package aws

import "github.com/cyralinc/dmap/aws"

Index

• type AWSScanner
  • func NewAWSScanner(ctx context.Context, scannerConfig ScannerConfig) (*AWSScanner, error)
  • func (s *AWSScanner) Scan(ctx context.Context) (*scan.ScanResults, error)
• type AssumeRoleConfig
• type S3Bucket
• type ScannerConfig
  • func (config *ScannerConfig) Validate() error

Types

type AWSScanner

type AWSScanner struct {
	// contains filtered or unexported fields
}

AWSScanner is an implementation of the Scanner interface for the AWS cloud provider. It supports scanning data repositories from multiple AWS regions, including RDS clusters and instances, Redshift clusters and DynamoDB tables.

func NewAWSScanner

func NewAWSScanner(
	ctx context.Context,
	scannerConfig ScannerConfig,
) (*AWSScanner, error)

NewAWSScanner creates a new instance of AWSScanner based on the ScannerConfig. If AssumeRoleConfig is specified, the AWSScanner will assume this IAM Role and use it during service requests. If AssumeRoleConfig is nil, the AWSScanner will use the AWS default external configuration.

func (*AWSScanner) Scan

func (s *AWSScanner) Scan(ctx context.Context) (*scan.ScanResults, error)

Scan performs a scan across all the AWS regions configured and return a scan results, containing a list of data repositories that includes: RDS clusters and instances, Redshift clusters and DynamoDB tables.

type AssumeRoleConfig

type AssumeRoleConfig struct {
	// The ARN of the IAM Role to be assumed.
	IAMRoleARN string
	// Optional External ID to be used as part of the assume role process.
	ExternalID string
}

AssumeRoleConfig represents the information of an IAM Role to be assumed by the AWSScanner when performing request to the AWS services during the data repositories scan.

type S3Bucket

type S3Bucket struct {
	// contains filtered or unexported fields
}

type ScannerConfig

type ScannerConfig struct {
	Regions    []string
	AssumeRole *AssumeRoleConfig
}

ScannerConfig represents an AWSScanner configuration. It allows defining the AWS regions that should be scanned and an optional AssumeRoleConfig that contains the configuration for assuming an IAM Role during the scan. If AssumeRoleConfig is nil, the AWS default external configuration will be used instead.

func (*ScannerConfig) Validate

func (config *ScannerConfig) Validate() error

Validate validates the ScannerConfig configuration.