Class IamConfigValidator

IAM Configuration validator. Validates iam configuration

Hierarchy

  • IamConfigValidator

Constructors

constructor

Methods

getAccountNames getKmsKeyNames getOuIdNames getVpcSubnetLists validateAssignmentAccountNames validateAssignmentDeploymentTargetOUs validateAssignmentPrincipalsForIamRoles validateDeploymentTargetAccountNames validateDeploymentTargetOUs validateGroupSetsAccountNames validateGroupSetsDeploymentTargetOUs validateIdentityCenterResourceNameForUniqueness validatePolicyFileExists validatePolicySetsAccountNames validatePolicySetsDeploymentTargetOUs validateRoleSetsAccountNames validateRoleSetsDeploymentTargetOUs validateUserSetsAccountNames validateUserSetsDeploymentTargetOUs

Constructors

constructor

Methods

Private getAccountNames

  • Prepare list of Account names from account config file

    Returns

    Parameters

    Returns string[]

Private getKmsKeyNames

  • Prepare list of kms key names from security config file

    Parameters

    Returns void

Private getOuIdNames

  • Prepare list of OU ids from organization config file

    Returns

    Parameters

    Returns string[]

Private getVpcSubnetLists

  • Function to create vpc and subnet lists

    Returns

    Parameters

    Returns VpcSubnetListsType[]

Private validateAssignmentAccountNames

  • Function to validate existence of Assignment target account names Make sure deployment target accounts are part of account config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountNames: string[]
    • errors: string[]

    Returns void

Private validateAssignmentDeploymentTargetOUs

  • Function to validate existence of Assignment deployment target OUs Make sure deployment target OUs are part of Organization config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • ouIdNames: string[]
    • errors: string[]

    Returns void

Private validateAssignmentPrincipalsForIamRoles

  • Function to validate existence of Assignment target account names exist for IAM policies or that arn or account ids match correct format Make sure deployment target accounts are part of account config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountNames: string[]
    • errors: string[]

    Returns void

Private validateDeploymentTargetAccountNames

  • Function to validate Deployment targets OU name for IAM services

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountNames: string[]
    • errors: string[]

    Returns void

Private validateDeploymentTargetOUs

  • Function to validate Deployment targets OU name for IAM services

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • ouIdNames: string[]
    • errors: string[]

    Returns void

Private validateGroupSetsAccountNames

  • Function to validate existence of group sets target account names Make sure deployment target accounts are part of account config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountNames: string[]
    • errors: string[]

    Returns void

Private validateGroupSetsDeploymentTargetOUs

  • Function to validate existence of group sets deployment target OUs Make sure deployment target OUs are part of Organization config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • ouIdNames: string[]
    • errors: string[]

    Returns void

Private validateIdentityCenterResourceNameForUniqueness

  • Function to validate PermissionSet and Assignment names are unique

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • errors: string[]

    Returns void

Private validatePolicyFileExists

  • Validate policy file existence

    Returns

    Parameters

    • configDir: string
    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • errors: string[]

    Returns void

Private validatePolicySetsAccountNames

  • Function to validate existence of policy sets target account names Make sure deployment target accounts are part of account config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountNames: string[]
    • errors: string[]

    Returns void

Private validatePolicySetsDeploymentTargetOUs

  • Function to validate existence of policy sets deployment target OUs Make sure deployment target OUs are part of Organization config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • ouIdNames: string[]
    • errors: string[]

    Returns void

Private validateRoleSetsAccountNames

  • Function to validate existence of role sets target account names Make sure deployment target accounts are part of account config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountNames: string[]
    • errors: string[]

    Returns void

Private validateRoleSetsDeploymentTargetOUs

  • Function to validate existence of role sets deployment target OUs Make sure deployment target OUs are part of Organization config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • ouIdNames: string[]
    • errors: string[]

    Returns void

Private validateUserSetsAccountNames

  • Function to validate existence of user sets target account names Make sure deployment target accounts are part of account config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • accountNames: string[]
    • errors: string[]

    Returns void

Private validateUserSetsDeploymentTargetOUs

  • Function to validate existence of user sets deployment target OUs Make sure deployment target OUs are part of Organization config file

    Parameters

    • values: {
          groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[];
          identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; });
          managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[];
          policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[];
          providers: undefined | ({ name: string; metadataDocument: string; })[];
          roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[];
          userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[];
      }
      • groupSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; groups: { ...; }[]; })[]
      • identityCenter: undefined | ({ name: string; delegatedAdminAccount: string | undefined; identityCenterPermissionSets: { name: string; policies: { awsManaged: string[] | undefined; customerManaged: string[] | undefined; } | undefined; sessionDuration: number | undefined; }[] | undefined; identityCenterAssignments: { ...; }[] | undefined; })
      • managedActiveDirectories: undefined | ({ name: string; account: string; region: "af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | ... 25 more ... | "ap-southeast-4"; ... 10 more ...; activeDirectoryConfigurationInstance: { ...; } | undefined; })[]
      • policySets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; policies: { ...; }[]; })[]
      • providers: undefined | ({ name: string; metadataDocument: string; })[]
      • roleSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; path: string | undefined; roles: { ...; }[]; })[]
      • userSets: undefined | ({ deploymentTargets: { organizationalUnits: string[] | undefined; accounts: string[] | undefined; excludedRegions: string[] | undefined; excludedAccounts: string[] | undefined; }; users: { ...; }[]; })[]
    • ouIdNames: string[]
    • errors: string[]

    Returns void

Settings

Member Visibility

Theme

Generated using TypeDoc