Class IamConfigValidator

IAM Configuration validator. Validates iam configuration

Hierarchy

  • IamConfigValidator

Constructors

constructor

Methods

getAccountNames getIdentityCenterAssignmentDeployAccountNames getKmsKeyNames getOuIdNames getVpcSubnetLists validateAssignmentAccountNames validateAssignmentDeploymentTargetOUs validateAssignmentPrincipalsForIamRoles validateDeploymentTargetAccountNames validateDeploymentTargetOUs validateGroupSetsAccountNames validateGroupSetsDeploymentTargetOUs validateIamGroupTarget validateIamPolicyTargets validateIamRoleTarget validateIamUserTarget validateIdentityCenter validateIdentityCenterPermissionSetAssignmentsForManagement validateIdentityCenterPermissionSetInAssignments validateIdentityCenterPermissionSetNameForUniqueness validateIdentityCenterPermissionSetPermissionsBoundary validateIdentityCenterPermissionSetPolicies validatePolicies validatePolicyFileExists validatePolicyNames validatePolicySetsAccountNames validatePolicySetsDeploymentTargetOUs validateRoleNames validateRoleSetsAccountNames validateRoleSetsDeploymentTargetOUs validateRoles validateUserSetsAccountNames validateUserSetsDeploymentTargetOUs

Constructors

constructor

Methods

Private getAccountNames

  • Prepare list of Account names from account config file

    Returns

    Parameters

    Returns string[]

Private getIdentityCenterAssignmentDeployAccountNames

  • Function to get Identity Center Assignment deploy target account names

    Returns

    Parameters

    • identityCenter: {
          delegatedAdminAccount: undefined | string;
          identityCenterAssignments: undefined | ({ permissionSetName: string; principalId: string | undefined; principalType: "USER" | "GROUP" | undefined; principals: { type: string; name: string; }[] | undefined; deploymentTargets: { ...; }; name: string; })[];
          identityCenterPermissionSets: undefined | ({ name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | undefined; sessionDuration: number | undefined; })[];
          name: string;
      }
      • delegatedAdminAccount: undefined | string
      • identityCenterAssignments: undefined | ({ permissionSetName: string; principalId: string | undefined; principalType: "USER" | "GROUP" | undefined; principals: { type: string; name: string; }[] | undefined; deploymentTargets: { ...; }; name: string; })[]
      • identityCenterPermissionSets: undefined | ({ name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | undefined; sessionDuration: number | undefined; })[]
      • name: string
    • accountsConfig: AccountsConfig
    • identityCenterPermissionSetName: string

    Returns string[]

Private getKmsKeyNames

  • Prepare list of kms key names from security config file

    Parameters

    Returns void

Private getOuIdNames

  • Prepare list of OU ids from organization config file

    Returns

    Parameters

    Returns string[]

Private getVpcSubnetLists

  • Function to create vpc and subnet lists

    Returns

    Parameters

    Returns VpcSubnetListsType[]

Private validateAssignmentAccountNames

  • Function to validate existence of Assignment target account names Make sure deployment target accounts are part of account config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountNames: string[]
    • errors: string[]

    Returns void

Private validateAssignmentDeploymentTargetOUs

  • Function to validate existence of Assignment deployment target OUs Make sure deployment target OUs are part of Organization config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • ouIdNames: string[]
    • errors: string[]

    Returns void

Private validateAssignmentPrincipalsForIamRoles

  • Function to validate existence of Assignment target account names exist for IAM policies or that arn or account ids match correct format Make sure deployment target accounts are part of account config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountNames: string[]
    • errors: string[]

    Returns void

Private validateDeploymentTargetAccountNames

  • Function to validate Deployment targets OU name for IAM services

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountNames: string[]
    • errors: string[]

    Returns void

Private validateDeploymentTargetOUs

  • Function to validate Deployment targets OU name for IAM services

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • ouIdNames: string[]
    • errors: string[]

    Returns void

Private validateGroupSetsAccountNames

  • Function to validate existence of group sets target account names Make sure deployment target accounts are part of account config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountNames: string[]
    • errors: string[]

    Returns void

Private validateGroupSetsDeploymentTargetOUs

  • Function to validate existence of group sets deployment target OUs Make sure deployment target OUs are part of Organization config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • ouIdNames: string[]
    • errors: string[]

    Returns void

Private validateIamGroupTarget

  • Function to validate managed policy availability for IAM Groups

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountsConfig: AccountsConfig
    • policyItem: PolicySetConfig

      PolicySetConfig

    • errors: string[]

    Returns void

Private validateIamPolicyTargets

  • Function to validate managed policy availability for IAM resources

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountsConfig: AccountsConfig
    • errors: string[]

    Returns void

Private validateIamRoleTarget

  • Function to validate managed policy availability for IAM Roles

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountsConfig: AccountsConfig
    • policyItem: PolicySetConfig

      PolicySetConfig

    • errors: string[]

    Returns void

Private validateIamUserTarget

  • Function to validate managed policy availability for IAM users

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountsConfig: AccountsConfig
    • policyItem: PolicySetConfig

      PolicySetConfig

    • errors: string[]

    Returns void

Private validateIdentityCenter

  • Function to validate Identity Center object

    Parameters

    • iamConfig: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountsConfig: AccountsConfig
    • errors: string[]

    Returns void

Private validateIdentityCenterPermissionSetAssignmentsForManagement

  • Function to validate Identity Center Permission set assignments are not deployed to management account

    Parameters

    • iamConfig: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • errors: string[]

    Returns void

Private validateIdentityCenterPermissionSetInAssignments

  • Function to validate Identity Center Permission set names in assignment

    Parameters

    • iamConfig: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • errors: string[]

    Returns void

Private validateIdentityCenterPermissionSetNameForUniqueness

  • Function to validate PermissionSet and Assignment names are unique

    Parameters

    • iamConfig: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • errors: string[]

    Returns void

Private validateIdentityCenterPermissionSetPermissionsBoundary

  • Function to validate Identity Center Permission set permissionsBoundary

    Parameters

    • iamConfig: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • errors: string[]

    Returns void

Private validateIdentityCenterPermissionSetPolicies

  • Parameters

    • iamConfig: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountsConfig: AccountsConfig
    • errors: string[]

    Returns void

Private validatePolicies

  • Validate IAM policies

    Parameters

    • configDir: string
    • values: IamConfig
    • errors: string[]

    Returns void

Private validatePolicyFileExists

  • Validate policy file existence

    Returns

    Parameters

    • configDir: string
    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • errors: string[]

    Returns void

Private validatePolicyNames

  • Checks policy names for duplicate values

    Parameters

    Returns void

Private validatePolicySetsAccountNames

  • Function to validate existence of policy sets target account names Make sure deployment target accounts are part of account config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountNames: string[]
    • errors: string[]

    Returns void

Private validatePolicySetsDeploymentTargetOUs

  • Function to validate existence of policy sets deployment target OUs Make sure deployment target OUs are part of Organization config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • ouIdNames: string[]
    • errors: string[]

    Returns void

Private validateRoleNames

  • Checks role names for duplicate values

    Parameters

    Returns void

Private validateRoleSetsAccountNames

  • Function to validate existence of role sets target account names Make sure deployment target accounts are part of account config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountNames: string[]
    • errors: string[]

    Returns void

Private validateRoleSetsDeploymentTargetOUs

  • Function to validate existence of role sets deployment target OUs Make sure deployment target OUs are part of Organization config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • ouIdNames: string[]
    • errors: string[]

    Returns void

Private validateRoles

  • Validate IAM roles

    Parameters

    Returns void

Private validateUserSetsAccountNames

  • Function to validate existence of user sets target account names Make sure deployment target accounts are part of account config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountNames: string[]
    • errors: string[]

    Returns void

Private validateUserSetsDeploymentTargetOUs

  • Function to validate existence of user sets deployment target OUs Make sure deployment target OUs are part of Organization config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...);
          managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; acceleratorManaged: string[] | undefined; inlinePolicy: string | undefined; permissionsBoundary: { ...; } | undefined; } | unde...)
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: string; dnsName: string; netBiosDomainName: string; description: string | undefined; edition: string; vpcSettings: { vpcName: string; subnets: string[]; }; ... 5 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; identityCenterDependency: boolean | undefined; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • ouIdNames: string[]
    • errors: string[]

    Returns void

Settings

Member Visibility

Theme

Generated using TypeDoc