policy_sentry
0.6.9
Introduction
Overview
Motivation
Authoring Secure IAM Policies
Installation
Shell completion
Usage
Author Information
Comparison to other tools
Policy Revocation Tools
Repokid
AWS Tools
AWS Console - Visual Policy Editor
AWS Policy Generator (static website)
Log-based Policy Generators
CloudTracker
Trailscraper
Other Infrastructure as Code Tools
aws-iam-generator
Terraform
User Guide
Installation
Shell completion
Initialization
Options
Usage
Skipping Initialization
Writing IAM Policies
CRUD Mode: ARNs and Access Levels
Command options
Instructions
Actions Mode: Lists of IAM Actions
Command options
Instructions
Folder Mode: Write Multiple Policies from CRUD mode files
Downloading Policies
Customer-managed policies - one account
AWS Managed policies
Analyzing Policies
Motivation
Options
Instructions
Risk Categories
Audit all downloaded policies and generate a report
Audit a single IAM policy and generate a report
Custom Config file
Querying the Policy Database
Commands
Options
Docker
Command cheat sheet
Commands
Initialization
Policy Writing Commands
IAM Database Query Commands
Policy Download and Analysis Commands
Terraform
Terraform Demo
Command options
Prerequisites
Tutorial
Terraform Modules
1: Install policy_sentry
2: Generate the policy_sentry YAML File
3: Run policy_sentry and specify proper target directory
4: Create the IAM Policies using JSON files from directory
Contributing
Contributing
Contributing to Documentation
Building Documentation
Docstrings
IAM Database
How Policy Sentry uses the IAM database
Updating the AWS HTML files
Testing
Pipenv
Invoke
Local Unit Testing and Integration Testing: Quick and Easy
Running the Test Suite
Project Structure
Subfolders
Files and functions
Versioning
Version bumps
Roadmap
Condition Keys
Log-based policy generation
Library Usage
Library Usage
Getting Started with the Library
Examples
Querying the IAM Database
All
Actions
ARNs
Conditions
Writing Policies
Actions Mode: Writing Policies by providing a list of Actions
CRUD Mode: Writing Policies by Access Levels and ARNs
Analyzing Policies
Analyzing by access level
Expanding actions from a policy file
Module Reference
Querying
querying.all
querying.actions
querying.arns
querying.conditions
Writing
command.write_policy
writing.policy
writing.roles
writing.template
writing.validate
writing.minimize
Analyzing
analysis.analyze
Utilities
util.policy_files
util.arns
util.file
util.actions
Appendix
Implementation Strategy
IAM Background
IAM Policies
IAM Policy Elements
Actions, Resources, and Condition Keys Per Service
Action Table
ARN Table
Condition Keys Table
References
Minimization
policy_sentry
Docs
»
Index
Edit on GitHub
Index
A
|
C
|
D
|
E
|
G
|
L
|
M
|
P
|
R
|
U
|
W
A
add() (policy_sentry.writing.policy.ArnActionGroup method)
add_complete_entry() (policy_sentry.writing.policy.ArnActionGroup method)
add_role() (policy_sentry.writing.roles.Roles method)
analyze_by_access_level() (in module policy_sentry.analysis.analyze)
analyze_policy_directory() (in module policy_sentry.analysis.analyze)
analyze_policy_file() (in module policy_sentry.analysis.analyze)
arn_has_colons() (in module policy_sentry.util.arns)
arn_has_slash() (in module policy_sentry.util.arns)
ArnActionGroup (class in policy_sentry.writing.policy)
C
check() (in module policy_sentry.writing.validate)
check_actions_schema() (in module policy_sentry.writing.validate)
check_crud_schema() (in module policy_sentry.writing.validate)
check_min_permission_length() (in module policy_sentry.writing.minimize)
check_valid_file_path() (in module policy_sentry.util.file)
combine_policy_elements() (policy_sentry.writing.policy.ArnActionGroup method)
create_actions_template() (in module policy_sentry.writing.template)
create_crud_template() (in module policy_sentry.writing.template)
create_directory_if_it_doesnt_exist() (in module policy_sentry.util.file)
create_policy_sid_namespace() (in module policy_sentry.writing.policy)
D
determine_actions_to_expand() (in module policy_sentry.analysis.analyze)
determine_risky_actions() (in module policy_sentry.analysis.analyze)
does_action_exist() (policy_sentry.writing.policy.ArnActionGroup method)
does_arn_match() (in module policy_sentry.util.arns)
E
expand() (in module policy_sentry.analysis.analyze)
G
get_account_from_arn() (in module policy_sentry.util.arns)
get_action_data() (in module policy_sentry.querying.actions)
get_action_name_from_action() (in module policy_sentry.util.actions)
get_actions_at_access_level_that_support_wildcard_arns_only() (in module policy_sentry.querying.actions)
get_actions_for_service() (in module policy_sentry.querying.actions)
get_actions_from_json_policy_file() (in module policy_sentry.util.policy_files)
get_actions_from_policy() (in module policy_sentry.util.policy_files)
get_actions_matching_condition_crud_and_arn() (in module policy_sentry.querying.actions)
get_actions_matching_condition_key() (in module policy_sentry.querying.actions)
get_actions_template_dict() (in module policy_sentry.writing.template)
get_actions_that_support_wildcard_arns_only() (in module policy_sentry.querying.actions)
get_actions_with_access_level() (in module policy_sentry.querying.actions)
get_actions_with_arn_type_and_access_level() (in module policy_sentry.querying.actions)
get_all_actions() (in module policy_sentry.querying.all)
get_all_service_prefixes() (in module policy_sentry.querying.all)
get_arn_type_details() (in module policy_sentry.querying.arns)
get_arn_types_for_service() (in module policy_sentry.querying.arns)
get_arns() (policy_sentry.writing.policy.ArnActionGroup method)
get_condition_key_details() (in module policy_sentry.querying.conditions)
get_condition_keys_for_service() (in module policy_sentry.querying.conditions)
get_crud_template_dict() (in module policy_sentry.writing.template)
get_denied_prefixes_from_desired() (in module policy_sentry.writing.minimize)
get_dependent_actions() (in module policy_sentry.querying.actions)
get_full_action_name() (in module policy_sentry.util.actions)
get_lowercase_action_list() (in module policy_sentry.util.actions)
get_partition_from_arn() (in module policy_sentry.util.arns)
get_policy_elements() (policy_sentry.writing.policy.ArnActionGroup method)
get_raw_arns_for_service() (in module policy_sentry.querying.arns)
get_region_from_arn() (in module policy_sentry.util.arns)
get_resource_from_arn() (in module policy_sentry.util.arns)
get_resource_path_from_arn() (in module policy_sentry.util.arns)
get_roles() (policy_sentry.writing.roles.Roles method)
get_service_from_action() (in module policy_sentry.util.actions)
get_service_from_arn() (in module policy_sentry.util.arns)
L
list_files_in_directory() (in module policy_sentry.util.file)
M
minimize_statement_actions() (in module policy_sentry.writing.minimize)
P
parse_arn() (in module policy_sentry.util.arns)
policy_sentry.analysis.analyze (module)
policy_sentry.querying.actions (module)
policy_sentry.querying.all (module)
policy_sentry.querying.arns (module)
policy_sentry.querying.conditions (module)
policy_sentry.util.actions (module)
policy_sentry.util.arns (module)
policy_sentry.util.file (module)
policy_sentry.util.policy_files (module)
policy_sentry.writing.minimize (module)
policy_sentry.writing.policy (module)
policy_sentry.writing.roles (module)
policy_sentry.writing.template (module)
policy_sentry.writing.validate (module)
process_actions_config() (policy_sentry.writing.roles.Roles method)
process_list_of_actions() (policy_sentry.writing.policy.ArnActionGroup method)
process_resource_specific_acls() (policy_sentry.writing.policy.ArnActionGroup method)
R
read_risky_iam_permissions_text_file() (in module policy_sentry.analysis.analyze)
read_this_file() (in module policy_sentry.util.file)
read_yaml_file() (in module policy_sentry.util.file)
remove_actions_duplicated_in_wildcard_resources() (policy_sentry.writing.policy.ArnActionGroup method)
remove_actions_not_matching_access_level() (in module policy_sentry.querying.actions)
remove_actions_not_matching_list() (policy_sentry.writing.policy.ArnActionGroup method)
remove_actions_that_are_not_wildcard_arn_only() (in module policy_sentry.writing.policy)
remove_sids_with_empty_action_lists() (policy_sentry.writing.policy.ArnActionGroup method)
Roles (class in policy_sentry.writing.roles)
U
update_actions_for_raw_arn_format() (policy_sentry.writing.policy.ArnActionGroup method)
W
write_json_file() (in module policy_sentry.util.file)