Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/octogonapus/iampolicysearch
https://github.com/octogonapus/iampolicysearch
Last synced: 20 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/octogonapus/iampolicysearch
- Owner: Octogonapus
- License: mit
- Created: 2024-08-27T20:28:07.000Z (4 months ago)
- Default Branch: main
- Last Pushed: 2024-08-27T20:35:00.000Z (4 months ago)
- Last Synced: 2024-12-15T13:14:02.509Z (24 days ago)
- Language: Go
- Size: 4.88 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# IAMPolicySearch
Search for IAM policies by the permission they grant, instead of by their name.
## Examples
Find that pesky inline policy allowing access to a secret without having to manually search through multiple users:
```sh
$ go run main.go 'secretsmanager:GetSecretValue' 'arn:aws:secretsmanager:us-east-2:1234567890:secret:rds-db-credentials/primary/mydb'
The action secretsmanager:GetSecretValue on the resource arn:aws:secretsmanager:us-east-2:1234567890:secret:rds-db-credentials/primary/mydb is allowed by the following policies:
(user inline policy) UserName=SomeUser PolicyName=inline
Arn=arn:aws:iam::1234567890:policy/some-other-policy VersionId=v5
is attached to role: Name=some-other-policy Id=SAND902N0F20
```
See what can access your S3 bucket:
```sh
$ go run main.go 's3:GetObject' 'arn:aws:s3:::my-bucket/prefix/*'
The action s3:GetObject on the resource arn:aws:s3:::my-bucket/prefix/* is allowed by the following policies:
Arn=arn:aws:iam::1234567890:policy/Policy1 VersionId=v17
is attached to group: Name=Group1 Id=SAND902N0F20
Arn=arn:aws:iam::1234567890:policy/Policy1 VersionId=v16
is attached to group: Name=Group1 Id=SAND902N0F20
Arn=arn:aws:iam::1234567890:policy/Policy2 VersionId=v1
is attached to role: Name=Role1 Id=SAND902N0F21
is attached to role: Name=Role2 Id=SAND902N0F22
```