api

package
v0.3.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2026 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// SSMDocumentLinux / SSMDocumentWindows are the canonical AWS-managed SSM
	// documents the validation flow uses to run shell or PowerShell commands.
	SSMDocumentLinux   = "AWS-RunShellScript"
	SSMDocumentWindows = "AWS-RunPowerShellScript"
)

AWS SSM API constants — JSON-1.1 RPC endpoint with X-Amz-Target dispatch.

View Source 
const (
	DefaultTimeout = 30 * time.Second
)

Variables

This section is empty.

Functions

func DecodeError 

func DecodeError(statusCode int, body []byte) error

func ErrorCode 

func ErrorCode(err error) string

func IsAccessDenied added in v0.2.5 

func IsAccessDenied(err error) bool

func NewHTTPClient 

func NewHTTPClient() *http.Client

func NewTransport 

func NewTransport() *http.Transport

func RandomPassword added in v0.3.1 

func RandomPassword() (string, error)

RandomPassword returns a base64 string suitable for an AWS RDS master password rotation when callers want to lock out access (the `userdel` branch). 24 random bytes encode to 32 base64 chars — well below the RDS 41-char limit and above the 8-char minimum.

Types

type APIError 

type APIError struct {
	StatusCode int
	Code       string
	Message    string
	RequestID  string
}

func (*APIError) Error 

func (e *APIError) Error() string

type AttachedUserPolicy 

type AttachedUserPolicy struct {
	PolicyName string
	PolicyArn  string
}

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(credential auth.Credential, opts ...Option) *Client

func (*Client) AttachUserPolicy 

func (c *Client) AttachUserPolicy(ctx context.Context, region, userName, policyArn string) error

func (*Client) CloudTrailLookupEvents added in v0.3.1 

func (c *Client) CloudTrailLookupEvents(ctx context.Context, region string, startTime, endTime int64, maxResults int64, nextToken string) (LookupEventsOutput, error)

CloudTrailLookupEvents reads recent management-event entries from AWS CloudTrail. startTime / endTime are Unix seconds (0 = unset → CloudTrail default 90-day window). nextToken paginates. The response includes both the parsed event header *and* the original `CloudTrailEvent` JSON blob, which the caller can re-parse for richer fields.

func (*Client) CloudWatchLogsDescribeLogGroups added in v0.3.1 

func (c *Client) CloudWatchLogsDescribeLogGroups(ctx context.Context, region string, limit int64, nextToken string) (DescribeLogGroupsOutput, error)

CloudWatchLogsDescribeLogGroups lists log groups in `region`. nextToken paginates; pass "" for the first call.

func (*Client) CostExplorerCurrentMonthSpend added in v0.3.1 

func (c *Client) CostExplorerCurrentMonthSpend(ctx context.Context) (string, string, error)

CostExplorerCurrentMonthSpend returns the unblended cost for the current calendar month in USD. The first day of the month inclusive → today exclusive matches Cost Explorer's expected window.

func (*Client) CreateAccessKey added in v0.3.1 

func (c *Client) CreateAccessKey(ctx context.Context, region, userName string) (CreateAccessKeyOutput, error)

func (*Client) CreateLoginProfile 

func (c *Client) CreateLoginProfile(ctx context.Context, region, userName, password string) error

func (*Client) CreateUser 

func (c *Client) CreateUser(ctx context.Context, region, userName string) (CreateUserOutput, error)

func (*Client) DeleteAccessKey added in v0.3.1 

func (c *Client) DeleteAccessKey(ctx context.Context, region, userName, accessKeyID string) error

func (*Client) DeleteLoginProfile 

func (c *Client) DeleteLoginProfile(ctx context.Context, region, userName string) error

func (*Client) DeletePublicAccessBlock added in v0.3.1 

func (c *Client) DeletePublicAccessBlock(ctx context.Context, region, bucket string) error

DeletePublicAccessBlock clears the BlockPublicAcls / IgnorePublicAcls settings on bucket so a subsequent canned ACL change actually surfaces. New AWS accounts ship with BPA enabled by default; without this call the `expose` flow will silently no-op even after PutBucketAcl returns 200.

func (*Client) DeleteUser 

func (c *Client) DeleteUser(ctx context.Context, region, userName string) error

func (*Client) DescribeDBInstances added in v0.3.1 

func (c *Client) DescribeDBInstances(ctx context.Context, region, marker string) (DescribeDBInstancesOutput, error)

DescribeDBInstances paginates through RDS DescribeDBInstances. Pass an empty marker for the first call.

func (*Client) DescribeInstances 

func (c *Client) DescribeInstances(ctx context.Context, region, nextToken string, maxResults int) (DescribeInstancesOutput, error)

func (*Client) DescribeRegions 

func (c *Client) DescribeRegions(ctx context.Context, region string) (DescribeRegionsOutput, error)

func (*Client) DetachUserPolicy 

func (c *Client) DetachUserPolicy(ctx context.Context, region, userName, policyArn string) error

func (*Client) DoRESTJSON added in v0.3.1 

func (c *Client) DoRESTJSON(ctx context.Context, req Request, resp any) error

DoRESTJSON sends req as a JSON-bodied REST call (used by SSM, ECS-style services that speak JSON-1.1). Caller provides Headers including `Content-Type: application/x-amz-json-1.1` and `X-Amz-Target: <service>.<action>`.

func (*Client) DoRESTXML 

func (c *Client) DoRESTXML(ctx context.Context, req Request, resp any) error

func (*Client) DoXML 

func (c *Client) DoXML(ctx context.Context, req Request, resp any) error

func (*Client) GetBucketAcl added in v0.3.1 

func (c *Client) GetBucketAcl(ctx context.Context, region, bucket string) (GetBucketAclOutput, error)

GetBucketAcl returns the parsed `?acl` response for bucket. Callers collapse the grant list into a canned-ACL summary via S3CannedACLFromGrants.

func (*Client) GetBucketLocation 

func (c *Client) GetBucketLocation(ctx context.Context, region, bucket string) (GetBucketLocationOutput, error)

func (*Client) GetCallerIdentity 

func (c *Client) GetCallerIdentity(ctx context.Context, region string) (GetCallerIdentityOutput, error)

func (*Client) GetLoginProfile 

func (c *Client) GetLoginProfile(ctx context.Context, region, userName string) (GetLoginProfileOutput, error)

func (*Client) ListAccessKeys added in v0.3.1 

func (c *Client) ListAccessKeys(ctx context.Context, region, userName, marker string) (ListAccessKeysOutput, error)

func (*Client) ListAttachedUserPolicies 

func (c *Client) ListAttachedUserPolicies(ctx context.Context, region, userName, marker string) (ListAttachedUserPoliciesOutput, error)

func (*Client) ListBuckets 

func (c *Client) ListBuckets(ctx context.Context, region string) (ListBucketsOutput, error)

func (*Client) ListObjectsV2 

func (c *Client) ListObjectsV2(ctx context.Context, region, bucket, continuationToken string, maxKeys int) (ListObjectsV2Output, error)

func (*Client) ListUsers 

func (c *Client) ListUsers(ctx context.Context, region, marker string) (ListUsersOutput, error)

func (*Client) ModifyDBInstanceMasterPassword added in v0.3.1 

func (c *Client) ModifyDBInstanceMasterPassword(ctx context.Context, region, instanceID, masterPassword string) (ModifyDBInstanceOutput, error)

ModifyDBInstanceMasterPassword rotates the master user password on an RDS instance. AWS RDS has no notion of "create user via API" — accounts live in the database engine itself; the CSPM-relevant management-plane signal is the master password rotation captured in CloudTrail.

func (*Client) PutBucketAcl added in v0.3.1 

func (c *Client) PutBucketAcl(ctx context.Context, region, bucket, cannedACL string) error

PutBucketAcl sets a canned ACL on bucket via the `x-amz-acl` header. Common values: private, public-read, public-read-write, authenticated-read.

func (*Client) Route53ListHostedZones added in v0.3.1 

func (c *Client) Route53ListHostedZones(ctx context.Context, marker string, maxItems int) (ListHostedZonesOutput, error)

Route53ListHostedZones lists hosted zones in the caller's account. AWS Route53 is a global service; the SigV4 region is fixed to `us-east-1` by the signer (see normalizeServiceRegion).

func (*Client) Route53ListResourceRecordSets added in v0.3.1 

func (c *Client) Route53ListResourceRecordSets(ctx context.Context, zoneID, startName, startType, startIdentifier string, maxItems int) (ListResourceRecordSetsOutput, error)

Route53ListResourceRecordSets lists record sets within a hosted zone. `zoneID` may be either the bare ID ("Z2ABCDE") or the prefixed form ("/hostedzone/Z2ABCDE") — both are accepted.

func (*Client) SSMGetCommandInvocation added in v0.3.1 

func (c *Client) SSMGetCommandInvocation(ctx context.Context, region, commandID, instanceID string) (GetCommandInvocationOutput, error)

SSMGetCommandInvocation polls SSM for the result of a previously-sent command on a single instance.

func (*Client) SSMSendCommand added in v0.3.1 

func (c *Client) SSMSendCommand(ctx context.Context, region, documentName string, instanceIDs, commands []string) (SendCommandOutput, error)

SSMSendCommand kicks off a command execution against one or more instances. `documentName` is `AWS-RunShellScript` (linux) or `AWS-RunPowerShellScript` (windows). `commands` is the list of shell lines to execute.

type CloudTrailEvent added in v0.3.1 

type CloudTrailEvent struct {
	EventID         string               `json:"EventId"`
	EventName       string               `json:"EventName"`
	EventTime       float64              `json:"EventTime"`
	EventSource     string               `json:"EventSource"`
	Username        string               `json:"Username"`
	AccessKeyID     string               `json:"AccessKeyId"`
	Resources       []CloudTrailResource `json:"Resources"`
	CloudTrailEvent string               `json:"CloudTrailEvent"`
}

type CloudTrailResource added in v0.3.1 

type CloudTrailResource struct {
	ResourceType string `json:"ResourceType"`
	ResourceName string `json:"ResourceName"`
}

type CostMetric added in v0.3.1 

type CostMetric struct {
	Amount string `json:"Amount"`
	Unit   string `json:"Unit"`
}

type CostResultByTime added in v0.3.1 

type CostResultByTime struct {
	TimePeriod CostTimePeriod        `json:"TimePeriod"`
	Total      map[string]CostMetric `json:"Total"`
	Estimated  bool                  `json:"Estimated"`
}

type CostTimePeriod added in v0.3.1 

type CostTimePeriod struct {
	Start string `json:"Start"`
	End   string `json:"End"`
}

type CreateAccessKeyOutput added in v0.3.1 

type CreateAccessKeyOutput struct {
	AccessKey IAMAccessKeySecret
	RequestID string
}

type CreateUserOutput 

type CreateUserOutput struct {
	Arn       string
	RequestID string
}

type DBInstance added in v0.3.1 

type DBInstance struct {
	DBInstanceIdentifier string
	Engine               string
	EngineVersion        string
	DBName               string
	Status               string
	PubliclyAccessible   bool
	Address              string
	Port                 int64
	AvailabilityZone     string
}

DBInstance is the typed AWS RDS instance shape returned by DescribeDBInstances. Only the fields cloudlist surfaces are projected.

type DescribeDBInstancesOutput added in v0.3.1 

type DescribeDBInstancesOutput struct {
	DBInstances []DBInstance
	Marker      string
	RequestID   string
}

type DescribeInstancesOutput 

type DescribeInstancesOutput struct {
	Instances []EC2Instance
	NextToken string
}

type DescribeLogGroupsInput added in v0.3.1 

type DescribeLogGroupsInput struct {
	LogGroupNamePrefix *string `json:"logGroupNamePrefix,omitempty"`
	NextToken          *string `json:"nextToken,omitempty"`
	Limit              *int64  `json:"limit,omitempty"`
}

type DescribeLogGroupsOutput added in v0.3.1 

type DescribeLogGroupsOutput struct {
	LogGroups []LogGroup `json:"logGroups"`
	NextToken string     `json:"nextToken"`
}

type DescribeRegionsOutput 

type DescribeRegionsOutput struct {
	Regions []EC2Region
}

type EC2Instance 

type EC2Instance struct {
	InstanceID    string
	PublicIP      string
	PrivateIP     string
	PublicDNSName string
	State         string
	Tags          []EC2Tag
}

type EC2Region 

type EC2Region struct {
	Name string
}

type EC2Tag 

type EC2Tag struct {
	Key   string
	Value string
}

type GetBucketAclOutput added in v0.3.1 

type GetBucketAclOutput struct {
	Owner  S3Owner
	Grants []S3Grant
}

GetBucketAclOutput is a slimmed projection of the GetBucketAcl response. Only the fields needed to derive a canonical canned-ACL summary are kept.

type GetBucketLocationOutput 

type GetBucketLocationOutput struct {
	Region string
}

type GetCallerIdentityOutput 

type GetCallerIdentityOutput struct {
	Account   string
	Arn       string
	UserID    string
	RequestID string
}

type GetCommandInvocationInput added in v0.3.1 

type GetCommandInvocationInput struct {
	CommandID  string `json:"CommandId"`
	InstanceID string `json:"InstanceId"`
}

type GetCommandInvocationOutput added in v0.3.1 

type GetCommandInvocationOutput struct {
	CommandID             string `json:"CommandId"`
	InstanceID            string `json:"InstanceId"`
	Status                string `json:"Status"`
	StatusDetails         string `json:"StatusDetails"`
	StandardOutputContent string `json:"StandardOutputContent"`
	StandardErrorContent  string `json:"StandardErrorContent"`
}

type GetCostAndUsageInput added in v0.3.1 

type GetCostAndUsageInput struct {
	TimePeriod  CostTimePeriod `json:"TimePeriod"`
	Granularity string         `json:"Granularity"`
	Metrics     []string       `json:"Metrics"`
}

type GetCostAndUsageOutput added in v0.3.1 

type GetCostAndUsageOutput struct {
	ResultsByTime []CostResultByTime `json:"ResultsByTime"`
}

type GetLoginProfileOutput 

type GetLoginProfileOutput struct {
	CreateDate            *time.Time
	PasswordResetRequired bool
	RequestID             string
}

type HostedZone added in v0.3.1 

type HostedZone struct {
	ID              string
	Name            string
	PrivateZone     bool
	ResourceCount   int64
	CallerReference string
	Comment         string
}

HostedZone is the public/private DNS zone record returned by ListHostedZones.

type IAMAccessKey added in v0.3.1 

type IAMAccessKey struct {
	AccessKeyID string
	UserName    string
	Status      string
	CreateDate  *time.Time
}

type IAMAccessKeySecret added in v0.3.1 

type IAMAccessKeySecret struct {
	AccessKeyID     string
	SecretAccessKey string
	UserName        string
	Status          string
	CreateDate      *time.Time
}

type IAMUser 

type IAMUser struct {
	UserName         string
	UserID           string
	Arn              string
	CreateDate       *time.Time
	PasswordLastUsed *time.Time
}

type ListAccessKeysOutput added in v0.3.1 

type ListAccessKeysOutput struct {
	AccessKeys  []IAMAccessKey
	Marker      string
	IsTruncated bool
	RequestID   string
}

type ListAttachedUserPoliciesOutput 

type ListAttachedUserPoliciesOutput struct {
	Policies    []AttachedUserPolicy
	Marker      string
	IsTruncated bool
	RequestID   string
}

type ListBucketsOutput 

type ListBucketsOutput struct {
	Buckets []S3Bucket
}

type ListHostedZonesOutput added in v0.3.1 

type ListHostedZonesOutput struct {
	HostedZones []HostedZone
	NextMarker  string
	IsTruncated bool
	RequestID   string
}

ListHostedZonesOutput is the typed result of Route53 ListHostedZones.

type ListObjectsV2Output 

type ListObjectsV2Output struct {
	Objects               []S3Object
	IsTruncated           bool
	NextContinuationToken string
}

type ListResourceRecordSetsOutput added in v0.3.1 

type ListResourceRecordSetsOutput struct {
	Records              []Route53Record
	NextRecordName       string
	NextRecordType       string
	NextRecordIdentifier string
	IsTruncated          bool
	RequestID            string
}

ListResourceRecordSetsOutput is the typed result of Route53 ListResourceRecordSets.

type ListUsersOutput 

type ListUsersOutput struct {
	Users       []IAMUser
	Marker      string
	IsTruncated bool
	RequestID   string
}

type LogGroup added in v0.3.1 

type LogGroup struct {
	LogGroupName    string `json:"logGroupName"`
	CreationTime    int64  `json:"creationTime"`
	RetentionInDays int64  `json:"retentionInDays"`
	StoredBytes     int64  `json:"storedBytes"`
	Arn             string `json:"arn"`
}

func (LogGroup) CreationTimeFormatted added in v0.3.1 

func (g LogGroup) CreationTimeFormatted() string

CreationTimeFormatted converts CloudWatch's millisecond epoch into the `YYYY-MM-DD HH:MM:SS` format the cloudlist `log` asset expects.

type LookupAttribute added in v0.3.1 

type LookupAttribute struct {
	AttributeKey   string `json:"AttributeKey"`
	AttributeValue string `json:"AttributeValue"`
}

type LookupEventsInput added in v0.3.1 

type LookupEventsInput struct {
	StartTime        *float64          `json:"StartTime,omitempty"`
	EndTime          *float64          `json:"EndTime,omitempty"`
	MaxResults       *int64            `json:"MaxResults,omitempty"`
	NextToken        *string           `json:"NextToken,omitempty"`
	LookupAttributes []LookupAttribute `json:"LookupAttributes,omitempty"`
}

type LookupEventsOutput added in v0.3.1 

type LookupEventsOutput struct {
	NextToken string            `json:"NextToken"`
	Events    []CloudTrailEvent `json:"Events"`
}

type ModifyDBInstanceOutput added in v0.3.1 

type ModifyDBInstanceOutput struct {
	DBInstanceIdentifier string
	DBInstanceStatus     string
	MasterUsername       string
	RequestID            string
}

type Option 

type Option func(*Client)

func WithBaseURL 

func WithBaseURL(rawURL string) Option

func WithClock 

func WithClock(now func() time.Time) Option

func WithHTTPClient 

func WithHTTPClient(client *http.Client) Option

func WithRetryPolicy 

func WithRetryPolicy(policy RetryPolicy) Option

type Request 

type Request struct {
	Service    string
	Region     string
	Action     string
	Version    string
	Method     string
	Path       string
	Query      url.Values
	Body       []byte
	Headers    http.Header
	Idempotent bool
	Scheme     string
	Host       string
}

type RetryPolicy 

type RetryPolicy = httpclient.RetryPolicy

func DefaultRetryPolicy 

func DefaultRetryPolicy() RetryPolicy

type Route53Record added in v0.3.1 

type Route53Record struct {
	Name string
	Type string
	TTL  int64
	// Values aggregates ResourceRecords[].Value entries plus any AliasTarget DNS
	// name when the record is an alias.
	Values  []string
	Status  string
	IsAlias bool
}

Route53Record is a single resource-record-set entry under a hosted zone.

type S3Bucket 

type S3Bucket struct {
	Name         string
	BucketRegion string
}

type S3Grant added in v0.3.1 

type S3Grant struct {
	GranteeType string
	GranteeID   string
	GranteeURI  string
	Permission  string
}

type S3Object 

type S3Object struct {
	Key          string
	Size         int64
	LastModified string
	StorageClass string
}

type S3Owner added in v0.3.1 

type S3Owner struct {
	ID          string
	DisplayName string
}

type SendCommandInput added in v0.3.1 

type SendCommandInput struct {
	DocumentName string              `json:"DocumentName"`
	InstanceIDs  []string            `json:"InstanceIds"`
	Parameters   map[string][]string `json:"Parameters"`
}

type SendCommandOutput added in v0.3.1 

type SendCommandOutput struct {
	Command struct {
		CommandID string `json:"CommandId"`
	} `json:"Command"`
}

type SigV4Signer 

type SigV4Signer struct{}

func (SigV4Signer) Sign 

func (s SigV4Signer) Sign(credential auth.Credential, input SignInput) (Signature, error)

type SignInput 

type SignInput struct {
	Method      string
	Service     string
	Region      string
	Host        string
	Path        string
	Query       url.Values
	ContentType string
	Payload     []byte
	Timestamp   time.Time
	Headers     http.Header
}

type Signature 

type Signature struct {
	Authorization    string
	SignedHeaders    string
	CredentialScope  string
	CanonicalRequest string
	StringToSign     string
	AmzDate          string
	PayloadHash      string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.