/**
 * AWS Security Scanner
 * Scans AWS infrastructure for security issues:
 * - IAM: overly permissive policies, unused credentials, MFA status
 * - S3: public buckets, unencrypted buckets, versioning
 * - EC2: security groups, public IPs, unencrypted volumes
 * - Lambda: public functions, environment secrets
 * - RDS: public instances, unencrypted databases
 */
export interface AWSFinding {
    service: 'iam' | 's3' | 'ec2' | 'lambda' | 'rds';
    resourceType: string;
    resourceId: string;
    resourceArn?: string;
    severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
    title: string;
    description: string;
    remediation?: string;
    metadata?: Record<string, unknown>;
}
export interface AWSScanConfig {
    region?: string;
    profile?: string;
    services?: ('iam' | 's3' | 'ec2' | 'lambda' | 'rds')[];
    skipServices?: ('iam' | 's3' | 'ec2' | 'lambda' | 'rds')[];
}
export interface AWSScanResult {
    timestamp: string;
    region: string;
    accountId?: string;
    findings: AWSFinding[];
    summary: {
        critical: number;
        high: number;
        medium: number;
        low: number;
        info: number;
        total: number;
    };
    scannedServices: string[];
    errors: Array<{
        service: string;
        error: string;
    }>;
}
export declare class AWSScanner {
    private region;
    private iamClient;
    private s3Client;
    private ec2Client;
    private lambdaClient;
    private rdsClient;
    private config;
    constructor(config?: AWSScanConfig);
    scan(): Promise<AWSScanResult>;
    private scanIAM;
    private scanS3;
    private scanEC2;
    private isSensitivePort;
    private scanLambda;
    private scanRDS;
}
export declare function scanAWS(config?: AWSScanConfig): Promise<AWSScanResult>;