aws

package
v0.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2019 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DefaultRegion is the AWS region we use for global resources, like IAM
	DefaultRegion = "us-east-1" // TODO find this in the sdk
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Client 

type Client struct {
}

Client is an AWS client

func NewClient 

func NewClient(accounts []*policy.Account, regions []string) (*Client, error)

NewClient returns a new aws client

func (*Client) DescribeS3Bucket 

func (c *Client) DescribeS3Bucket(accountID int64, roleName string, b *s3.Bucket) (*S3Bucket, error)

DescribeS3Bucket describes the bucket

func (*Client) EvalEC2SG 

func (c *Client) EvalEC2SG(accounts []*policy.Account, p policy.Policy, regions []string, f func(policy.Violation)) error

EvalEC2SG walks through all ec2 instances

func (*Client) EvalEbsVolume 

func (c *Client) EvalEbsVolume(accounts []*policy.Account, p policy.Policy, regions []string, f func(policy.Violation)) error

EvalEbsVolume walks through all ec2 instances

func (*Client) EvalEc2Instance 

func (c *Client) EvalEc2Instance(accounts []*policy.Account, p policy.Policy, regions []string, f func(policy.Violation)) error

EvalEc2Instance walks through all ec2 instances

func (*Client) EvalIAMAccessKey 

func (c *Client) EvalIAMAccessKey(accounts []*policy.Account, p policy.Policy) ([]policy.Violation, error)

EvalIAMAccessKey walks through all IAM users' access keys

func (*Client) EvalIAMUser 

func (c *Client) EvalIAMUser(accounts []*policy.Account, p policy.Policy, regions []string) ([]policy.Violation, error)

EvalIAMUser walks through all ec2 instances

func (*Client) EvalKMSKey 

func (c *Client) EvalKMSKey(accounts []*policy.Account, p policy.Policy, regions []string, f func(policy.Violation)) error

EvalKMSKey walks through all kms keys

func (*Client) EvalS3 

func (c *Client) EvalS3(accounts []*policy.Account, p policy.Policy) ([]policy.Violation, error)

EvalS3 walks through all s3 buckets

func (*Client) EvalVPC 

func (c *Client) EvalVPC(accounts []*policy.Account, p policy.Policy, regions []string, f func(policy.Violation)) error

EvalVPC will evaluate policy for a vpc

func (*Client) Get 

func (c *Client) Get(accountID int64, roleName, region string) *cziAws.Client

Get will return a new account, region and role specific AWS client.

func (*Client) NewIAMAccessKey 

func (c *Client) NewIAMAccessKey(ctx context.Context, key *iam.AccessKeyMetadata) *IAMAccessKey

NewIAMAccessKey returns a new ec2 instance entity

func (*Client) NewIAMUser 

func (c *Client) NewIAMUser(user *iam.User, accountID int64, roleName string) *IAMUser

NewIAMUser returns a new ec2 instance entity I don't like that I have to pass accountId and roleName all the way down here.

func (*Client) WalkAccountsAndRegions 

func (c *Client) WalkAccountsAndRegions(accounts []*policy.Account, regions []string, f func(*cziAws.Client, *policy.Account, string)) error

WalkAccountsAndRegions will invoke f for each region in each account supplied.

type EC2Client 

type EC2Client struct {
	Client        ec2iface.EC2API
	RegionClients map[string]ec2iface.EC2API
	Session       *session.Session
	// contains filtered or unexported fields
}

EC2Client is an ec2 client with multi region capabilities

func NewEC2Client 

func NewEC2Client(s *session.Session, regions []string, numWorkers int) *EC2Client

NewEC2Client returns a new ec2 client

type EC2EBSVol 

type EC2EBSVol struct {
	Entity
	ID   string
	Name string
}

EC2EBSVol is an evaluation entity representing an ec2 ebs volume

func NewEc2EBSVol 

func NewEc2EBSVol(vol *ec2.Volume, region string) *EC2EBSVol

NewEc2EBSVol returns a new ec2 ebs vol entity

func (*EC2EBSVol) Delete 

func (e *EC2EBSVol) Delete() error

Delete deletes

func (*EC2EBSVol) GetConsoleURL 

func (e *EC2EBSVol) GetConsoleURL() string

GetConsoleURL will return a url to the AWS console for this volume

func (*EC2EBSVol) GetID 

func (e *EC2EBSVol) GetID() string

GetID returns the ec2_ebs_vol id

type EC2Instance 

type EC2Instance struct {
	Entity
}

EC2Instance is an evaluation entity representing an ec2 instance

func NewEc2Instance 

func NewEc2Instance(instance *ec2.Instance, region string) *EC2Instance

NewEc2Instance returns a new ec2 instance entity

func (*EC2Instance) GetConsoleURL 

func (e *EC2Instance) GetConsoleURL() string

GetConsoleURL will return a URL for this resource in the AWS console

func (*EC2Instance) GetID 

func (e *EC2Instance) GetID() string

GetID returns the ec2_instance id

type EC2SG 

type EC2SG struct {
	Entity
	ID   string
	Name string
}

EC2SG is an evaluation entity representing an ec2 security group

func NewEC2SG 

func NewEC2SG(sg *ec2.SecurityGroup, region string) *EC2SG

NewEC2SG returns a new ec2 security group

func (*EC2SG) Delete 

func (e *EC2SG) Delete() error

Delete deletes

func (*EC2SG) GetConsoleURL 

func (e *EC2SG) GetConsoleURL() string

GetConsoleURL will return a url to the AWS console for this security group

func (*EC2SG) GetID 

func (e *EC2SG) GetID() string

GetID returns the security group id

type Entity 

type Entity struct {
	ID     string
	Name   string
	Region string
	// contains filtered or unexported fields
}

Entity is an AWS entity s3 bucket, ec2 instance, etc

func NewEntity 

func NewEntity() Entity

NewEntity returns a new aws entity

func (*Entity) AddBoolLabel 

func (e *Entity) AddBoolLabel(key TypeEntityLabel, value *bool) *Entity

AddBoolLabel adds a label if the value is true

func (*Entity) AddCreatedAt 

func (e *Entity) AddCreatedAt(t *time.Time) *Entity

AddCreatedAt adds a createdAt

func (*Entity) AddInt64Label 

func (e *Entity) AddInt64Label(key TypeEntityLabel, value *int64) *Entity

AddInt64Label adds a label if the value is not nil

func (*Entity) AddLabel 

func (e *Entity) AddLabel(key TypeEntityLabel, value *string) *Entity

AddLabel adds a label if the value is not nil

func (*Entity) AddTag 

func (e *Entity) AddTag(key *string, value *string) *Entity

AddTag adds a tag if the value is not nill

func (*Entity) Delete 

func (e *Entity) Delete() error

Delete deletes

func (*Entity) GetCreatedAt 

func (e *Entity) GetCreatedAt() *time.Time

GetCreatedAt returns createdAt

func (*Entity) GetLabelOr 

func (e *Entity) GetLabelOr(label string, or string) string

GetLabelOr will return the label value (if defined). otherwise `or`. Useful for templates.

func (*Entity) GetLabels 

func (e *Entity) GetLabels() labels.Set

GetLabels returns this entitie's labels

func (*Entity) GetName 

func (e *Entity) GetName() string

GetName returns a user-friendly string identifying the Entity

func (*Entity) GetOwner 

func (e *Entity) GetOwner() string

GetOwner will return this entity's owner as indicated by the 'owner' tag.

func (*Entity) GetRegion 

func (e *Entity) GetRegion() string

GetRegion returns the region in which this entity exists

func (*Entity) GetTags 

func (e *Entity) GetTags() labels.Set

GetTags returns the tags

type IAMAccessKey 

type IAMAccessKey struct {
	Entity
	ID       string
	UserName string
}

IAMAccessKey is an evaluation entity representing an ec2 instance

func (*IAMAccessKey) GetConsoleURL 

func (u *IAMAccessKey) GetConsoleURL() string

GetConsoleURL will return a URL for this resource in the AWS console

func (*IAMAccessKey) GetID 

func (u *IAMAccessKey) GetID() string

GetID returns the ec2_instance id

func (*IAMAccessKey) GetOwner 

func (u *IAMAccessKey) GetOwner() string

GetOwner will return the username as owner

type IAMUser 

type IAMUser struct {
	Entity
	ID   string
	Name string
}

IAMUser is an evaluation entity representing an ec2 instance

func (*IAMUser) GetConsoleURL 

func (u *IAMUser) GetConsoleURL() string

GetConsoleURL will return a URL for this resource in the AWS console

func (*IAMUser) GetID 

func (u *IAMUser) GetID() string

GetID returns the ec2_instance id

func (*IAMUser) GetOwner 

func (u *IAMUser) GetOwner() string

GetOwner will return the username as owner

type KmsKey 

type KmsKey struct {
	Entity
	// contains filtered or unexported fields
}

func NewKMSKey 

func NewKMSKey(keyMetadata *kms.KeyMetadata, tags []*kms.Tag, region string) *KmsKey

func (*KmsKey) Delete 

func (k *KmsKey) Delete() error

Delete deletes this kms key

func (*KmsKey) GetConsoleURL 

func (k *KmsKey) GetConsoleURL() string

func (*KmsKey) GetID 

func (k *KmsKey) GetID() string

type S3Bucket 

type S3Bucket struct {
	Entity
	// contains filtered or unexported fields
}

S3Bucket is an evaluation entity representing an s3 bucket

func NewS3Bucket 

func NewS3Bucket(name string) *S3Bucket

NewS3Bucket returns a new s3 bucket entity

func (*S3Bucket) Delete 

func (s *S3Bucket) Delete() error

Delete deletes this bucket

func (*S3Bucket) GetConsoleURL 

func (s *S3Bucket) GetConsoleURL() string

GetConsoleURL will return a URL for this resource in the AWS console

func (*S3Bucket) GetID 

func (s *S3Bucket) GetID() string

GetID returns the s3 bucket id

type TypeEntityLabel 

type TypeEntityLabel string

TypeEntityLabel An EntityLabel

type VPC 

type VPC struct {
	Entity
	ID   string
	Name string
}

VPC represents an AWS VPC

func NewVpc 

func NewVpc(vpc *ec2.Vpc, region string) *VPC

NewVpc returns a new vpc entity

func (*VPC) GetConsoleURL 

func (v *VPC) GetConsoleURL() string

GetConsoleURL will return a URL for this resource in the AWS console

func (*VPC) GetID 

func (v *VPC) GetID() string

GetID returns the id of the VPC

func (*VPC) GetOwner 

func (v *VPC) GetOwner() string

GetOwner returns the value of the owner tag, if present.

type WalkFun 

type WalkFun func(*Entity, error) error

WalkFun is a walk function over AWS entities

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.