Documentation
¶
Index ¶
Constants ¶
View Source
const (
AccountSourceOrg = "org"
)
Variables ¶
View Source
var JSONSchema string
Functions ¶
This section is empty.
Types ¶
type Account ¶
type Account struct {
// Will be used as an alias in the source plugin and in the logs.
ID string `json:"id" jsonschema:"required,minLength=1,example=some_id"`
// Will be used as an alias in the source plugin and in the logs.
AccountName string `json:"account_name,omitempty" jsonschema:"example=my_aws_account_name"`
// [Local profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) to use to authenticate this account with.
// Please note this should be set to the name of the profile.
//
// For example, with the following credentials file:
//
// “`ini copy
// [default]
// aws_access_key_id=xxxx
// aws_secret_access_key=xxxx
//
// [user1]
// aws_access_key_id=xxxx
// aws_secret_access_key=xxxx
// “`
//
// `local_profile` should be set to either `default` or `user1`.
LocalProfile string `json:"local_profile,omitempty" jsonschema:"example=my_aws_profile"`
// If specified will use this to assume role.
RoleARN string `json:"role_arn,omitempty" jsonschema:"pattern=^(arn(:[^:\n]*){5}([:/].*)?)?$"`
// If specified will use this session name when assume role to `role_arn`.
RoleSessionName string `json:"role_session_name,omitempty" jsonschema:"example=my_aws_role_session_name"`
// If specified will use this when assuming role to `role_arn`.
ExternalID string `json:"external_id,omitempty" jsonschema:"example=external_id"`
// If specified, this region will be used as the default region for the account.
DefaultRegion string `json:"default_region,omitempty" jsonschema:"minLength=1,default=us-east-1"`
// Regions to use for this account. Defaults to global `regions` setting.
Regions []string `json:"regions,omitempty" jsonschema:"minLength=1,example=us-east-1"`
// explicitly ignore in JSON parsing, as this is filled in later
Source AccountSource `json:"-"`
}
This is used to specify one or more accounts to extract information from.
type AccountSource ¶
type AccountSource string
type Organization ¶
type Organization struct {
// Configuration for how to grab credentials from an admin account.
AdminAccount *Account `json:"admin_account"`
// Configuration for how to specify the principle to use in order to assume a role in the member accounts.
MemberCredentials *Account `json:"member_trusted_principal"`
// Role name that CloudQuery should use to assume a role in the member account from the admin account.
//
// Note: This is not a full ARN, it is just the name.
ChildAccountRoleName string `json:"member_role_name,omitempty" jsonschema:"required,minLength=1,example=some_role_name"`
// Overrides the default session name.
ChildAccountRoleSessionName string `json:"member_role_session_name,omitempty" jsonschema:"example=some_role_session_name"`
// Specify an external ID for use in the trust policy.
ChildAccountExternalID string `json:"member_external_id,omitempty" jsonschema:"example=external_id"`
// Limit fetching resources within this specific account to only these regions.
// This will override any regions specified in the provider block.
// You can specify all regions by using the `*` character as the only argument in the array.
ChildAccountRegions []string `json:"member_regions,omitempty" jsonschema:"minLength=1,example=us-east-1"`
// List of Organizational Units that CloudQuery should use to source accounts from.
// If you specify an OU, CloudQuery will also traverse nested OUs.
OrganizationUnits []string `` /* 145-byte string literal not displayed */
// List of Organizational Units to skip.
// This is useful in conjunction with `organization_units` if there are child OUs that should be ignored.
SkipOrganizationalUnits []string `` /* 150-byte string literal not displayed */
// List of OU member accounts to skip.
// This is useful if there are accounts under the selected OUs that should be ignored.
SkipMemberAccounts []string `json:"skip_member_accounts,omitempty" jsonschema:"example=my_aws_account"`
}
Organization mode spec used to source all accounts underneath automatically.
func (*Organization) Validate ¶
func (o *Organization) Validate() error
type Spec ¶
type Spec struct {
// Regions to use.
Regions []string `json:"regions,omitempty" jsonschema:"minLength=1,example=us-east-1"`
// List of all accounts to fetch information from.
Accounts []Account `json:"accounts"`
// In AWS organization mode, CloudQuery will source all accounts underneath automatically.
Organization *Organization `json:"org"`
// If `true`, will log AWS debug logs, including retries and other request/response metadata. Requires passing `--log-level debug` to the CloudQuery CLI.
AWSDebug bool `json:"aws_debug,omitempty" jsonschema:"default=false"`
// Defines the maximum number of times an API request will be retried.
MaxRetries *int `json:"max_retries,omitempty" jsonschema:"default=10"`
// Defines the duration between retry attempts.
MaxBackoff *int `json:"max_backoff,omitempty" jsonschema:"default=30"`
// The base URL endpoint the SDK API clients will use to make API calls to.
// The SDK will suffix URI path and query elements to this endpoint.
EndpointURL string `json:"custom_endpoint_url,omitempty"`
// Specifies if the endpoint's hostname can be modified by the SDK's API client.
// When using something like LocalStack make sure to set it equal to `true`.
HostnameImmutable *bool `json:"custom_endpoint_hostname_immutable,omitempty" jsonschema:"default=false"`
// The AWS partition the endpoint belongs to.
PartitionID string `json:"custom_endpoint_partition_id,omitempty" jsonschema:"default=,example=aws"`
// The region that should be used for signing the request to the endpoint.
SigningRegion string `json:"custom_endpoint_signing_region,omitempty" jsonschema:"default=,example=us-east-1"`
// During initialization the AWS source plugin fetches information about each account and region.
// This setting controls how many accounts can be initialized concurrently.
// Only configurations with many accounts (either hardcoded or discovered via Organizations)
// should require modifying this setting, to either lower it to avoid rate limit errors, or to increase it to speed up the initialization process.
InitializationConcurrency int `json:"initialization_concurrency" jsonschema:"minimum=1,default=4"`
// The best effort maximum number of Go routines to use. Lower this number to reduce memory usage.
Concurrency int `json:"concurrency" jsonschema:"minimum=1,default=50000"`
// When set to `true` plugin will sync data from APIs that incur a fee.
UsePaidAPIs bool `json:"use_paid_apis" jsonschema:"default=false"`
// The scheduler to use when determining the priority of resources to sync. By default, it is set to `shuffle`.
//
// For more information about this, see [performance tuning](/docs/advanced-topics/performance-tuning).
Scheduler *scheduler.Strategy `json:"scheduler,omitempty" jsonschema:"default=shuffle"`
}
func (Spec) JSONSchemaExtend ¶
func (Spec) JSONSchemaExtend(sc *jsonschema.Schema)
JSONSchemaExtend is required to verify: 1.if `custom_endpoint_url` is present then the following fields are required: * `custom_endpoint_partition_id` * `custom_endpoint_signing_region` * `custom_endpoint_hostname_immutable` 2. Make `org` & `accounts` mutually exclusive
func (*Spec) SetDefaults ¶
func (s *Spec) SetDefaults()
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.