aws

package

v0.3.1 Latest Latest Go to latest Published: May 6, 2026 License: MIT Imports: 22 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/404tk/cloudtoolkit

Links

Open Source Insights

Documentation ¶

Index ¶

type ClientConfig
type Provider
- func New(options schema.Options) (*Provider, error)
- func NewWithConfig(options schema.Options, cfg ClientConfig) (*Provider, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ClientConfig ¶ added in v0.3.1

type ClientConfig struct {
	APIOptions          []_api.Option
	SkipCredentialCache bool
}

ClientConfig allows callers (e.g. demo replay) to inject custom api.Option values and skip credential cache writes for ephemeral credentials.

type Provider ¶

type Provider struct {
	// contains filtered or unexported fields
}

Provider is a data provider for aws API

func New ¶

func New(options schema.Options) (*Provider, error)

New creates a new provider client for aws API

func NewWithConfig ¶ added in v0.3.1

func NewWithConfig(options schema.Options, cfg ClientConfig) (*Provider, error)

NewWithConfig creates a new provider client for aws API with injected transport options. Real callers use New; replay/test callers feed in a mock HTTP client through cfg.APIOptions.

func (*Provider) BucketACL ¶ added in v0.3.1

func (p *Provider) BucketACL(ctx context.Context, action, container, level string) (schema.BucketACLResult, error)

BucketACL implements schema.BucketACLManager for AWS S3. `level` accepts the canned S3 ACL values (private / public-read / public-read-write / authenticated-read / aws-exec-read) or friendly aliases resolved by s3.NormalizeS3ACL. The expose path also clears the bucket Public Access Block (best-effort) so a public canned ACL actually surfaces.

func (*Provider) BucketDump ¶ added in v0.0.5

func (p *Provider) BucketDump(ctx context.Context, action, bucketName string) ([]schema.BucketResult, error)

func (*Provider) DBManagement ¶ added in v0.1.1

func (p *Provider) DBManagement(ctx context.Context, action, instanceID string) (schema.DatabaseActionResult, error)

DBManagement implements schema.DBManager for AWS RDS by rotating the instance master password. AWS RDS doesn't expose per-user create/delete via API; rotating MasterUserPassword is the closest CSPM-detectable management-plane signal (captured via CloudTrail).

func (*Provider) EventDump ¶ added in v0.0.9

func (p *Provider) EventDump(ctx context.Context, action, args string) (schema.EventActionResult, error)

EventDump implements schema.EventReader for AWS CloudTrail. The `dump` action lists recent management-event records via `LookupEvents`. CloudTrail is read-only — `whitelist` returns a clear unsupported error.

func (*Provider) ExecuteCloudVMCommand ¶ added in v0.1.1

func (p *Provider) ExecuteCloudVMCommand(ctx context.Context, instanceID, cmd string) (schema.CommandResult, error)

ExecuteCloudVMCommand routes through AWS Systems Manager (SSM): the validation flow sends a one-shot command to the target instance via `SendCommand` and polls `GetCommandInvocation` until the status is terminal. The instance must have the SSM agent running with a role that allows `ssm:UpdateInstanceInformation` (the default-managed-instance pattern) — without that the command sits in `InProgress` forever and the caller eventually surfaces a timeout error.

func (*Provider) IAMCredential ¶ added in v0.3.1

func (p *Provider) IAMCredential(ctx context.Context, action, principal, credentialID string) (schema.IAMCredentialResult, error)

IAMCredential implements schema.IAMCredentialManager for AWS IAM access keys. `principal` is the IAM user name (required for create / delete); `list` without a principal falls back to the calling identity. `credentialID` is the AccessKeyId for delete.

func (*Provider) Name ¶

func (p *Provider) Name() string

Name returns the name of the provider

func (*Provider) Resources ¶

func (p *Provider) Resources(ctx context.Context) (schema.Resources, error)

Resources returns the provider for an resource deployment source.

func (*Provider) RoleBinding ¶ added in v0.3.1

func (p *Provider) RoleBinding(ctx context.Context, action, principal, role, scope string) (schema.RoleBindingResult, error)

RoleBinding implements schema.RoleBindingManager for AWS IAM. `principal` is the IAM user name and `role` is the managed-policy ARN (or short name like "AdministratorAccess", which is expanded to the AWS-managed ARN). `scope` is reserved for future use; AWS user-policy attachments are global.

func (*Provider) UserManagement ¶ added in v0.0.4

func (p *Provider) UserManagement(action, username, password string) (schema.IAMResult, error)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
api
auth
billing Package billing wraps AWS Cost Explorer for the cloudlist `balance` asset.	Package billing wraps AWS Cost Explorer for the cloudlist `balance` asset.
cloudtrail
ec2
iam
internal
arnutil
logs
rds Package rds wraps AWS RDS master password rotation.	Package rds wraps AWS RDS master password rotation.
replay
route53
s3
ssm

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL