policy_sentry
0.6.6
Introduction
Overview
Motivation
Authoring Secure IAM Policies
Installation
Usage
Author Information
Comparison to other tools
Policy Revocation Tools
Repokid
AWS Tools
AWS Console - Visual Policy Editor
AWS Policy Generator (static website)
Log-based Policy Generators
CloudTracker
Trailscraper
Other Infrastructure as Code Tools
aws-iam-generator
Terraform
User Guide
Installation
Initialization
Options
Usage
Skipping Initialization
Writing IAM Policies
CRUD Mode: ARNs and Access Levels
Command options
Instructions
Actions Mode: Lists of IAM Actions
Command options
Instructions
Folder Mode: Write Multiple Policies from CRUD mode files
Downloading Policies
Customer-managed policies - one account
AWS Managed policies
Analyzing Policies
Motivation
Options
Instructions
Risk Categories
Audit all downloaded policies and generate a report
Audit a single IAM policy and generate a report
Custom Config file
Querying the Policy Database
Commands
Options
Docker
Command cheat sheet
Commands
Initialization
Policy Writing Commands
IAM Database Query Commands
Policy Download and Analysis Commands
Terraform
Terraform Demo
Command options
Prerequisites
Tutorial
Terraform Modules
1: Install policy_sentry
2: Generate the policy_sentry YAML File
3: Run policy_sentry and specify proper target directory
4: Create the IAM Policies using JSON files from directory
Contributing
Contributing
Contributing to Documentation
Building Documentation
Docstrings
IAM Database
How Policy Sentry uses the IAM database
Updating the AWS HTML files
Testing
Pipenv
Invoke
Local Unit Testing and Integration Testing: Quick and Easy
Running the Test Suite
Project Structure
Subfolders
Files and functions
Versioning
Version bumps
Roadmap
Condition Keys
Log-based policy generation
Library Usage
Library Usage
Getting Started with the Library
Module Reference
Querying
querying.all
querying.actions
querying.arns
querying.conditions
Writing
command.write_policy
writing.policy
writing.roles
writing.template
writing.validate
writing.minimize
Analyzing
analysis.analyze
Utilities
util.policy_files
util.arns
util.file
util.actions
Examples
Querying
All
querying.all.get_all_services
querying.all.get_all_actions
Actions
querying.actions.get_action_data
querying.actions.get_actions_for_service
querying.actions.get_actions_matching_condition_key
querying.actions.get_actions_supporting_wilcards_only
querying.actions.get_actions_with_access_levels
querying.actions.get_actions_with_arn_type_and_access_level
querying.actions.get_dependent_actions
ARNs
querying.arns.get_arn_type_details
querying.arns.get_arn_types_for_service
querying.arns.get_raw_arns_for_service
Conditions
querying.conditions.get_condition_key_details
querying.conditions.get_condition_keys_for_service
Appendix
Implementation Strategy
IAM Background
IAM Policies
IAM Policy Elements
Actions, Resources, and Condition Keys Per Service
Action Table
ARN Table
Condition Keys Table
References
Minimization
policy_sentry
Docs
»
Index
Edit on GitHub
Index
A
|
C
|
D
|
E
|
G
|
L
|
M
|
P
|
R
|
U
|
W
A
add() (policy_sentry.writing.policy.ArnActionGroup method)
add_complete_entry() (policy_sentry.writing.policy.ArnActionGroup method)
add_role() (policy_sentry.writing.roles.Roles method)
analyze_by_access_level() (in module policy_sentry.analysis.analyze)
analyze_policy_directory() (in module policy_sentry.analysis.analyze)
analyze_policy_file() (in module policy_sentry.analysis.analyze)
arn_has_colons() (in module policy_sentry.util.arns)
arn_has_slash() (in module policy_sentry.util.arns)
ArnActionGroup (class in policy_sentry.writing.policy)
C
check() (in module policy_sentry.writing.validate)
check_actions_schema() (in module policy_sentry.writing.validate)
check_crud_schema() (in module policy_sentry.writing.validate)
check_min_permission_length() (in module policy_sentry.writing.minimize)
check_valid_file_path() (in module policy_sentry.util.file)
combine_policy_elements() (policy_sentry.writing.policy.ArnActionGroup method)
create_actions_template() (in module policy_sentry.writing.template)
create_crud_template() (in module policy_sentry.writing.template)
create_directory_if_it_doesnt_exist() (in module policy_sentry.util.file)
create_policy_sid_namespace() (in module policy_sentry.writing.policy)
D
determine_actions_to_expand() (in module policy_sentry.analysis.analyze)
determine_risky_actions() (in module policy_sentry.analysis.analyze)
does_action_exist() (policy_sentry.writing.policy.ArnActionGroup method)
does_arn_match() (in module policy_sentry.util.arns)
E
expand() (in module policy_sentry.analysis.analyze)
G
get_account_from_arn() (in module policy_sentry.util.arns)
get_action_data() (in module policy_sentry.querying.actions)
get_action_name_from_action() (in module policy_sentry.util.actions)
get_actions_for_service() (in module policy_sentry.querying.actions)
get_actions_from_json_policy_file() (in module policy_sentry.util.policy_files)
get_actions_from_policy() (in module policy_sentry.util.policy_files)
get_actions_matching_condition_key() (in module policy_sentry.querying.actions)
get_actions_that_support_wildcard_arns_only() (in module policy_sentry.querying.actions)
get_actions_with_access_level() (in module policy_sentry.querying.actions)
get_actions_with_arn_type_and_access_level() (in module policy_sentry.querying.actions)
get_all_actions() (in module policy_sentry.querying.all)
get_all_service_prefixes() (in module policy_sentry.querying.all)
get_arn_type_details() (in module policy_sentry.querying.arns)
get_arn_types_for_service() (in module policy_sentry.querying.arns)
get_arns() (policy_sentry.writing.policy.ArnActionGroup method)
get_condition_key_details() (in module policy_sentry.querying.conditions)
get_condition_keys_for_service() (in module policy_sentry.querying.conditions)
get_denied_prefixes_from_desired() (in module policy_sentry.writing.minimize)
get_dependent_actions() (in module policy_sentry.querying.actions)
get_full_action_name() (in module policy_sentry.util.actions)
get_lowercase_action_list() (in module policy_sentry.util.actions)
get_partition_from_arn() (in module policy_sentry.util.arns)
get_policy_elements() (policy_sentry.writing.policy.ArnActionGroup method)
get_raw_arns_for_service() (in module policy_sentry.querying.arns)
get_region_from_arn() (in module policy_sentry.util.arns)
get_resource_from_arn() (in module policy_sentry.util.arns)
get_resource_path_from_arn() (in module policy_sentry.util.arns)
get_roles() (policy_sentry.writing.roles.Roles method)
get_service_from_action() (in module policy_sentry.util.actions)
get_service_from_arn() (in module policy_sentry.util.arns)
L
list_files_in_directory() (in module policy_sentry.util.file)
M
minimize_statement_actions() (in module policy_sentry.writing.minimize)
P
parse_arn() (in module policy_sentry.util.arns)
policy_sentry.analysis.analyze (module)
policy_sentry.querying.actions (module)
policy_sentry.querying.all (module)
policy_sentry.querying.arns (module)
policy_sentry.querying.conditions (module)
policy_sentry.util.actions (module)
policy_sentry.util.arns (module)
policy_sentry.util.file (module)
policy_sentry.util.policy_files (module)
policy_sentry.writing.minimize (module)
policy_sentry.writing.policy (module)
policy_sentry.writing.roles (module)
policy_sentry.writing.template (module)
policy_sentry.writing.validate (module)
process_actions_config() (policy_sentry.writing.roles.Roles method)
process_list_of_actions() (policy_sentry.writing.policy.ArnActionGroup method)
process_resource_specific_acls() (policy_sentry.writing.policy.ArnActionGroup method)
R
read_risky_iam_permissions_text_file() (in module policy_sentry.analysis.analyze)
read_this_file() (in module policy_sentry.util.file)
read_yaml_file() (in module policy_sentry.util.file)
remove_actions_duplicated_in_wildcard_resources() (policy_sentry.writing.policy.ArnActionGroup method)
remove_actions_not_matching_access_level() (in module policy_sentry.querying.actions)
remove_actions_not_matching_list() (policy_sentry.writing.policy.ArnActionGroup method)
remove_actions_that_are_not_wildcard_arn_only() (in module policy_sentry.writing.policy)
remove_sids_with_empty_action_lists() (policy_sentry.writing.policy.ArnActionGroup method)
Roles (class in policy_sentry.writing.roles)
U
update_actions_for_raw_arn_format() (policy_sentry.writing.policy.ArnActionGroup method)
W
write_json_file() (in module policy_sentry.util.file)