CloudBurnClient is the main entry point for the CloudBurn SDK. All scan and discovery operations are performed through this class.
Constructor
new CloudBurnClient()
No parameters. AWS credentials are resolved automatically from the default credential chain when discovery methods are called.
Methods overview
| Method | Returns | Description |
|---|---|---|
scanStatic | Promise<ScanResult> | Static IaC file analysis |
discover | Promise<ScanResult> | Live AWS resource discovery |
initializeDiscovery | Promise<AwsDiscoveryInitialization> | Bootstrap Resource Explorer |
getDiscoveryStatus | Promise<AwsDiscoveryStatus> | Resource Explorer status |
listEnabledDiscoveryRegions | Promise<AwsDiscoveryRegion[]> | List indexed regions |
listSupportedDiscoveryResourceTypes | Promise<AwsSupportedResourceType[]> | List supported resource types |
loadConfig | Promise<CloudBurnConfig> | Load config from disk |
scanStatic
scanStatic(
path: string,
config?: Partial<CloudBurnConfig>,
options?: { configPath?: string }
): Promise<ScanResult>
Analyzes IaC files at the given path. Does not require AWS credentials.
Parameters:
| Parameter | Type | Description |
|---|---|---|
path | string | Path to directory or file containing IaC code |
config | Partial<CloudBurnConfig> | Optional inline config to override loaded config |
options.configPath | string | Optional explicit path to a .cloudburn.yml config file |
Returns: Promise<ScanResult>
Example:
const client = new CloudBurnClient();
const result = await client.scanStatic('./infrastructure', {
iac: {
services: ['ec2', 'ebs'],
disabledRules: ['CLDBRN-AWS-EC2-2'],
},
});
discover
discover(options?: {
target?: AwsDiscoveryTarget;
config?: Partial<CloudBurnConfig>;
configPath?: string;
}): Promise<ScanResult>
Scans live AWS resources using AWS Resource Explorer. Requires AWS credentials and an initialized Resource Explorer.
Parameters:
| Parameter | Type | Description |
|---|---|---|
options.target | AwsDiscoveryTarget | Scope the scan to specific regions (default: current region) |
options.config | Partial<CloudBurnConfig> | Optional inline config to override loaded config |
options.configPath | string | Optional explicit path to a .cloudburn.yml config file |
Target modes:
| Mode | Description |
|---|---|
{ mode: 'current' } | Scan current region only (default) |
{ mode: 'all' } | Scan all indexed regions |
{ mode: 'region', region: string } | Scan a specific region |
Returns: Promise<ScanResult>
If some services or regions are inaccessible, they appear in result.diagnostics with status: 'access_denied' rather than causing the scan to fail.
Example:
const result = await client.discover({
target: { mode: 'all' },
config: { discovery: { services: ['ec2', 'rds'] } },
});
initializeDiscovery
initializeDiscovery(options?: {
region?: string;
}): Promise<AwsDiscoveryInitialization>
Sets up AWS Resource Explorer for CloudBurn discovery scans. Creates an aggregator index in the specified region and local indexes in all other enabled regions.
Call this once per AWS account. On subsequent calls it detects existing setup and returns status: 'EXISTING' without making changes.
Parameters:
| Parameter | Type | Description |
|---|---|---|
options.region | string | Region for the aggregator index (defaults to current region) |
Returns: Promise<AwsDiscoveryInitialization>
The returned object includes status ('CREATED' or 'EXISTING'), the aggregatorRegion, coverage summary, and verificationStatus indicating whether the index was confirmed as active.
Example:
const init = await client.initializeDiscovery({ region: 'us-east-1' });
console.log(`Status: ${init.status}`);
console.log(`Aggregator: ${init.aggregatorRegion}`);
console.log(`Coverage: ${init.coverage}`);
getDiscoveryStatus
getDiscoveryStatus(options?: {
region?: string;
}): Promise<AwsDiscoveryStatus>
Returns the current state of AWS Resource Explorer indexing.
Parameters:
| Parameter | Type | Description |
|---|---|---|
options.region | string | Region to check status for (defaults to current region) |
Returns: Promise<AwsDiscoveryStatus>
Coverage values:
| Value | Meaning |
|---|---|
full | Aggregator index covers all accessible regions |
partial | Some regions indexed, some not |
local_only | Only the local region is indexed |
none | No regions are indexed |
Example:
const status = await client.getDiscoveryStatus();
console.log(`Coverage: ${status.coverage}`);
console.log(`Indexed regions: ${status.indexedRegionCount} / ${status.totalRegionCount}`);
listEnabledDiscoveryRegions
listEnabledDiscoveryRegions(): Promise<AwsDiscoveryRegion[]>
Returns the list of AWS regions that have an active Resource Explorer index.
Returns: Promise<AwsDiscoveryRegion[]>
Each entry has region: string and type: 'local' | 'aggregator'.
listSupportedDiscoveryResourceTypes
listSupportedDiscoveryResourceTypes(): Promise<AwsSupportedResourceType[]>
Returns all AWS resource types that CloudBurn supports for discovery scans.
Returns: Promise<AwsSupportedResourceType[]>
loadConfig
loadConfig(path?: string): Promise<CloudBurnConfig>
Loads a CloudBurn configuration file from disk.
Parameters:
| Parameter | Type | Description |
|---|---|---|
path | string | Explicit path to a .cloudburn.yml file. If omitted, the SDK walks up the directory tree from process.cwd() to find the nearest config file. |
Returns: Promise<CloudBurnConfig>
The walk-up algorithm starts at the current working directory and checks each parent directory until it finds a .cloudburn.yml file or reaches the filesystem root. If no config is found, default config values are returned.
Example:
// Auto-discover config
const config = await client.loadConfig();
// Explicit path
const config = await client.loadConfig('/project/.cloudburn.yml');
What's next
| Types Reference | Full type definitions for all parameters and return types |
| Package Exports | All named exports from @cloudburn/sdk |
| Custom Configuration | Using loadConfig() with inline overrides |