prowler-cloud
feat(aws-simulator): add initial implementation for AWS simulation fe…
Context
This PR introduces an AWS Simulator feature to Prowler. The goal is to allow users to simulate AWS IAM permissions natively without building custom logic to evaluate JSON policies attached to IAM roles. Handling custom policies, inline policies, AWS-managed policies, and wildcard actions (e.g., S3:List* or S3:ListBu*) can be complex and error-prone. This feature helps developers and security teams create robust solutions for developing custom Prowler checks for IAM.
Description
Added a new module under prowler/providers/aws/lib to simulate AWS services for testing Prowler checks. Supports all AWS IAM simulation features. No external dependencies beyond existing Prowler requirements. Fixes: N/A (new feature, not a bug fix).
Steps to review
Checkout the branch: git fetch origin feature/aws-simulator-integration git checkout feature/aws-simulator-integration
Usage
In your custom check:
from prowler.providers.aws.lib.simulate_policy.simulate_policy_client import get_iam_simulator_client iam_sim = get_iam_simulator_client() policy_data = iam_sim.get_role_policy_data(role_name=role_name) iam_sim.is_action_allowed_simulate_custom_policy( policy_data=policy_data, action_names=[action], resource_arns=["*"] )
Checklist
New checks included? No (feature only). Permissions update needed? No.
License
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
✅ Conflict Markers Resolved
All conflict markers have been successfully resolved in this pull request.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hello @bota4go! Thanks for this contribution 👏 We'll review it and get back to you.
Hello @bota4go! Thanks for this contribution 👏 We'll review it and get back to you.
thanks, mate.