policy_sentry
0.7.0
Introduction
Overview
Motivation
Authoring Secure IAM Policies
Installation
Shell completion
Usage
Author Information
Comparison to other tools
Policy Revocation Tools
Repokid
AWS Tools
AWS Console - Visual Policy Editor
AWS Policy Generator (static website)
Log-based Policy Generators
CloudTracker
Trailscraper
Other Infrastructure as Code Tools
aws-iam-generator
Terraform
User Guide
Installation
Shell completion
Command cheat sheet
Commands
Policy Writing Commands
IAM Database Query Commands
Initialization (Optional)
Writing IAM Policies
CRUD Mode
Command options
Instructions
Actions Mode
Command options
Instructions
Folder Mode
Querying the IAM Policy Database
Commands
Options
Docker
Initialization (Optional)
Options
Usage
Skipping Initialization
Terraform
Terraform Demo
Command options
Prerequisites
Tutorial
Terraform Modules
1: Install policy_sentry
2: Generate the policy_sentry YAML File
3: Run policy_sentry and specify proper target directory
4: Create the IAM Policies using JSON files from directory
Contributing
Contributing
Contributing to Documentation
Building Documentation
Docstrings
IAM Database
How Policy Sentry uses the IAM database
Updating the AWS HTML files
Testing
Pipenv
Invoke
Local Unit Testing and Integration Testing: Quick and Easy
Running the Test Suite
Project Structure
Subfolders
Files and functions
Versioning
Version bumps
Roadmap
Condition Keys
Log-based policy generation
Library Usage
Library Usage
Getting Started with the Library
Examples
Querying the IAM Database
All
Actions
ARNs
Conditions
Writing Policies
Actions Mode: Writing Policies by providing a list of Actions
CRUD Mode: Writing Policies by Access Levels and ARNs
Analyzing Policies
Analyzing by access level
Expanding actions from a policy file
Module Reference
Querying
querying.all
querying.actions
querying.arns
querying.conditions
Writing
command.write_policy
writing.sid_group
writing.template
writing.validate
writing.minimize
Analyzing
analysis.analyze
Utilities
util.policy_files
util.arns
util.file
util.actions
Appendix
Implementation Strategy
IAM Background
IAM Policies
IAM Policy Elements
Actions, Resources, and Condition Keys Per Service
Action Table
ARN Table
Condition Keys Table
References
Minimization
policy_sentry
Docs
»
Index
Edit on GitHub
Index
A
|
C
|
D
|
E
|
G
|
L
|
M
|
P
|
R
|
S
|
V
|
W
A
add_action_without_resource_constraint() (policy_sentry.writing.sid_group.SidGroup method)
add_by_arn_and_access_level() (policy_sentry.writing.sid_group.SidGroup method)
add_by_list_of_actions() (policy_sentry.writing.sid_group.SidGroup method)
analyze_by_access_level() (in module policy_sentry.analysis.analyze)
analyze_policy_directory() (in module policy_sentry.analysis.analyze)
analyze_policy_file() (in module policy_sentry.analysis.analyze)
analyze_statement_by_access_level() (in module policy_sentry.analysis.analyze)
arn_has_colons() (in module policy_sentry.util.arns)
arn_has_slash() (in module policy_sentry.util.arns)
C
check() (in module policy_sentry.writing.validate)
check_actions_schema() (in module policy_sentry.writing.validate)
check_crud_schema() (in module policy_sentry.writing.validate)
check_min_permission_length() (in module policy_sentry.writing.minimize)
check_valid_file_path() (in module policy_sentry.util.file)
create_actions_template() (in module policy_sentry.writing.template)
create_crud_template() (in module policy_sentry.writing.template)
create_directory_if_it_doesnt_exist() (in module policy_sentry.util.file)
create_policy_sid_namespace() (in module policy_sentry.writing.sid_group)
D
determine_actions_to_expand() (in module policy_sentry.analysis.analyze)
determine_risky_actions() (in module policy_sentry.analysis.analyze)
determine_risky_actions_from_list() (in module policy_sentry.analysis.analyze)
does_arn_match() (in module policy_sentry.util.arns)
E
expand() (in module policy_sentry.analysis.analyze)
G
get_account_from_arn() (in module policy_sentry.util.arns)
get_action_data() (in module policy_sentry.querying.actions)
get_action_name_from_action() (in module policy_sentry.util.actions)
get_actions_at_access_level_that_support_wildcard_arns_only() (in module policy_sentry.querying.actions)
get_actions_for_service() (in module policy_sentry.querying.actions)
get_actions_from_json_policy_file() (in module policy_sentry.util.policy_files)
get_actions_from_policy() (in module policy_sentry.util.policy_files)
get_actions_from_statement() (in module policy_sentry.util.policy_files)
get_actions_matching_condition_crud_and_arn() (in module policy_sentry.querying.actions)
get_actions_matching_condition_key() (in module policy_sentry.querying.actions)
get_actions_template_dict() (in module policy_sentry.writing.template)
get_actions_that_support_wildcard_arns_only() (in module policy_sentry.querying.actions)
get_actions_with_access_level() (in module policy_sentry.querying.actions)
get_actions_with_arn_type_and_access_level() (in module policy_sentry.querying.actions)
get_all_actions() (in module policy_sentry.querying.all)
get_all_service_prefixes() (in module policy_sentry.querying.all)
get_arn_data() (in module policy_sentry.querying.arns)
get_arn_type_details() (in module policy_sentry.querying.arns)
get_arn_types_for_service() (in module policy_sentry.querying.arns)
get_condition_key_details() (in module policy_sentry.querying.conditions)
get_condition_keys_available_to_raw_arn() (in module policy_sentry.querying.conditions)
get_condition_keys_for_service() (in module policy_sentry.querying.conditions)
get_condition_value_type() (in module policy_sentry.querying.conditions)
get_conditions_for_action_and_raw_arn() (in module policy_sentry.querying.conditions)
get_crud_template_dict() (in module policy_sentry.writing.template)
get_denied_prefixes_from_desired() (in module policy_sentry.writing.minimize)
get_dependent_actions() (in module policy_sentry.querying.actions)
get_full_action_name() (in module policy_sentry.util.actions)
get_lowercase_action_list() (in module policy_sentry.util.actions)
get_partition_from_arn() (in module policy_sentry.util.arns)
get_raw_arns_for_service() (in module policy_sentry.querying.arns)
get_region_from_arn() (in module policy_sentry.util.arns)
get_rendered_policy() (policy_sentry.writing.sid_group.SidGroup method)
get_resource_from_arn() (in module policy_sentry.util.arns)
get_resource_path_from_arn() (in module policy_sentry.util.arns)
get_resource_type_name_with_raw_arn() (in module policy_sentry.querying.arns)
get_service_from_action() (in module policy_sentry.util.actions)
get_service_from_arn() (in module policy_sentry.util.arns)
get_sid() (policy_sentry.writing.sid_group.SidGroup method)
get_sid_group() (policy_sentry.writing.sid_group.SidGroup method)
get_universal_conditions() (policy_sentry.writing.sid_group.SidGroup method)
L
list_files_in_directory() (in module policy_sentry.util.file)
list_sids() (policy_sentry.writing.sid_group.SidGroup method)
M
minimize_statement_actions() (in module policy_sentry.writing.minimize)
P
parse_arn() (in module policy_sentry.util.arns)
policy_sentry.analysis.analyze (module)
policy_sentry.command.write_policy (module)
policy_sentry.querying.actions (module)
policy_sentry.querying.all (module)
policy_sentry.querying.arns (module)
policy_sentry.querying.conditions (module)
policy_sentry.util.actions (module)
policy_sentry.util.arns (module)
policy_sentry.util.file (module)
policy_sentry.util.policy_files (module)
policy_sentry.writing.minimize (module)
policy_sentry.writing.sid_group (module)
policy_sentry.writing.template (module)
policy_sentry.writing.validate (module)
process_template() (policy_sentry.writing.sid_group.SidGroup method)
R
read_risky_iam_permissions_text_file() (in module policy_sentry.analysis.analyze)
read_this_file() (in module policy_sentry.util.file)
read_yaml_file() (in module policy_sentry.util.file)
remove_actions_duplicated_in_wildcard_arn() (policy_sentry.writing.sid_group.SidGroup method)
remove_actions_not_matching_access_level() (in module policy_sentry.querying.actions)
remove_actions_not_matching_these() (policy_sentry.writing.sid_group.SidGroup method)
remove_actions_that_are_not_wildcard_arn_only() (in module policy_sentry.querying.actions)
(in module policy_sentry.writing.sid_group)
S
SidGroup (class in policy_sentry.writing.sid_group)
V
validate_condition_block() (in module policy_sentry.writing.validate)
W
write_json_file() (in module policy_sentry.util.file)
write_policy_with_template() (in module policy_sentry.command.write_policy)