC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,MAAM,CAAyB;gBAE3B,QAAQ,EAAE,sBAAsB,EAAE,MAAM,GAAE,MAAoB;IAK1E,QAAQ,IAAI,gBAAgB;IAqB5B,OAAO,CAAC,cAAc;IAwBtB,OAAO,CAAC,iBAAiB;IAiDzB,OAAO,CAAC,qBAAqB;
|
|
1
|
+
{"version":3,"file":"validator.d.ts","sourceRoot":"","sources":["../src/validator.ts"],"names":[],"mappings":"AAAA,OAAO,EAAmB,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,SAAS,CAAC;AAEpF,qBAAa,6BAA6B;IACxC,OAAO,CAAC,QAAQ,CAAyB;IACzC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,MAAM,CAAyB;gBAE3B,QAAQ,EAAE,sBAAsB,EAAE,MAAM,GAAE,MAAoB;IAK1E,QAAQ,IAAI,gBAAgB;IAqB5B,OAAO,CAAC,cAAc;IAwBtB,OAAO,CAAC,iBAAiB;IAiDzB,OAAO,CAAC,qBAAqB;IAkC7B,OAAO,CAAC,qBAAqB;IAe7B,OAAO,CAAC,uBAAuB;IAuC/B,OAAO,CAAC,mBAAmB;IAwB3B,OAAO,CAAC,gBAAgB;IAsBxB,OAAO,CAAC,eAAe;IAavB,OAAO,CAAC,yBAAyB;IAkCjC,OAAO,CAAC,eAAe;CAUxB"}
|
package/dist/validator.js
CHANGED
|
@@ -85,36 +85,30 @@ export class ConsolePrivateAccessValidator {
|
|
|
85
85
|
}
|
|
86
86
|
checkEndpointPolicies() {
|
|
87
87
|
const resources = this.template.Resources || {};
|
|
88
|
-
const
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
serviceName &&
|
|
92
|
-
serviceName.includes('console'));
|
|
93
|
-
});
|
|
94
|
-
const signinEndpoint = Object.entries(resources).find(([_, r]) => {
|
|
95
|
-
const serviceName = this.getServiceName(r.Properties?.ServiceName);
|
|
96
|
-
return (r.Type === 'AWS::EC2::VPCEndpoint' &&
|
|
97
|
-
serviceName &&
|
|
98
|
-
serviceName.includes('signin'));
|
|
99
|
-
});
|
|
100
|
-
for (const [name, endpoint] of [
|
|
101
|
-
['Console', consoleEndpoint],
|
|
102
|
-
['Signin', signinEndpoint],
|
|
103
|
-
]) {
|
|
104
|
-
if (!endpoint)
|
|
105
|
-
continue;
|
|
106
|
-
const [_, resource] = endpoint;
|
|
88
|
+
const interfaceEndpoints = Object.entries(resources).filter(([_, r]) => r.Type === 'AWS::EC2::VPCEndpoint' && r.Properties?.VpcEndpointType === 'Interface');
|
|
89
|
+
for (const [name, resource] of interfaceEndpoints) {
|
|
90
|
+
const serviceName = this.getServiceName(resource.Properties?.ServiceName);
|
|
107
91
|
const hasPolicy = resource.Properties?.PolicyDocument;
|
|
92
|
+
const privateDnsEnabled = resource.Properties?.PrivateDnsEnabled;
|
|
93
|
+
// Check for policy
|
|
108
94
|
this.checks.push({
|
|
109
|
-
name: `Endpoint Policy: ${name}`,
|
|
95
|
+
name: `Endpoint Policy: ${serviceName || name}`,
|
|
110
96
|
status: hasPolicy ? 'pass' : 'fail',
|
|
111
97
|
message: hasPolicy
|
|
112
|
-
? `${name} endpoint has a policy attached`
|
|
113
|
-
: `${name} endpoint is missing a policy`,
|
|
98
|
+
? `${serviceName || name} endpoint has a policy attached`
|
|
99
|
+
: `${serviceName || name} endpoint is missing a policy`,
|
|
114
100
|
details: hasPolicy
|
|
115
101
|
? this.validatePolicyContent(resource.Properties.PolicyDocument)
|
|
116
102
|
: undefined,
|
|
117
103
|
});
|
|
104
|
+
// Check for private DNS enabled
|
|
105
|
+
this.checks.push({
|
|
106
|
+
name: `Private DNS: ${serviceName || name}`,
|
|
107
|
+
status: privateDnsEnabled ? 'pass' : 'fail',
|
|
108
|
+
message: privateDnsEnabled
|
|
109
|
+
? `${serviceName || name} endpoint has private DNS enabled`
|
|
110
|
+
: `${serviceName || name} endpoint does not have private DNS enabled`,
|
|
111
|
+
});
|
|
118
112
|
}
|
|
119
113
|
}
|
|
120
114
|
validatePolicyContent(policy) {
|
package/dist/validator.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validator.js","sourceRoot":"","sources":["../src/validator.ts"],"names":[],"mappings":"AAEA,MAAM,OAAO,6BAA6B;IAChC,QAAQ,CAAyB;IACjC,MAAM,CAAS;IACf,MAAM,GAAsB,EAAE,CAAC;IAEvC,YAAY,QAAgC,EAAE,SAAiB,WAAW;QACxE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,QAAQ;QACN,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;QAEjB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC7B,IAAI,CAAC,uBAAuB,EAAE,CAAC;QAC/B,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC3B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,IAAI,CAAC,yBAAyB,EAAE,CAAC;QAEjC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACtE,MAAM,KAAK,GAAG,SAAS,KAAK,CAAC,CAAC;QAE9B,OAAO;YACL,KAAK;YACL,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,SAAS,CAAC;SAChD,CAAC;IACJ,CAAC;IAEO,cAAc,CAAC,WAAgB;QACrC,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO,WAAW,CAAC;QACrB,CAAC;QACD,IAAI,WAAW,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;YACzC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,4DAA4D;gBAC5D,OAAO,KAAK;qBACT,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE;oBACjB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;wBAC7B,OAAO,IAAI,CAAC;oBACd,CAAC;oBACD,IAAI,IAAI,EAAE,GAAG,KAAK,aAAa,EAAE,CAAC;wBAChC,OAAO,IAAI,CAAC,MAAM,CAAC;oBACrB,CAAC;oBACD,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC;qBACD,IAAI,CAAC,EAAE,CAAC,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,iBAAiB;QACvB,MAAM,iBAAiB,GAAG;YACxB,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,iBAAiB,IAAI,CAAC,MAAM,UAAU,EAAE;YACpE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,iBAAiB,IAAI,CAAC,MAAM,SAAS,EAAE;YAClE,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,iBAAiB,IAAI,CAAC,MAAM,MAAM,EAAE;YAC5D,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,iBAAiB,IAAI,CAAC,MAAM,cAAc,EAAE;YAC5E,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,iBAAiB,IAAI,CAAC,MAAM,cAAc,EAAE;SAC7E,CAAC;QAEF,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC;QAChD,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CACxD,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,uBAAuB,IAAI,CAAC,CAAC,UAAU,EAAE,eAAe,KAAK,WAAW,CAChG,CAAC;QAEF,KAAK,MAAM,QAAQ,IAAI,iBAAiB,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE;gBAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;gBACnE,OAAO,WAAW,IAAI,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC/D,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBACf,IAAI,EAAE,iBAAiB,QAAQ,CAAC,IAAI,EAAE;gBACtC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;gBAC/B,OAAO,EAAE,KAAK;oBACZ,CAAC,CAAC,8BAA8B,QAAQ,CAAC,IAAI,QAAQ;oBACrD,CAAC,CAAC,sCAAsC,QAAQ,CAAC,IAAI,EAAE;aAC1D,CAAC,CAAC;QACL,CAAC;QAED,gCAAgC;QAChC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAC7C,CAAC,CAAM,EAAE,EAAE;YACT,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACnE,OAAO,CACL,CAAC,CAAC,IAAI,KAAK,uBAAuB;gBAClC,CAAC,CAAC,UAAU,EAAE,eAAe,KAAK,SAAS;gBAC3C,WAAW;gBACX,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,CAC3B,CAAC;QACJ,CAAC,CACF,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACf,IAAI,EAAE,0BAA0B;YAChC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;YACnC,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,+BAA+B,CAAC,CAAC,CAAC,iCAAiC;SACzF,CAAC,CAAC;IACL,CAAC;IAEO,qBAAqB;QAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC;QAChD,MAAM,
|
|
1
|
+
{"version":3,"file":"validator.js","sourceRoot":"","sources":["../src/validator.ts"],"names":[],"mappings":"AAEA,MAAM,OAAO,6BAA6B;IAChC,QAAQ,CAAyB;IACjC,MAAM,CAAS;IACf,MAAM,GAAsB,EAAE,CAAC;IAEvC,YAAY,QAAgC,EAAE,SAAiB,WAAW;QACxE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,QAAQ;QACN,IAAI,CAAC,MAAM,GAAG,EAAE,CAAC;QAEjB,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACzB,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAC7B,IAAI,CAAC,uBAAuB,EAAE,CAAC;QAC/B,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC3B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,IAAI,CAAC,eAAe,EAAE,CAAC;QACvB,IAAI,CAAC,yBAAyB,EAAE,CAAC;QAEjC,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACtE,MAAM,KAAK,GAAG,SAAS,KAAK,CAAC,CAAC;QAE9B,OAAO;YACL,KAAK;YACL,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,OAAO,EAAE,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,SAAS,CAAC;SAChD,CAAC;IACJ,CAAC;IAEO,cAAc,CAAC,WAAgB;QACrC,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO,WAAW,CAAC;QACrB,CAAC;QACD,IAAI,WAAW,EAAE,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,MAAM,KAAK,GAAG,WAAW,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;YACzC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBACzB,4DAA4D;gBAC5D,OAAO,KAAK;qBACT,GAAG,CAAC,CAAC,IAAS,EAAE,EAAE;oBACjB,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;wBAC7B,OAAO,IAAI,CAAC;oBACd,CAAC;oBACD,IAAI,IAAI,EAAE,GAAG,KAAK,aAAa,EAAE,CAAC;wBAChC,OAAO,IAAI,CAAC,MAAM,CAAC;oBACrB,CAAC;oBACD,OAAO,EAAE,CAAC;gBACZ,CAAC,CAAC;qBACD,IAAI,CAAC,EAAE,CAAC,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,iBAAiB;QACvB,MAAM,iBAAiB,GAAG;YACxB,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,iBAAiB,IAAI,CAAC,MAAM,UAAU,EAAE;YACpE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,iBAAiB,IAAI,CAAC,MAAM,SAAS,EAAE;YAClE,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,iBAAiB,IAAI,CAAC,MAAM,MAAM,EAAE;YAC5D,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,iBAAiB,IAAI,CAAC,MAAM,cAAc,EAAE;YAC5E,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,iBAAiB,IAAI,CAAC,MAAM,cAAc,EAAE;SAC7E,CAAC;QAEF,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC;QAChD,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CACxD,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,uBAAuB,IAAI,CAAC,CAAC,UAAU,EAAE,eAAe,KAAK,WAAW,CAChG,CAAC;QAEF,KAAK,MAAM,QAAQ,IAAI,iBAAiB,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE;gBAC/C,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;gBACnE,OAAO,WAAW,IAAI,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YAC/D,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBACf,IAAI,EAAE,iBAAiB,QAAQ,CAAC,IAAI,EAAE;gBACtC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;gBAC/B,OAAO,EAAE,KAAK;oBACZ,CAAC,CAAC,8BAA8B,QAAQ,CAAC,IAAI,QAAQ;oBACrD,CAAC,CAAC,sCAAsC,QAAQ,CAAC,IAAI,EAAE;aAC1D,CAAC,CAAC;QACL,CAAC;QAED,gCAAgC;QAChC,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAC7C,CAAC,CAAM,EAAE,EAAE;YACT,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACnE,OAAO,CACL,CAAC,CAAC,IAAI,KAAK,uBAAuB;gBAClC,CAAC,CAAC,UAAU,EAAE,eAAe,KAAK,SAAS;gBAC3C,WAAW;gBACX,WAAW,CAAC,QAAQ,CAAC,IAAI,CAAC,CAC3B,CAAC;QACJ,CAAC,CACF,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACf,IAAI,EAAE,0BAA0B;YAChC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;YACnC,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,+BAA+B,CAAC,CAAC,CAAC,iCAAiC;SACzF,CAAC,CAAC;IACL,CAAC;IAEO,qBAAqB;QAC3B,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC;QAChD,MAAM,kBAAkB,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,MAAM,CACzD,CAAC,CAAC,CAAC,EAAE,CAAC,CAAgB,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,uBAAuB,IAAI,CAAC,CAAC,UAAU,EAAE,eAAe,KAAK,WAAW,CAC/G,CAAC;QAEF,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,kBAAkB,EAAE,CAAC;YAClD,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAE,QAAgB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;YACnF,MAAM,SAAS,GAAI,QAAgB,CAAC,UAAU,EAAE,cAAc,CAAC;YAC/D,MAAM,iBAAiB,GAAI,QAAgB,CAAC,UAAU,EAAE,iBAAiB,CAAC;YAE1E,mBAAmB;YACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBACf,IAAI,EAAE,oBAAoB,WAAW,IAAI,IAAI,EAAE;gBAC/C,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;gBACnC,OAAO,EAAE,SAAS;oBAChB,CAAC,CAAC,GAAG,WAAW,IAAI,IAAI,iCAAiC;oBACzD,CAAC,CAAC,GAAG,WAAW,IAAI,IAAI,+BAA+B;gBACzD,OAAO,EAAE,SAAS;oBAChB,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAE,QAAgB,CAAC,UAAU,CAAC,cAAc,CAAC;oBACzE,CAAC,CAAC,SAAS;aACd,CAAC,CAAC;YAEH,gCAAgC;YAChC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBACf,IAAI,EAAE,gBAAgB,WAAW,IAAI,IAAI,EAAE;gBAC3C,MAAM,EAAE,iBAAiB,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;gBAC3C,OAAO,EAAE,iBAAiB;oBACxB,CAAC,CAAC,GAAG,WAAW,IAAI,IAAI,mCAAmC;oBAC3D,CAAC,CAAC,GAAG,WAAW,IAAI,IAAI,6CAA6C;aACxE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,qBAAqB,CAAC,MAAW;QACvC,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvD,OAAO,0BAA0B,CAAC;QACpC,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,mBAAmB,GAAG,SAAS,CAAC,SAAS,EAAE,YAAY,EAAE,CAAC,sBAAsB,CAAC,CAAC;QAExF,IAAI,mBAAmB,EAAE,CAAC;YACxB,OAAO,gDAAgD,CAAC;QAC1D,CAAC;QAED,OAAO,4CAA4C,CAAC;IACtD,CAAC;IAEO,uBAAuB;QAC7B,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC;QAChD,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CACjD,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,0BAA0B,CAClD,CAAC;QAEF,MAAM,aAAa,GAAG,CAAC,wBAAwB,EAAE,uBAAuB,CAAC,CAAC;QAE1E,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YACjC,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,EAAO,EAAE,EAAE;gBACzC,MAAM,QAAQ,GAAG,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC;gBACrC,6CAA6C;gBAC7C,OAAO,QAAQ,KAAK,IAAI,IAAI,QAAQ,KAAK,GAAG,IAAI,GAAG,CAAC;YACtD,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBACf,IAAI,EAAE,wBAAwB,IAAI,EAAE;gBACpC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;gBAC/B,OAAO,EAAE,KAAK;oBACZ,CAAC,CAAC,2BAA2B,IAAI,QAAQ;oBACzC,CAAC,CAAC,mCAAmC,IAAI,EAAE;aAC9C,CAAC,CAAC;QACL,CAAC;QAED,4BAA4B;QAC5B,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAChD,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,yBAAyB,CACjD,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACf,IAAI,EAAE,iBAAiB;YACvB,MAAM,EAAE,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YAClD,OAAO,EACL,UAAU,CAAC,MAAM,GAAG,CAAC;gBACnB,CAAC,CAAC,SAAS,UAAU,CAAC,MAAM,kBAAkB;gBAC9C,CAAC,CAAC,0BAA0B;SACjC,CAAC,CAAC;IACL,CAAC;IAEO,mBAAmB;QACzB,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC;QAChD,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CACpD,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,yBAAyB,CACjD,CAAC;QAEF,MAAM,eAAe,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC,EAAO,EAAE,EAAE;YACtD,MAAM,OAAO,GAAG,EAAE,CAAC,UAAU,EAAE,oBAAoB,IAAI,EAAE,CAAC;YAC1D,OAAO,OAAO,CAAC,IAAI,CACjB,CAAC,IAAS,EAAE,EAAE,CACZ,CAAC,IAAI,CAAC,QAAQ,KAAK,GAAG,IAAI,IAAI,CAAC,UAAU,KAAK,KAAK,CAAC;gBACpD,CAAC,IAAI,CAAC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,UAAU,KAAK,KAAK,CAAC,CACrD,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACf,IAAI,EAAE,8BAA8B;YACpC,MAAM,EAAE,eAAe,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YAC5C,OAAO,EAAE,eAAe;gBACtB,CAAC,CAAC,gDAAgD;gBAClD,CAAC,CAAC,mDAAmD;SACxD,CAAC,CAAC;IACL,CAAC;IAEO,gBAAgB;QACtB,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC;QAChD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,oBAAoB,CAAC,CAAC;QAE5F,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACf,IAAI,EAAE,cAAc;YACpB,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YACrC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,kCAAkC;SAC9E,CAAC,CAAC;QAEH,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,UAAU,GAAI,QAAgB,CAAC,UAAU,EAAE,kBAAkB,CAAC;YACpE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;gBACf,IAAI,EAAE,cAAc;gBACpB,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;gBACvC,OAAO,EAAE,UAAU;oBACjB,CAAC,CAAC,uCAAuC;oBACzC,CAAC,CAAC,2CAA2C;aAChD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,eAAe;QACrB,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC;QAChD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,sBAAsB,CAAC,CAAC;QAEhG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACf,IAAI,EAAE,aAAa;YACnB,MAAM,EAAE,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YACvC,OAAO,EAAE,UAAU;gBACjB,CAAC,CAAC,6CAA6C;gBAC/C,CAAC,CAAC,oEAAoE;SACzE,CAAC,CAAC;IACL,CAAC;IAEO,yBAAyB;QAC/B,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAAC;QAEhD,4BAA4B;QAC5B,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CACpD,CAAC,CAAM,EAAE,EAAE,CACT,CAAC,CAAC,IAAI,KAAK,kBAAkB;YAC7B,CAAC,CAAC,CAAC,UAAU,EAAE,mBAAmB,CACrC,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACf,IAAI,EAAE,iBAAiB;YACvB,MAAM,EAAE,cAAc,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM;YACnD,OAAO,EACL,cAAc,CAAC,MAAM,GAAG,CAAC;gBACvB,CAAC,CAAC,SAAS,cAAc,CAAC,MAAM,oBAAoB;gBACpD,CAAC,CAAC,0BAA0B;SACjC,CAAC,CAAC;QAEH,yBAAyB;QACzB,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CACjD,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,sBAAsB,CAC9C,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC;YACf,IAAI,EAAE,cAAc;YACpB,MAAM,EAAE,WAAW,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS;YACnD,OAAO,EACL,WAAW,CAAC,MAAM,GAAG,CAAC;gBACpB,CAAC,CAAC,SAAS,WAAW,CAAC,MAAM,iBAAiB;gBAC9C,CAAC,CAAC,uBAAuB;SAC9B,CAAC,CAAC;IACL,CAAC;IAEO,eAAe,CAAC,KAAc,EAAE,SAAiB;QACvD,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;QACtE,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,MAAM,CAAC;QAE5E,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,oDAAoD,SAAS,YAAY,YAAY,aAAa,CAAC;QAC5G,CAAC;QAED,OAAO,wBAAwB,SAAS,qBAAqB,SAAS,YAAY,YAAY,YAAY,CAAC;IAC7G,CAAC;CACF"}
|
package/package.json
CHANGED
package/src/index.ts
CHANGED
|
@@ -8,6 +8,8 @@ import {
|
|
|
8
8
|
} from '@modelcontextprotocol/sdk/types.js';
|
|
9
9
|
import { ConsolePrivateAccessValidator } from './validator.js';
|
|
10
10
|
import { CloudFormationTemplate } from './types.js';
|
|
11
|
+
import { readFileSync } from 'fs';
|
|
12
|
+
import { resolve } from 'path';
|
|
11
13
|
|
|
12
14
|
const server = new Server(
|
|
13
15
|
{
|
|
@@ -33,13 +35,17 @@ const tools: Tool[] = [
|
|
|
33
35
|
type: 'string',
|
|
34
36
|
description: 'CloudFormation template as JSON string',
|
|
35
37
|
},
|
|
38
|
+
templateFile: {
|
|
39
|
+
type: 'string',
|
|
40
|
+
description: 'Path to CloudFormation template file (alternative to template parameter)',
|
|
41
|
+
},
|
|
36
42
|
region: {
|
|
37
43
|
type: 'string',
|
|
38
44
|
description: 'AWS region (default: us-east-1)',
|
|
39
45
|
default: 'us-east-1',
|
|
40
46
|
},
|
|
41
47
|
},
|
|
42
|
-
required: [
|
|
48
|
+
required: [],
|
|
43
49
|
},
|
|
44
50
|
},
|
|
45
51
|
];
|
|
@@ -50,13 +56,27 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
|
|
|
50
56
|
|
|
51
57
|
server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
52
58
|
if (request.params.name === 'validate-cloudformation') {
|
|
53
|
-
const { template, region = 'us-east-1' } = request.params.arguments as {
|
|
54
|
-
template
|
|
59
|
+
const { template, templateFile, region = 'us-east-1' } = request.params.arguments as {
|
|
60
|
+
template?: string;
|
|
61
|
+
templateFile?: string;
|
|
55
62
|
region?: string;
|
|
56
63
|
};
|
|
57
64
|
|
|
58
65
|
try {
|
|
59
|
-
|
|
66
|
+
let parsedTemplate: CloudFormationTemplate;
|
|
67
|
+
|
|
68
|
+
if (templateFile) {
|
|
69
|
+
// Read template from file
|
|
70
|
+
const filePath = resolve(templateFile);
|
|
71
|
+
const fileContent = readFileSync(filePath, 'utf-8');
|
|
72
|
+
parsedTemplate = JSON.parse(fileContent);
|
|
73
|
+
} else if (template) {
|
|
74
|
+
// Parse template from string
|
|
75
|
+
parsedTemplate = JSON.parse(template);
|
|
76
|
+
} else {
|
|
77
|
+
throw new Error('Either template or templateFile parameter must be provided');
|
|
78
|
+
}
|
|
79
|
+
|
|
60
80
|
const validator = new ConsolePrivateAccessValidator(parsedTemplate, region);
|
|
61
81
|
const result = validator.validate();
|
|
62
82
|
|
|
@@ -78,7 +98,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
78
98
|
{
|
|
79
99
|
valid: false,
|
|
80
100
|
checks: [],
|
|
81
|
-
summary: `Error
|
|
101
|
+
summary: `Error processing template: ${errorMessage}`,
|
|
82
102
|
},
|
|
83
103
|
null,
|
|
84
104
|
2
|
package/src/validator.ts
CHANGED
|
@@ -106,47 +106,35 @@ export class ConsolePrivateAccessValidator {
|
|
|
106
106
|
|
|
107
107
|
private checkEndpointPolicies(): void {
|
|
108
108
|
const resources = this.template.Resources || {};
|
|
109
|
-
const
|
|
110
|
-
([_, r]: [string, any]) =>
|
|
111
|
-
const serviceName = this.getServiceName(r.Properties?.ServiceName);
|
|
112
|
-
return (
|
|
113
|
-
r.Type === 'AWS::EC2::VPCEndpoint' &&
|
|
114
|
-
serviceName &&
|
|
115
|
-
serviceName.includes('console')
|
|
116
|
-
);
|
|
117
|
-
}
|
|
118
|
-
);
|
|
119
|
-
|
|
120
|
-
const signinEndpoint = Object.entries(resources).find(
|
|
121
|
-
([_, r]: [string, any]) => {
|
|
122
|
-
const serviceName = this.getServiceName(r.Properties?.ServiceName);
|
|
123
|
-
return (
|
|
124
|
-
r.Type === 'AWS::EC2::VPCEndpoint' &&
|
|
125
|
-
serviceName &&
|
|
126
|
-
serviceName.includes('signin')
|
|
127
|
-
);
|
|
128
|
-
}
|
|
109
|
+
const interfaceEndpoints = Object.entries(resources).filter(
|
|
110
|
+
([_, r]: [string, any]) => r.Type === 'AWS::EC2::VPCEndpoint' && r.Properties?.VpcEndpointType === 'Interface'
|
|
129
111
|
);
|
|
130
112
|
|
|
131
|
-
for (const [name,
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
if (!endpoint) continue;
|
|
136
|
-
|
|
137
|
-
const [_, resource] = endpoint as [string, any];
|
|
138
|
-
const hasPolicy = resource.Properties?.PolicyDocument;
|
|
113
|
+
for (const [name, resource] of interfaceEndpoints) {
|
|
114
|
+
const serviceName = this.getServiceName((resource as any).Properties?.ServiceName);
|
|
115
|
+
const hasPolicy = (resource as any).Properties?.PolicyDocument;
|
|
116
|
+
const privateDnsEnabled = (resource as any).Properties?.PrivateDnsEnabled;
|
|
139
117
|
|
|
118
|
+
// Check for policy
|
|
140
119
|
this.checks.push({
|
|
141
|
-
name: `Endpoint Policy: ${name}`,
|
|
120
|
+
name: `Endpoint Policy: ${serviceName || name}`,
|
|
142
121
|
status: hasPolicy ? 'pass' : 'fail',
|
|
143
122
|
message: hasPolicy
|
|
144
|
-
? `${name} endpoint has a policy attached`
|
|
145
|
-
: `${name} endpoint is missing a policy`,
|
|
123
|
+
? `${serviceName || name} endpoint has a policy attached`
|
|
124
|
+
: `${serviceName || name} endpoint is missing a policy`,
|
|
146
125
|
details: hasPolicy
|
|
147
|
-
? this.validatePolicyContent(resource.Properties.PolicyDocument)
|
|
126
|
+
? this.validatePolicyContent((resource as any).Properties.PolicyDocument)
|
|
148
127
|
: undefined,
|
|
149
128
|
});
|
|
129
|
+
|
|
130
|
+
// Check for private DNS enabled
|
|
131
|
+
this.checks.push({
|
|
132
|
+
name: `Private DNS: ${serviceName || name}`,
|
|
133
|
+
status: privateDnsEnabled ? 'pass' : 'fail',
|
|
134
|
+
message: privateDnsEnabled
|
|
135
|
+
? `${serviceName || name} endpoint has private DNS enabled`
|
|
136
|
+
: `${serviceName || name} endpoint does not have private DNS enabled`,
|
|
137
|
+
});
|
|
150
138
|
}
|
|
151
139
|
}
|
|
152
140
|
|