All types are exported from @cloudburn/sdk and are available as TypeScript type imports.
Config types
CloudBurnConfig
type CloudBurnConfig = {
discovery: CloudBurnModeConfig;
iac: CloudBurnModeConfig;
};
Top-level configuration object. discovery controls live AWS scans; iac controls static IaC scans.
CloudBurnModeConfig
type CloudBurnModeConfig = {
enabledRules?: string[];
disabledRules?: string[];
services?: string[];
format?: ConfigOutputFormat;
};
| Field | Type | Description |
|---|---|---|
enabledRules | string[] | Allowlist of rule IDs to run. If set, only these rules execute. |
disabledRules | string[] | Denylist of rule IDs to skip. |
services | string[] | Filter to specific AWS services (e.g. ['ec2', 'ebs']). |
format | ConfigOutputFormat | Output format for CLI use. |
ConfigOutputFormat
type ConfigOutputFormat = 'json' | 'table';
Scan result types
ScanResult
type ScanResult = {
diagnostics?: ScanDiagnostic[];
providers: ProviderFindingGroup[];
};
| Field | Type | Description |
|---|---|---|
diagnostics | ScanDiagnostic[] | Access errors or warnings that did not stop the scan. |
providers | ProviderFindingGroup[] | Findings grouped by cloud provider. |
ProviderFindingGroup
type ProviderFindingGroup = {
provider: CloudProvider;
rules: Finding[];
};
| Field | Type | Description |
|---|---|---|
provider | CloudProvider | The cloud provider for this group. |
rules | Finding[] | All rule findings for this provider. |
Finding
type Finding = {
ruleId: string;
service: string;
source: Source;
message: string;
findings: FindingMatch[];
};
| Field | Type | Description |
|---|---|---|
ruleId | string | The rule identifier (e.g. CLDBRN-AWS-EBS-1). |
service | string | AWS service name (e.g. ebs). |
source | Source | Whether this came from 'iac' or 'discovery'. |
message | string | Human-readable description of the issue. |
findings | FindingMatch[] | Individual resources that triggered this rule. |
FindingMatch
type FindingMatch = {
resourceId: string;
accountId?: string;
region?: string;
location?: SourceLocation;
};
| Field | Type | Description |
|---|---|---|
resourceId | string | The resource identifier or name. |
accountId | string | AWS account ID (discovery scans only). |
region | string | AWS region (discovery scans only). |
location | SourceLocation | File location (IaC scans only). |
SourceLocation
type SourceLocation = {
path: string;
line: number;
column: number;
endLine?: number;
endColumn?: number;
};
Points to the specific position in an IaC file where the issue was found.
ScanDiagnostic
type ScanDiagnostic = {
provider: CloudProvider;
service: string;
source: Source;
status: 'access_denied';
message: string;
code?: string;
details?: string;
region?: string;
};
Represents a non-fatal error encountered during scanning, such as insufficient IAM permissions for a specific service or region.
Rule types
Rule
type Rule = {
id: string;
name: string;
description: string;
message: string;
provider: CloudProvider;
service: string;
supports: Source[];
// ...additional internal fields
};
| Field | Type | Description |
|---|---|---|
id | string | Unique rule identifier. |
name | string | Short display name. |
description | string | Detailed explanation of what the rule checks. |
message | string | The finding message shown in results. |
provider | CloudProvider | Cloud provider this rule targets. |
service | string | AWS service this rule targets. |
supports | Source[] | Whether the rule supports 'iac', 'discovery', or both. |
BuiltInRuleMetadata
type BuiltInRuleMetadata = Pick<Rule, 'id' | 'name' | 'description' | 'provider' | 'service' | 'supports'>;
Serializable metadata subset of Rule. This is the type of entries in the builtInRuleMetadata constant array.
Source
type Source = 'discovery' | 'iac';
CloudProvider
type CloudProvider = 'aws' | 'azure' | 'gcp';
RegisteredRules
type RegisteredRules = {
activeRules: Rule[];
};
Discovery types
AwsRegion
type AwsRegion = 'af-south-1' | 'ap-east-1' | 'ap-northeast-1' | ... | 'us-west-2';
A string literal union of all known AWS region identifiers (e.g. 'us-east-1', 'eu-west-1'). Use assertSupportedAwsRegion() to validate and narrow a plain string to AwsRegion.
AwsDiscoveryTarget
type AwsDiscoveryTarget =
| { mode: 'current' }
| { mode: 'all' }
| { mode: 'region'; region: string }
| { mode: 'regions'; regions: AwsRegion[] };
Passed to discover() to control which regions are scanned. The regions mode scans a specific set of regions by their identifiers.
AwsDiscoveryRegion
type AwsDiscoveryRegion = {
region: string;
type: 'local' | 'aggregator';
};
Describes one enabled Resource Explorer index region.
AwsDiscoveryRegionStatus
type AwsDiscoveryRegionStatus = {
region: string;
indexType?: 'local' | 'aggregator';
isAggregator?: boolean;
status: 'indexed' | 'not_indexed' | 'access_denied' | 'error' | 'unsupported';
viewStatus?: 'present' | 'missing' | 'filtered' | 'access_denied' | 'error' | 'unknown';
errorCode?: string;
notes?: string;
};
Per-region breakdown within AwsDiscoveryStatus.
AwsDiscoveryStatus
type AwsDiscoveryStatus = {
aggregatorRegion?: string;
accessibleRegionCount: number;
coverage: 'full' | 'partial' | 'local_only' | 'none';
indexedRegionCount: number;
regions: AwsDiscoveryRegionStatus[];
totalRegionCount: number;
warning?: string;
};
| Field | Type | Description |
|---|---|---|
aggregatorRegion | string | Region hosting the aggregator index, if one exists. |
accessibleRegionCount | number | Number of regions the SDK could access. |
coverage | 'full' | 'partial' | 'local_only' | 'none' | Overall coverage level. |
indexedRegionCount | number | Number of regions with an active index. |
regions | AwsDiscoveryRegionStatus[] | Per-region status details. |
totalRegionCount | number | Total number of AWS regions checked. |
warning | string | Optional warning message. |
AwsDiscoveryInitialization
type AwsDiscoveryInitialization = {
status: 'CREATED' | 'EXISTING';
indexType: 'local' | 'aggregator';
aggregatorRegion: string;
aggregatorAction: 'created' | 'none' | 'promoted' | 'unchanged';
createdIndexCount: number;
reusedIndexCount: number;
regions: string[];
coverage: AwsDiscoveryStatus['coverage'];
verificationStatus: 'verified' | 'timed_out';
observedStatus: AwsDiscoveryStatus;
taskId?: string;
warning?: string;
};
Returned by initializeDiscovery(). status: 'CREATED' means new indexes were created; 'EXISTING' means the setup was already in place.
AwsSupportedResourceType
type AwsSupportedResourceType = {
resourceType: string;
service?: string;
};
Returned by listSupportedDiscoveryResourceTypes(). Lists the AWS resource types that Resource Explorer can index and that CloudBurn can discover.
Deprecated aliases
These types still work but are deprecated. Use the replacements shown.
| Deprecated | Replacement |
|---|---|
RuleConfig | CloudBurnModeConfig |
ScanSource | Source |
What's next
| Package Exports | All named exports and their signatures |
| CloudBurnClient | Method reference with full parameter types |
| Rules | Browse available rules |