Documentation
¶
Index ¶
- Constants
- Variables
- type AcmCertificate
- type CloudFormationStack
- type CloudTrail
- type CloudTrailMeta
- type CloudTrails
- type CloudWatchLogsLogGroup
- type ConfigService
- type ConfigServiceMeta
- type DynamoDBTable
- type Ec2Ami
- type Ec2Instance
- type Ec2NetworkAcl
- type Ec2SecurityGroup
- type Ec2Snapshot
- type Ec2Volume
- type Ec2Vpc
- type EcsCluster
- type EcsService
- type EcsTask
- type EksCluster
- type EksFargateProfile
- type EksNodegroup
- type Elbv2ApplicationLoadBalancer
- type GenericAWSResource
- type GenericResource
- type GuardDutyDetector
- type GuardDutyMeta
- type IAMCredentialReport
- type IAMPolicy
- type IAMPolicyEntities
- type IAMRole
- type IAMRootUser
- type IAMUser
- type IamGroup
- type KmsKey
- type LambdaFunction
- type PasswordPolicy
- type RDSInstance
- type RedshiftCluster
- type ResourcePoller
- type ResourcePollerInput
- type S3Bucket
- type VirtualMFADevice
- type WafRule
- type WafWebAcl
Constants ¶
View Source
const ( CloudTrailSchema = "AWS.CloudTrail" CloudTrailMetaSchema = "AWS.CloudTrail.Meta" )
View Source
const ( // ConfigServiceSchema is the schema ID for the ConfigService type. ConfigServiceSchema = "AWS.Config.Recorder" // ConfigServiceMetaSchema is the schema ID for the ConfigServiceMeta type. ConfigServiceMetaSchema = "AWS.Config.Recorder.Meta" )
View Source
const ( GuardDutySchema = "AWS.GuardDuty.Detector" GuardDutyMetaSchema = "AWS.GuardDuty.Detector.Meta" )
View Source
const ( // IAMRootUserSchema is the schema identifier for IAMRootUser. IAMRootUserSchema = "AWS.IAM.RootUser" // IAMUserSchema is the schema identifier for IAMUser. IAMUserSchema = "AWS.IAM.User" )
View Source
const ( WafWebAclSchema = "AWS.WAF.WebACL" WafRegionalWebAclSchema = "AWS.WAF.Regional.WebACL" )
View Source
const (
AcmCertificateSchema = "AWS.ACM.Certificate"
)
View Source
const (
CloudFormationStackSchema = "AWS.CloudFormation.Stack"
)
View Source
const (
CloudWatchLogGroupSchema = "AWS.CloudWatch.LogGroup"
)
View Source
const (
DynamoDBTableSchema = "AWS.DynamoDB.Table"
)
View Source
const (
Ec2AmiSchema = "AWS.EC2.AMI"
)
View Source
const (
Ec2InstanceSchema = "AWS.EC2.Instance"
)
View Source
const (
Ec2NetworkAclSchema = "AWS.EC2.NetworkACL"
)
View Source
const (
Ec2SecurityGroupSchema = "AWS.EC2.SecurityGroup"
)
View Source
const (
Ec2VolumeSchema = "AWS.EC2.Volume"
)
View Source
const (
Ec2VpcSchema = "AWS.EC2.VPC"
)
View Source
const (
EcsClusterSchema = "AWS.ECS.Cluster"
)
View Source
const (
EksClusterSchema = "AWS.EKS.Cluster"
)
View Source
const (
Elbv2LoadBalancerSchema = "AWS.ELBV2.ApplicationLoadBalancer"
)
View Source
const GlobalRegion = "global"
Used to populate the GenericAWSResource.Region field for global AWS resources
View Source
const (
IAMGroupSchema = "AWS.IAM.Group"
)
View Source
const (
IAMPolicySchema = "AWS.IAM.Policy"
)
View Source
const (
// IAMRoleSchema is the schema identifier for IAMRole.
IAMRoleSchema = "AWS.IAM.Role"
)
View Source
const (
KmsKeySchema = "AWS.KMS.Key"
)
View Source
const (
LambdaFunctionSchema = "AWS.Lambda.Function"
)
View Source
const (
PasswordPolicySchema = "AWS.PasswordPolicy"
)
View Source
const (
RDSInstanceSchema = "AWS.RDS.Instance"
)
View Source
const (
RedshiftClusterSchema = "AWS.Redshift.Cluster"
)
View Source
const S3BucketSchema = "AWS.S3.Bucket"
S3BucketSchema is the name of the S3Bucket Schema
Variables ¶
View Source
var ResourceTypes = map[string]struct{}{
AcmCertificateSchema: {},
CloudFormationStackSchema: {},
CloudTrailSchema: {},
CloudTrailMetaSchema: {},
CloudWatchLogGroupSchema: {},
ConfigServiceSchema: {},
ConfigServiceMetaSchema: {},
DynamoDBTableSchema: {},
Ec2AmiSchema: {},
Ec2InstanceSchema: {},
Ec2NetworkAclSchema: {},
Ec2SecurityGroupSchema: {},
Ec2VolumeSchema: {},
Ec2VpcSchema: {},
EcsClusterSchema: {},
EksClusterSchema: {},
Elbv2LoadBalancerSchema: {},
GuardDutySchema: {},
GuardDutyMetaSchema: {},
IAMGroupSchema: {},
IAMPolicySchema: {},
IAMRoleSchema: {},
IAMRootUserSchema: {},
IAMUserSchema: {},
KmsKeySchema: {},
LambdaFunctionSchema: {},
PasswordPolicySchema: {},
RDSInstanceSchema: {},
RedshiftClusterSchema: {},
S3BucketSchema: {},
WafRegionalWebAclSchema: {},
WafWebAclSchema: {},
}
Exported set of ResourceTypes. This export was initially created to provide a hardcoded set of valid resource types to the analysis api so we could validate resource types on create/update
NOTE! - This hardcoded data set is found in several places in our code base. Until this data is sourced from a single location you need to check if any additions or modifications to this data need to coincide with updates in the other places where this data is hardcoded.
Locations may not be in this list! right now this data is hardcoded in • internal/compliance/snapshot_poller/models/aws/ResourceTypes.go • internal/compliance/snapshot_poller/pollers/aws/clients.go
• web/src/constants.ts
Functions ¶
This section is empty.
Types ¶
type AcmCertificate ¶
type AcmCertificate struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from acm.CertificateDetail
CertificateAuthorityArn *string
DomainName *string
DomainValidationOptions []*acm.DomainValidation
ExtendedKeyUsages []*acm.ExtendedKeyUsage
FailureReason *string
InUseBy []*string
IssuedAt *time.Time
Issuer *string
KeyAlgorithm *string
KeyUsages []*acm.KeyUsage
NotAfter *time.Time
NotBefore *time.Time
Options *acm.CertificateOptions
RenewalEligibility *string
RenewalSummary *acm.RenewalSummary
RevocationReason *string
RevokedAt *time.Time
Serial *string
SignatureAlgorithm *string
Status *string
Subject *string
SubjectAlternativeNames []*string
Type *string
}
AcmCertificate contains all the information about an ACM certificate
type CloudFormationStack ¶
type CloudFormationStack struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from cloudformation.Stack
Capabilities []*string
ChangeSetId *string
DeletionTime *time.Time
Description *string
DisableRollback *bool
DriftInformation *cloudformation.StackDriftInformation
EnableTerminationProtection *bool
LastUpdatedTime *time.Time
NotificationARNs []*string
Outputs []*cloudformation.Output
Parameters []*cloudformation.Parameter
ParentId *string
RoleARN *string
RollbackConfiguration *cloudformation.RollbackConfiguration
RootId *string
StackStatus *string
StackStatusReason *string
TimeoutInMinutes *int64
// Additional fields
Drifts []*cloudformation.StackResourceDrift
}
CloudFormationStack contains all the information about a CloudFormation Stack
type CloudTrail ¶
type CloudTrail struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from cloudtrail.Trail
CloudWatchLogsLogGroupArn *string
CloudWatchLogsRoleArn *string
HasCustomEventSelectors *bool
HomeRegion *string
IncludeGlobalServiceEvents *bool
IsMultiRegionTrail *bool
IsOrganizationTrail *bool
KmsKeyId *string
LogFileValidationEnabled *bool
S3BucketName *string
S3KeyPrefix *string
SnsTopicARN *string
SnsTopicName *string // Deprecated by AWS
// Additional fields
EventSelectors []*cloudtrail.EventSelector
Status *cloudtrail.GetTrailStatusOutput
}
CloudTrail contains all information about a configured CloudTrail.
This includes the trail info, status, event selectors, and attributes of the logging S3 bucket.
type CloudTrailMeta ¶
type CloudTrailMeta struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Additional fields
Trails []*string
GlobalEventSelectors []*cloudtrail.EventSelector
}
type CloudTrails ¶
type CloudTrails map[string]*CloudTrail
CloudTrails are a mapping of all Trails in an account keyed by ARN.
type CloudWatchLogsLogGroup ¶
type CloudWatchLogsLogGroup struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from cloudwatchlogs.LogGroup
KmsKeyId *string
MetricFilterCount *int64
RetentionInDays *int64
StoredBytes *int64
}
CloudWatchLogsLogGroup contains all the information about an CloudWatch Logs Log Group
type ConfigService ¶
type ConfigService struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from configservice.ConfigurationRecorder
RecordingGroup *configservice.RecordingGroup
RoleARN *string
// Additional fields
Status *configservice.ConfigurationRecorderStatus
}
ConfigService contains all information about a policy.
type ConfigServiceMeta ¶
type ConfigServiceMeta struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Additional fields
GlobalRecorderCount *int
Recorders []*string
}
ConfigServiceMeta contains metadata about all Config Service Recorders in an account.
type DynamoDBTable ¶
type DynamoDBTable struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from dynamodb.TableDescription
AttributeDefinitions []*dynamodb.AttributeDefinition
BillingModeSummary *dynamodb.BillingModeSummary
GlobalSecondaryIndexes []*dynamodb.GlobalSecondaryIndexDescription
ItemCount *int64
KeySchema []*dynamodb.KeySchemaElement
LatestStreamArn *string
LatestStreamLabel *string
LocalSecondaryIndexes []*dynamodb.LocalSecondaryIndexDescription
ProvisionedThroughput *dynamodb.ProvisionedThroughputDescription
RestoreSummary *dynamodb.RestoreSummary
SSEDescription *dynamodb.SSEDescription
StreamSpecification *dynamodb.StreamSpecification
TableSizeBytes *int64
TableStatus *string
// Additional fields
//
// Both a Dynamo Table and its Global Secondary Indices can be an auto scaling target
// This is a list of a table and its indices autoscaling configurations (if they exist)
//
AutoScalingDescriptions []*applicationautoscaling.ScalableTarget
TimeToLiveDescription *dynamodb.TimeToLiveDescription
}
DynamoDBTable contains all the information about a Dynamo DB table
type Ec2Ami ¶
type Ec2Ami struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from ec2.Image
Architecture *string
BlockDeviceMappings []*ec2.BlockDeviceMapping
Description *string
EnaSupport *bool
Hypervisor *string
ImageLocation *string
ImageOwnerAlias *string
ImageType *string
KernelId *string
OwnerId *string
Platform *string
ProductCodes []*ec2.ProductCode
Public *bool
RamdiskId *string
RootDeviceName *string
RootDeviceType *string
SriovNetSupport *string
State *string
StateReason *ec2.StateReason
VirtualizationType *string
}
Ec2Ami contains all information about an EC2 AMI
type Ec2Instance ¶
type Ec2Instance struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from ec2.Instance
AmiLaunchIndex *int64
Architecture *string
BlockDeviceMappings []*ec2.InstanceBlockDeviceMapping
CapacityReservationId *string
CapacityReservationSpecification *ec2.CapacityReservationSpecificationResponse
ClientToken *string
CpuOptions *ec2.CpuOptions
EbsOptimized *bool
ElasticGpuAssociations []*ec2.ElasticGpuAssociation
ElasticInferenceAcceleratorAssociations []*ec2.ElasticInferenceAcceleratorAssociation
EnaSupport *bool
HibernationOptions *ec2.HibernationOptions
Hypervisor *string
IamInstanceProfile *ec2.IamInstanceProfile
ImageId *string
InstanceLifecycle *string
InstanceType *string
KernelId *string
KeyName *string
Licenses []*ec2.LicenseConfiguration
MetadataOptions *ec2.InstanceMetadataOptionsResponse
Monitoring *ec2.Monitoring
NetworkInterfaces []*ec2.InstanceNetworkInterface
Placement *ec2.Placement
Platform *string
PrivateDnsName *string
PrivateIpAddress *string
ProductCodes []*ec2.ProductCode
PublicDnsName *string
PublicIpAddress *string
RamdiskId *string
RootDeviceName *string
RootDeviceType *string
SecurityGroups []*ec2.GroupIdentifier
SourceDestCheck *bool
SpotInstanceRequestId *string
SriovNetSupport *string
State *ec2.InstanceState
StateReason *ec2.StateReason
StateTransitionReason *string
SubnetId *string
VirtualizationType *string
VpcId *string
}
Ec2Instance contains all information about an EC2 Instance
type Ec2NetworkAcl ¶
type Ec2NetworkAcl struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from ec2.NetworkAcl
Associations []*ec2.NetworkAclAssociation
Entries []*ec2.NetworkAclEntry
IsDefault *bool
OwnerId *string
VpcId *string
}
Ec2NetworkACL contains all information about an EC2 Network ACL
type Ec2SecurityGroup ¶
type Ec2SecurityGroup struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from ec2.SecurityGroup
Description *string
IpPermissions []*ec2.IpPermission
IpPermissionsEgress []*ec2.IpPermission
OwnerId *string
VpcId *string
}
Ec2SecurityGroup contains all information about an EC2 SecurityGroup
type Ec2Snapshot ¶
type Ec2Snapshot struct {
*ec2.Snapshot
CreateVolumePermissions []*ec2.CreateVolumePermission
}
type Ec2Volume ¶
type Ec2Volume struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from ec2.Volume
Attachments []*ec2.VolumeAttachment
AvailabilityZone *string
Encrypted *bool
Iops *int64
KmsKeyId *string
Size *int64
SnapshotId *string
State *string
VolumeType *string
// Additional fields
Snapshots []*Ec2Snapshot
}
Ec2Volume contains all the information about an EC2 Volume
type Ec2Vpc ¶
type Ec2Vpc struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from ec2.Vpc
CidrBlock *string
CidrBlockAssociationSet []*ec2.VpcCidrBlockAssociation
DhcpOptionsId *string
InstanceTenancy *string
Ipv6CidrBlockAssociationSet []*ec2.VpcIpv6CidrBlockAssociation
IsDefault *bool
OwnerId *string
State *string
// Additional fields
DefaultSecurityGroupId *string
DefaultNetworkAclId *string
FlowLogs []*ec2.FlowLog
NetworkAcls []*string
RouteTables []*ec2.RouteTable
SecurityGroups []*string
StaleSecurityGroups []*string
}
Ec2Vpc contains all information about an EC2 VPC
type EcsCluster ¶ added in v0.3.0
type EcsCluster struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from ecs.Cluster
ActiveServicesCount *int64
Attachments []*ecs.Attachment
AttachmentsStatus *string
CapacityProviders []*string
DefaultCapacityProviderStrategy []*ecs.CapacityProviderStrategyItem
PendingTasksCount *int64
RegisteredContainerInstancesCount *int64
RunningTasksCount *int64
Settings []*ecs.ClusterSetting
Statistics []*ecs.KeyValuePair
Status *string
// Additional fields
Services []*EcsService
Tasks []*EcsTask
}
EcsCluster contains all the information about an ECS Cluster
type EcsService ¶ added in v0.3.0
type EcsService struct {
// Generic resource fields
//
// This is not a full resource, but it does have an ARN, Tags, and a name.
GenericAWSResource
// Fields embedded from ecs.Service
CapacityProviderStrategy []*ecs.CapacityProviderStrategyItem
// Normalized name for CreatedAt
TimeCreated *time.Time
CreatedBy *string
DeploymentConfiguration *ecs.DeploymentConfiguration
DeploymentController *ecs.DeploymentController
Deployments []*ecs.Deployment
DesiredCount *int64
EnableECSManagedTags *bool
Events []*ecs.ServiceEvent
HealthCheckGracePeriodSeconds *int64
LaunchType *string
LoadBalancers []*ecs.LoadBalancer
NetworkConfiguration *ecs.NetworkConfiguration
PendingCount *int64
PlacementConstraints []*ecs.PlacementConstraint
PlacementStrategy []*ecs.PlacementStrategy
PlatformVersion *string
PropagateTags *string
RoleArn *string
RunningCount *int64
SchedulingStrategy *string
ServiceRegistries []*ecs.ServiceRegistry
Status *string
TaskDefinition *string
TaskSets []*ecs.TaskSet
}
EcsService contains all the information about an ECS Service, for embedding into the EcsCluster resource
type EcsTask ¶ added in v0.3.0
type EcsTask struct {
// Generic resource fields
//
// This is not a full resource, but it does have an ARN and Tags.
GenericAWSResource
// Fields embedded from ecs.Task
Attachments []*ecs.Attachment
Attributes []*ecs.Attribute
AvailabilityZone *string
CapacityProviderName *string
Connectivity *string
ConnectivityAt *time.Time
ContainerInstanceArn *string
Containers []*ecs.Container
Cpu *string
// Normalized name for CreatedAt
TimeCreated *time.Time
DesiredStatus *string
ExecutionStoppedAt *time.Time
Group *string
HealthStatus *string
InferenceAccelerators []*ecs.InferenceAccelerator
LastStatus *string
LaunchType *string
Memory *string
Overrides *ecs.TaskOverride
PlatformVersion *string
PullStartedAt *time.Time
PullStoppedAt *time.Time
StartedAt *time.Time
StartedBy *string
StopCode *string
StoppedAt *time.Time
StoppedReason *string
StoppingAt *time.Time
TaskDefinitionArn *string
Version *int64
}
EcsTask contains all the information about an ECS Task, for embedding into the EcsCluster resource
type EksCluster ¶ added in v1.11.0
type EksCluster struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from eks.Cluster
CertificateAuthority *eks.Certificate
EncryptionConfig []*eks.EncryptionConfig
Endpoint *string
Identity *eks.Identity
Logging *eks.Logging
PlatformVersion *string
ResourcesVpcConfig *eks.VpcConfigResponse
RoleArn *string
Status *string
Version *string
// Additional fields
NodeGroup []*EksNodegroup
FargateProfile []*EksFargateProfile
}
EksCluster contains all the information about an EKS Cluster
type EksFargateProfile ¶ added in v1.11.0
type EksFargateProfile struct {
// Generic resource fields
//
// This is not a full resource, but it does have an ARN and Tags.
GenericAWSResource
// Fields embedded from eks.FargateProfile
FargateProfileArn *string
FargateProfileName *string
PodExecutionRoleArn *string
Selectors []*eks.FargateProfileSelector
Status *string
Subnets []*string
// Normalized name for CreatedAt
TimeCreated *time.Time
}
EksFargateProfile contains all the information about an EKS Fargate Profile, for embedding into the EksCluster resource
type EksNodegroup ¶ added in v1.11.0
type EksNodegroup struct {
// Generic resource fields
//
// This is not a full resource, but it does have an ARN and Tags.
GenericAWSResource
// Fields embedded from eks.Service
AmiType *string
DiskSize *int64
Health *eks.NodegroupHealth
InstanceTypes []*string
LaunchTemplate *eks.LaunchTemplateSpecification
NodegroupArn *string
NodegroupName *string
NodeRole *string
ReleaseVersion *string
RemoteAccess *eks.RemoteAccessConfig
Resources *eks.NodegroupResources
ScalingConfig *eks.NodegroupScalingConfig
Subnets []*string
Version *string
// Normalized name for CreatedAt
TimeCreated *time.Time
}
EksNodegroup contains all the information about an EKS Service, for embedding into the EksCluster resource
type Elbv2ApplicationLoadBalancer ¶
type Elbv2ApplicationLoadBalancer struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from elbv2.LoadBalancer
AvailabilityZones []*elbv2.AvailabilityZone
CanonicalHostedZonedId *string
DNSName *string
IpAddressType *string
Scheme *string
SecurityGroups []*string
State *elbv2.LoadBalancerState
Type *string
VpcId *string
// Additional fields
WebAcl *string
Listeners []*elbv2.Listener
SSLPolicies map[string]*elbv2.SslPolicy
}
Elbv2ApplicationLoadBalancer contains all information about an application load balancer
type GenericAWSResource ¶
type GenericAWSResource struct {
// Fields that generally need to be populated after building the snapshot
AccountID *string `json:"AccountId"` // The ID of the AWS Account the resource resides in
Region *string `json:"Region"` // The region the resource exists in, value of GLOBAL_REGION if global
// Fields that can generally be populated while building the snapshot
ARN *string `json:"Arn,omitempty"` // The Amazon Resource Name (ARN)
ID *string `json:"Id,omitempty"` // The AWS resource identifier
Name *string `json:"Name,omitempty"` // The AWS resource name
Tags map[string]*string // A standardized format for key/value resource tags
}
GenericAWSResource contains information that is standard across AWS resources
type GenericResource ¶
type GenericResource struct {
ResourceID *string `json:"ResourceId"` // A panther wide unique identifier
ResourceType *string `json:"ResourceType"` // A panther defined resource type
TimeCreated *time.Time `json:"TimeCreated"` // A standardized format for when the resource was created
}
GenericResource contains fields that will be common to all resources, at some point this will probably exist in a more global package but for now since this is the only poller it will exist here.
type GuardDutyDetector ¶
type GuardDutyDetector struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from guardduty.GetDetectorOutput
FindingPublishingFrequency *string
ServiceRole *string
Status *string
UpdatedAt *time.Time
// Additional fields
Master *guardduty.Master
}
GuardDutyDetector contains information about a GuardDuty Detector
type GuardDutyMeta ¶
type GuardDutyMeta struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Additional fields
Detectors []*string
}
GuardDutyMeta contains metadata about all GuardDuty detectors in an account.
type IAMCredentialReport ¶
type IAMCredentialReport struct {
UserName *string
ARN *string
UserCreationTime *time.Time
PasswordEnabled *bool
PasswordLastUsed *time.Time
PasswordLastChanged *time.Time
PasswordNextRotation *time.Time
MfaActive *bool
AccessKey1Active *bool
AccessKey1LastRotated *time.Time
AccessKey1LastUsedDate *time.Time
AccessKey1LastUsedRegion *string
AccessKey1LastUsedService *string
AccessKey2Active *bool
AccessKey2LastRotated *time.Time
AccessKey2LastUsedDate *time.Time
AccessKey2LastUsedRegion *string
AccessKey2LastUsedService *string
Cert1Active *bool
Cert1LastRotated *time.Time
Cert2Active *bool
Cert2LastRotated *time.Time
}
IAMCredentialReport provides information on IAM credentials in an AWS Account.
This includes status of credentials, console passwords, access keys, MFA devices, and more.
type IAMPolicy ¶
type IAMPolicy struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from iam.Policy
AttachmentCount *int64
DefaultVersionId *string
Description *string
IsAttachable *bool
Path *string
PermissionsBoundaryUsageCount *int64
UpdateDate *time.Time
// Additional fields
Entities *IAMPolicyEntities
PolicyDocument *string
}
IAMPolicy contains all information about a policy.
type IAMPolicyEntities ¶
type IAMPolicyEntities struct {
PolicyGroups []*iam.PolicyGroup
PolicyRoles []*iam.PolicyRole
PolicyUsers []*iam.PolicyUser
}
IAMPolicyEntities provides detail on the attached entities to an IAM policy.
type IAMRole ¶
type IAMRole struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from iam.Role
AssumeRolePolicyDocument *string
Description *string
MaxSessionDuration *int64
Path *string
PermissionsBoundary *iam.AttachedPermissionsBoundary
// Additional fields
InlinePolicies map[string]*string
ManagedPolicyNames []*string
}
IAMRole contains all information about an IAM Role
type IAMRootUser ¶
type IAMRootUser struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Additional fields
CredentialReport *IAMCredentialReport
VirtualMFA *VirtualMFADevice
}
IAMRootUser extends IAMUser, and contains some additional information only pertinent to the root account.
type IAMUser ¶
type IAMUser struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from iam.User
PasswordLastUsed *time.Time
Path *string
PermissionsBoundary *iam.AttachedPermissionsBoundary
// Additional fields
CredentialReport *IAMCredentialReport
Groups []*iam.Group
InlinePolicies map[string]*string
ManagedPolicyNames []*string
VirtualMFA *VirtualMFADevice
}
IAMUser contains all information about an IAM User
type IamGroup ¶
type IamGroup struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from iam.Group
Path *string
// Additional fields
InlinePolicies map[string]*string
ManagedPolicyARNs []*string
Users []*iam.User
}
IamGroup contains all the information about an IAM Group
type KmsKey ¶
type KmsKey struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from kms.KeyMetaData
CloudHsmClusterId *string
CustomKeyStoreId *string
DeletionDate *time.Time
Description *string
Enabled *bool
ExpirationModel *string
KeyManager *string
KeyState *string
KeyUsage *string
Origin *string
ValidTo *time.Time
// Additional fields
KeyRotationEnabled *bool
Policy *string
}
KmsKey contains all information about a kms key
type LambdaFunction ¶
type LambdaFunction struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from lambda.FunctionConfiguration
CodeSha256 *string
CodeSize *int64
DeadLetterConfig *lambda.DeadLetterConfig
Description *string
Environment *lambda.EnvironmentResponse
Handler *string
KMSKeyArn *string
LastModified *string
Layers []*lambda.Layer
MasterArn *string
MemorySize *int64
RevisionId *string
Role *string
Runtime *string
Timeout *int64
TracingConfig *lambda.TracingConfigResponse
Version *string
VpcConfig *lambda.VpcConfigResponse
// Additional fields
Policy *lambda.GetPolicyOutput
}
LambdaFunction contains all the information about an Lambda Function
type PasswordPolicy ¶
type PasswordPolicy struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Additional fields
iam.PasswordPolicy
AnyExist bool
}
PasswordPolicy contains all information about a configured password policy.
type RDSInstance ¶
type RDSInstance struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from rds.DBInstance
AllocatedStorage *int64
AssociatedRoles []*rds.DBInstanceRole
AutoMinorVersionUpgrade *bool
AvailabilityZone *string
BackupRetentionPeriod *int64
CACertificateIdentifier *string
CharacterSetName *string
CopyTagsToSnapshot *bool
DBClusterIdentifier *string
DBInstanceClass *string
DBInstanceStatus *string
DBParameterGroups []*rds.DBParameterGroupStatus
DBSecurityGroups []*rds.DBSecurityGroupMembership
DBSubnetGroup *rds.DBSubnetGroup
DbInstancePort *int64
DbiResourceId *string
DeletionProtection *bool
DomainMemberships []*rds.DomainMembership
EnabledCloudwatchLogsExports []*string
Endpoint *rds.Endpoint
Engine *string
EngineVersion *string
EnhancedMonitoringResourceArn *string
IAMDatabaseAuthenticationEnabled *bool
Iops *int64
KmsKeyId *string
LatestRestorableTime *time.Time
LicenseModel *string
ListenerEndpoint *rds.Endpoint
MasterUsername *string
MaxAllocatedStorage *int64
MonitoringInterval *int64
MonitoringRoleArn *string
MultiAZ *bool
OptionGroupMemberships []*rds.OptionGroupMembership
PendingModifiedValues *rds.PendingModifiedValues
PerformanceInsightsEnabled *bool
PerformanceInsightsKMSKeyId *string
PerformanceInsightsRetentionPeriod *int64
PreferredBackupWindow *string
PreferredMaintenanceWindow *string
ProcessorFeatures []*rds.ProcessorFeature
PromotionTier *int64
PubliclyAccessible *bool
ReadReplicaDBClusterIdentifiers []*string
ReadReplicaDBInstanceIdentifiers []*string
ReadReplicaSourceDBInstanceIdentifier *string
SecondaryAvailabilityZone *string
StatusInfos []*rds.DBInstanceStatusInfo
StorageEncrypted *bool
StorageType *string
TdeCredentialArn *string
Timezone *string
VpcSecurityGroups []*rds.VpcSecurityGroupMembership
// Additional fields
SnapshotAttributes []*rds.DBSnapshotAttributesResult
}
RDSInstance contains all the information about an RDS DB instance
type RedshiftCluster ¶
type RedshiftCluster struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from redshift.cluster
AllowVersionUpgrade *bool
AutomatedSnapshotRetentionPeriod *int64
AvailabilityZone *string
ClusterAvailabilityStatus *string
ClusterNodes []*redshift.ClusterNode
ClusterParameterGroups []*redshift.ClusterParameterGroupStatus
ClusterPublicKey *string
ClusterRevisionNumber *string
ClusterSecurityGroups []*redshift.ClusterSecurityGroupMembership
ClusterSnapshotCopyStatus *redshift.ClusterSnapshotCopyStatus
ClusterStatus *string
ClusterSubnetGroupName *string
ClusterVersion *string
DataTransferProgress *redshift.DataTransferProgress
DeferredMaintenanceWindows []*redshift.DeferredMaintenanceWindow
ElasticIpStatus *redshift.ElasticIpStatus
ElasticResizeNumberOfNodeOptions *string
Encrypted *bool
Endpoint *redshift.Endpoint
EnhancedVpcRouting *bool
HsmStatus *redshift.HsmStatus
IamRoles []*redshift.ClusterIamRole
KmsKeyId *string
MaintenanceTrackName *string
ManualSnapshotRetentionPeriod *int64
MasterUsername *string
ModifyStatus *string
NodeType *string
NumberOfNodes *int64
PendingActions []*string
PendingModifiedValues *redshift.PendingModifiedValues
PreferredMaintenanceWindow *string
PubliclyAccessible *bool
ResizeInfo *redshift.ResizeInfo
RestoreStatus *redshift.RestoreStatus
SnapshotScheduleIdentifier *string
SnapshotScheduleState *string
VpcId *string
VpcSecurityGroups []*redshift.VpcSecurityGroupMembership
// Additional fields
LoggingStatus *redshift.LoggingStatus
}
RedshiftCluseter contains all the information about a Redshift cluster
type ResourcePoller ¶
type ResourcePoller func(input *ResourcePollerInput) ([]resourcesapimodels.AddResourceEntry, *string, error)
ResourcePoller represents a function to poll a specific AWS resource.
type ResourcePollerInput ¶
type ResourcePollerInput struct {
AuthSource *string
AuthSourceParsedARN arn.ARN
IntegrationID *string
Region *string
Timestamp *time.Time
NextPageToken *string
RegionIgnoreList []string
ResourceTypeIgnoreList []string
ResourceRegexIgnoreList []string
CompiledRegexIgnoreList []*regexp.Regexp
}
ResourcePollerInput contains the metadata to request AWS resource info.
func (*ResourcePollerInput) CompileRegex ¶ added in v1.15.0
func (r *ResourcePollerInput) CompileRegex() error
func (*ResourcePollerInput) ShouldIgnoreResource ¶ added in v1.15.0
func (r *ResourcePollerInput) ShouldIgnoreResource(resourceID string) (ignore bool)
type S3Bucket ¶
type S3Bucket struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Additional fields
EncryptionRules []*s3.ServerSideEncryptionRule
Grants []*s3.Grant
LifecycleRules []*s3.LifecycleRule
LoggingPolicy *s3.LoggingEnabled
MFADelete *string
ObjectLockConfiguration *s3.ObjectLockConfiguration
Owner *s3.Owner
Policy *string
PublicAccessBlockConfiguration *s3.PublicAccessBlockConfiguration
Versioning *string
}
S3Bucket contains all information about an S3 bucket.
type VirtualMFADevice ¶
VirtualMFADevice provides metadata about an IAM User's MFA device
type WafWebAcl ¶
type WafWebAcl struct {
// Generic resource fields
GenericAWSResource
GenericResource
// Fields embedded from waf.WebAcl
DefaultAction *waf.WafAction
MetricName *string
// Additional fields
Rules []*WafRule
}
WafWebAcl contains all information about a web acl
Source Files
¶
- acm_certificate.go
- cloudformation_stack.go
- cloudtrail.go
- cloudwatchlogs_log_group.go
- configservice.go
- dynamodb_table.go
- ec2_ami.go
- ec2_instance.go
- ec2_network_acl.go
- ec2_security_group.go
- ec2_volume.go
- ec2_vpc.go
- ecs_cluster.go
- eks_cluster.go
- elbv2_application_load_balancer.go
- guardduty_detector.go
- iam_group.go
- iam_policy.go
- iam_role.go
- iam_user.go
- kms_key.go
- lambda_function.go
- password_policy.go
- rds_instance.go
- redshift_cluster.go
- resource_types.go
- s3_bucket.go
- types.go
- waf_web_acl.go
Click to show internal directories.
Click to hide internal directories.