trackiam icon indicating copy to clipboard operation
trackiam copied to clipboard

Published 20 hours ago verified publisher icon glassechidna

Metadata

A project to collate IAM actions, AWS APIs and managed policies from various public sources.

AWS IAM Tracker

This project collects IAM actions, AWS APIs and managed policies from various public sources.

You can explore the data collected using the static site.

Collected data is published to the policies and services folders in this repo.

Thank you to alanakirby/aktion for originally having this idea and being gracious about me shamelessly ripping it off.

Stats

  • Unique services: 325
  • Unique actions: 13397
  • Managed policies: 972

Most common managed policy name prefixes:

Policy ARN Count
arn:aws:iam::aws:policy/AWS* 275
arn:aws:iam::aws:policy/Amazon* 253
arn:aws:iam::aws:policy/aws-service-role/* 203
arn:aws:iam::aws:policy/service-role/* 149
arn:aws:iam::aws:policy/job-function/* 7
Other 85

The following table summarises the AWS APIs.

  • The first column is the name of the API as far as IAM policies are concerned.
  • The second column is IAM actions that exactly match the names of invokable APIs exposed by AWS.
  • The third column is invokable APIs that don't have a corresponding IAM action.
  • The fourth column is IAM actions that don't have a corresponding invokable API.
Service Action/API pairs APIs without actions Actions without APIs
ec2 533 0 9
sagemaker 267 10 5
chime 210 7 50
glue 180 4 2
iam 158 0 1
lightsail 154 0 0
connect 153 0 6
ses 138 0 0
rds 137 0 5
ssm 135 0 10
quicksight 120 0 25
mobiletargeting 119 0 1
redshift 118 1 18
greengrass 111 0 1
servicecatalog 109 0 0
lex 104 2 7
cognito-idp 101 0 4
iotwireless 98 0 1
gamelift 95 0 0
a4b 93 0 3
cloudfront 91 7 1
storagegateway 90 0 1
config 86 3 0
networkmanager 85 0 0
s3 83 58 45
waf-regional 81 0 0
codecommit 77 0 11
waf 77 0 0
devicefarm 77 0 0
proton 75 0 23
opsworks 74 0 0
iotsitewise 71 0 1
comprehend 71 0 0
route53 70 0 0
workmail 68 5 51
frauddetector 68 0 0
cloudformation 66 0 11
backup 66 0 2
clouddirectory 66 0 0
ds 65 0 6
appstream 65 0 1
elasticache 65 0 0
es 64 0 10
workspaces 63 0 1
route53resolver 63 0 0
rekognition 63 0 0
directconnect 63 0 0
personalize 62 3 0
guardduty 61 4 0
lambda 61 2 5
macie2 61 0 0
autoscaling 61 0 0
auditmanager 61 0 0
medialive 59 0 0
robomaker 57 0 2
securityhub 56 0 12
events 56 0 1
kendra 55 5 0
dms 54 11 0
elasticloadbalancing 54 0 1
forecast 52 13 0
transfer 52 1 0
ecs 52 0 2
organizations 52 0 0
geo 52 0 0
dynamodb 51 6 12
elasticmapreduce 51 1 26
appsync 50 0 2
imagebuilder 50 0 0
kms 49 1 3
wafv2 48 0 2
sms-voice 48 0 0
license-manager 48 0 0
elasticbeanstalk 47 0 3
nimble 47 0 2
codedeploy 47 0 1
globalaccelerator 47 0 0
codebuild 45 0 8
appconfig 45 0 0
workspaces-web 44 0 0
datasync 44 0 0
databrew 44 0 0
lakeformation 42 3 1
logs 42 0 5
mediatailor 42 0 0
workdocs 41 0 11
transcribe 41 0 2
ecr 41 0 2
wellarchitected 40 0 0
sns 39 1 0
resiliencehub 39 0 0
mechanicalturk 39 0 0
codepipeline 39 0 0
iotevents 38 0 1
appmesh 38 0 1
profile 38 0 0
cloudwatch 38 0 0
sso 37 0 52
swf 37 0 12
fsx 37 0 4
athena 37 0 1
redshift-serverless 37 0 0
inspector 37 0 0
amplify 37 0 0
codeartifact 36 0 4
shield 36 0 0
ce 35 0 10
sms 35 0 2
memorydb 35 0 0
kafka 35 0 0
iotthingsgraph 35 0 0
eks 34 0 1
iotanalytics 34 0 0
mgn 33 0 34
panorama 33 0 31
worklink 33 0 1
gamesparks 33 0 1
glacier 33 0 0
cloudhsm 33 0 0
evidently 32 6 0
drs 32 0 41
kinesisvideo 32 0 3
route53-recovery-readiness 32 0 0
m2 32 0 0
wisdom 31 1 0
kinesisanalytics 31 0 1
schemas 31 0 0
network-firewall 31 0 0
devops-guru 31 0 0
amplifybackend 31 0 0
inspector2 30 2 0
elasticfilesystem 30 0 5
apprunner 30 0 1
route53domains 30 0 0
mediaconnect 30 0 0
lookoutmetrics 30 0 0
fms 30 0 0
billingconductor 30 0 0
dataexchange 29 0 2
ssm-incidents 29 0 0
kinesis 29 0 0
cloudtrail 29 0 0
cloudsearch 28 1 4
mediaconvert 28 0 0
machinelearning 28 0 0
ivs 28 0 0
access-analyzer 28 0 0
ssm-contacts 27 0 1
xray 27 0 0
applicationinsights 27 0 0
outposts 26 0 2
servicediscovery 26 0 0
rolesanywhere 26 0 0
mediastore 26 0 0
iottwinmaker 26 0 0
iot1click 26 0 0
comprehendmedical 25 1 0
discovery 25 0 1
snowball 25 0 0
ram 25 0 0
groundstation 25 0 0
detective 24 0 5
refactor-spaces 24 0 0
batch 24 0 0
timestream 23 1 3
lookoutequipment 23 1 0
route53-recovery-control-config 23 0 1
states 23 0 0
managedblockchain 23 0 0
ecr-public 23 0 0
cognito-identity 23 0 0
codeguru-profiler 23 0 0
acm-pca 23 0 0
appflow 22 0 6
lookoutvision 22 0 3
secretsmanager 22 0 0
mq 22 0 0
connect-campaigns 22 0 0
private-networks 21 4 0
aps 21 0 16
qldb 21 0 13
dax 21 0 9
voiceid 21 0 2
synthetics 21 0 0
migrationhub-strategy 20 0 6
mgh 20 0 0
datapipeline 19 0 2
servicequotas 19 0 0
opsworks-cm 19 0 0
mediapackage 19 0 0
codestar 18 0 4
backup-gateway 18 0 2
compute-optimizer 18 0 0
sqs 17 3 0
cognito-sync 17 0 2
signer 17 0 0
mediapackage-vod 17 0 0
elastictranscoder 17 0 0
fis 16 0 3
resource-groups 16 0 1
grafana 16 0 0
honeycode 15 0 15
app-integrations 15 0 4
emr-containers 15 0 0
acm 15 0 0
translate 14 1 0
support 14 0 8
codeguru-reviewer 14 0 3
amplifyuibuilder 14 0 3
serverlessrepo 14 0 1
iotdeviceadvisor 14 0 0
emr-serverless 14 0 0
cloud9 13 0 16
healthlake 13 0 7
snow-device-management 13 0 0
health 13 0 0
codestar-notifications 13 0 0
braket 13 0 0
codestar-connections 12 0 9
kafkaconnect 12 0 0
ivschat 12 0 0
firehose 12 0 0
aws-marketplace 11 0 31
airflow 11 0 0
textract 10 0 0
sdb 10 0 0
rum 10 0 0
redshift-data 10 0 0
license-manager-user-subscriptions 10 0 0
application-autoscaling 10 0 0
savingsplans 9 0 0
polly 9 0 0
budgets 8 15 2
iot 8 3 245
mobilehub 8 1 15
finspace 8 0 7
sts 8 0 3
tag 8 0 0
rbin 8 0 0
iotfleethub 8 0 0
dlm 8 0 0
elastic-inference 6 0 1
rds-data 6 0 0
pi 6 0 0
importexport 6 0 0
ebs 6 0 0
autoscaling-plans 6 0 0
application-cost-profiler 6 0 0
account 5 0 3
s3-outposts 4 0 29
route53-recovery-cluster 4 0 0
identitystore 4 0 0
cur 4 0 0
pricing 3 0 0
cassandra 2 11 7
workmailmessageflow 2 0 0
marketplacecommerceanalytics 2 0 0
ec2-instance-connect 2 0 0
mobileanalytics 1 0 2
execute-api 0 248 3
apigateway 0 152 9
finspace-api 0 31 0
backup-storage 0 9 1
supportapp 0 9 0
cloudcontrolapi 0 8 0
IoTSecuredTunneling 0 8 0
macie 0 7 0
awsssoportal 0 4 0
awsssooidc 0 3 0
sqlworkbench 0 0 64
sso-directory 0 0 52
deepracer 0 0 50
iotroborunner 0 0 49
iotfleetwise 0 0 43
appmesh-preview 0 0 36
neptune-db 0 0 31
migrationhub-orchestrator 0 0 31
trustedadvisor 0 0 29
controltower 0 0 29
cases 0 0 27
s3-object-lambda 0 0 26
deeplens 0 0 24
kafka-cluster 0 0 19
vendor-insights 0 0 18
deepcomposer 0 0 18
chatbot 0 0 17
bugbust 0 0 17
dbqms 0 0 13
monitron 0 0 12
identity-sync 0 0 12
freertos 0 0 11
elemental-activations 0 0 10
cloudshell 0 0 9
launchwizard 0 0 8
activate 0 0 8
sagemaker-groundtruth-synthetic 0 0 7
elemental-appliances-software 0 0 7
aws-portal 0 0 7
ec2messages 0 0 6
iot-device-tester 0 0 5
groundtruthlabeling 0 0 5
elemental-support-cases 0 0 5
aws-marketplace-management 0 0 5
ssmmessages 0 0 4
iotjobsdata 0 0 4
codedeploy-commands-secure 0 0 4
artifact 0 0 4
tiros 0 0 3
ssm-guiconnect 0 0 3
resource-explorer 0 0 3
awsconnector 0 0 3
tax 0 0 2
sumerian 0 0 2
purchase-orders 0 0 2
wam 0 0 1
sustainability 0 0 1
serviceextract 0 0 1
rhelkb 0 0 1
rds-db 0 0 1
mediaimport 0 0 1
iq-permission 0 0 1
iq 0 0 1
elemental-support-content 0 0 1
codeguru 0 0 1
arsenal 0 0 1

Most common action prefixes:

Prefix Count
List 2050
Get 1805
Delete 1557
Describe 1525
Create 1455
Update 1200
Put 371
Start 259
Tag 208
Untag 206

Metadata

279
Stars
26
Forks
Watchers

Owner

verified publisher icon glassechidna

Metadata

A project to collate IAM actions, AWS APIs and managed policies from various public sources.

Back