45 lines
1.1 KiB
Go
45 lines
1.1 KiB
Go
package awsbase
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/aws/aws-sdk-go/aws/endpoints"
|
|
)
|
|
|
|
// ValidateAccountID checks if the given AWS account ID is specifically allowed or forbidden.
|
|
// The allowedAccountIDs can be used as a whitelist and forbiddenAccountIDs can be used as a blacklist.
|
|
func ValidateAccountID(accountID string, allowedAccountIDs, forbiddenAccountIDs []string) error {
|
|
if len(forbiddenAccountIDs) > 0 {
|
|
for _, forbiddenAccountID := range forbiddenAccountIDs {
|
|
if accountID == forbiddenAccountID {
|
|
return fmt.Errorf("Forbidden AWS Account ID: %s", accountID)
|
|
}
|
|
}
|
|
}
|
|
|
|
if len(allowedAccountIDs) > 0 {
|
|
for _, allowedAccountID := range allowedAccountIDs {
|
|
if accountID == allowedAccountID {
|
|
return nil
|
|
}
|
|
}
|
|
|
|
return fmt.Errorf("AWS Account ID not allowed: %s", accountID)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// ValidateRegion checks if the given region is a valid AWS region.
|
|
func ValidateRegion(region string) error {
|
|
for _, partition := range endpoints.DefaultPartitions() {
|
|
for _, partitionRegion := range partition.Regions() {
|
|
if region == partitionRegion.ID() {
|
|
return nil
|
|
}
|
|
}
|
|
}
|
|
|
|
return fmt.Errorf("Invalid AWS Region: %s", region)
|
|
}
|