iam-policy-generator icon indicating copy to clipboard operation
iam-policy-generator copied to clipboard

Published 20 hours ago verified publisher icon aletheia

Shorthands for actions commonly used together?

Open mrtj opened this issue 4 years ago • 4 comments

It might be even easier to use the generator if it provided some shorthands for grouping together commonly used actions. I am thinking about for example an s3 bucket "read only" action group that could include LIST_BUCKET, GET_OBJECT and similar actions. I feel that at least a read only / read write action group could be defined for most of AWS resources, but there might be other interesting use cases as well.

mrtj avatar May 04 '20 12:05 mrtj

Nice idea! Could we try to liste common use cases?

aletheia avatar May 04 '20 20:05 aletheia

  • S3 Bucker Read Only

aletheia avatar May 04 '20 20:05 aletheia

As for use cases, the AWS SAM Policy Templates provide an ever growing collection of readily usable and vetted IAM policy 'shorthands' for real-world use cases.

Given the context, those are obviously geared towards serverless use cases, but there is quite some overlap (see e.g. S3ReadOnly as discussed above), so they should provide a nice starting point regardless.

sopel avatar May 05 '20 13:05 sopel

Other approaches to commonly used policy generation are used by

  • Salesforce Policy Sentry https://github.com/salesforce/policy_sentry
  • Netflix PolicyUniverse https://github.com/Netflix-Skunkworks/policyuniverse

They should be analyzed and considered to address this issue

aletheia avatar May 07 '20 06:05 aletheia