All types are exported from @cloudburn/sdk and are available as TypeScript type imports.
Config types
CloudBurnConfig
type CloudBurnConfig = {
discovery: CloudBurnModeConfig;
iac: CloudBurnModeConfig;
};
Top-level configuration object. discovery controls live AWS scans; iac controls static IaC scans.
CloudBurnModeConfig
type CloudBurnModeConfig = {
enabledRules?: string[];
disabledRules?: string[];
services?: string[];
format?: ConfigOutputFormat;
};
| Field | Type | Description |
|---|---|---|
enabledRules | string[] | Allowlist of rule IDs to run. If set, only these rules execute. |
disabledRules | string[] | Denylist of rule IDs to skip. |
services | string[] | Filter to specific AWS services (e.g. ['ec2', 'ebs']). |
format | ConfigOutputFormat | Output format for CLI use. |
ConfigOutputFormat
type ConfigOutputFormat = 'json' | 'table';
Scan result types
ScanResult
type ScanResult = {
diagnostics?: ScanDiagnostic[];
providers: ProviderFindingGroup[];
};
| Field | Type | Description |
|---|---|---|
diagnostics | ScanDiagnostic[] | Access errors or warnings that did not stop the scan. |
providers | ProviderFindingGroup[] | Findings grouped by cloud provider. |
ProviderFindingGroup
type ProviderFindingGroup = {
provider: CloudProvider;
rules: Finding[];
};
| Field | Type | Description |
|---|---|---|
provider | CloudProvider | The cloud provider for this group. |
rules | Finding[] | All rule findings for this provider. |
Finding
type Finding = {
ruleId: string;
service: string;
source: Source;
message: string;
findings: FindingMatch[];
};
| Field | Type | Description |
|---|---|---|
ruleId | string | The rule identifier (e.g. CLDBRN-AWS-EBS-1). |
service | string | AWS service name (e.g. ebs). |
source | Source | Whether this came from 'iac' or 'discovery'. |
message | string | Human-readable description of the issue. |
findings | FindingMatch[] | Individual resources that triggered this rule. |
FindingMatch
type FindingMatch = {
resourceId: string;
accountId?: string;
region?: string;
location?: SourceLocation;
};
| Field | Type | Description |
|---|---|---|
resourceId | string | The resource identifier or name. |
accountId | string | AWS account ID (discovery scans only). |
region | string | AWS region (discovery scans only). |
location | SourceLocation | File location (IaC scans only). |
SourceLocation
type SourceLocation = {
path: string;
line: number;
column: number;
endLine?: number;
endColumn?: number;
};
Points to the specific position in an IaC file where the issue was found.
ScanDiagnostic
type ScanDiagnostic = {
provider: CloudProvider;
service: string;
source: Source;
status: 'access_denied';
message: string;
code?: string;
details?: string;
region?: string;
};
Represents a non-fatal error encountered during scanning, such as insufficient IAM permissions for a specific service or region.
Rule types
Rule
type Rule = {
id: string;
name: string;
description: string;
message: string;
provider: CloudProvider;
service: string;
supports: Source[];
// ...additional internal fields
};
| Field | Type | Description |
|---|---|---|
id | string | Unique rule identifier. |
name | string | Short display name. |
description | string | Detailed explanation of what the rule checks. |
message | string | The finding message shown in results. |
provider | CloudProvider | Cloud provider this rule targets. |
service | string | AWS service this rule targets. |
supports | Source[] | Whether the rule supports 'iac', 'discovery', or both. |
BuiltInRuleMetadata
type BuiltInRuleMetadata = Pick<Rule, 'id' | 'name' | 'description' | 'provider' | 'service' | 'supports'>;
Serializable metadata subset of Rule. This is the type of entries in the builtInRuleMetadata constant array.
Source
type Source = 'discovery' | 'iac';
CloudProvider
type CloudProvider = 'aws' | 'azure' | 'gcp';
RegisteredRules
type RegisteredRules = {
activeRules: Rule[];
};
Discovery types
AwsDiscoveryTarget
type AwsDiscoveryTarget =
| { mode: 'current' }
| { mode: 'all' }
| { mode: 'region'; region: string };
Passed to discover() to control which regions are scanned.
AwsDiscoveryRegion
type AwsDiscoveryRegion = {
region: string;
type: 'local' | 'aggregator';
};
Returned by listEnabledDiscoveryRegions().
AwsDiscoveryRegionStatus
type AwsDiscoveryRegionStatus = {
region: string;
indexType?: 'local' | 'aggregator';
isAggregator?: boolean;
status: 'indexed' | 'not_indexed' | 'access_denied' | 'error' | 'unsupported';
viewStatus?: string;
errorCode?: string;
notes?: string;
};
Per-region breakdown within AwsDiscoveryStatus.
AwsDiscoveryStatus
type AwsDiscoveryStatus = {
aggregatorRegion?: string;
accessibleRegionCount: number;
coverage: 'full' | 'partial' | 'local_only' | 'none';
indexedRegionCount: number;
regions: AwsDiscoveryRegionStatus[];
totalRegionCount: number;
warning?: string;
};
| Field | Type | Description |
|---|---|---|
aggregatorRegion | string | Region hosting the aggregator index, if one exists. |
accessibleRegionCount | number | Number of regions the SDK could access. |
coverage | string | Overall coverage level. |
indexedRegionCount | number | Number of regions with an active index. |
regions | AwsDiscoveryRegionStatus[] | Per-region status details. |
totalRegionCount | number | Total number of AWS regions checked. |
warning | string | Optional warning message. |
AwsDiscoveryInitialization
type AwsDiscoveryInitialization = {
status: 'CREATED' | 'EXISTING';
indexType: 'local' | 'aggregator';
aggregatorRegion: string;
aggregatorAction: string;
createdIndexCount: number;
reusedIndexCount: number;
regions: string[];
coverage: string;
verificationStatus: 'verified' | 'timed_out';
observedStatus: AwsDiscoveryStatus;
taskId?: string;
warning?: string;
};
Returned by initializeDiscovery(). status: 'CREATED' means new indexes were created; 'EXISTING' means the setup was already in place.
IaC types
IaCResource
type IaCResource = {
provider: CloudProvider;
type: string;
name: string;
location?: SourceLocation;
attributeLocations?: Record<string, SourceLocation>;
attributes: Record<string, unknown>;
};
Represents a single infrastructure resource parsed from IaC files. Returned by parseIaC().
| Field | Type | Description |
|---|---|---|
provider | CloudProvider | Cloud provider. |
type | string | Resource type (e.g. aws_ebs_volume). |
name | string | Resource name as defined in the IaC file. |
location | SourceLocation | Location of the resource block in the source file. |
attributeLocations | Record<string, SourceLocation> | Per-attribute source locations. |
attributes | Record<string, unknown> | Resource configuration attributes. |
Deprecated aliases
These types still work but are deprecated. Use the replacements shown.
| Deprecated | Replacement |
|---|---|
RuleConfig | CloudBurnModeConfig |
ScanSource | Source |
What's next
| Package Exports | All named exports and their signatures |
| CloudBurnClient | Method reference with full parameter types |
| Rules | Browse available rules |