policy_sentry
policy_sentry copied to clipboard
salesforce
IAM Least Privilege Policy Generator
Hi there, Probably a Dummy question. I've made an `actions` policy and it produced a policy, similar to the following: ``` ... { "Sid": "Ec2WriteSubnet", "Effect": "Allow", "Action": [ "ec2:CreateNetworkInterface"...
If I specify an s3 object path under `write` and then specify `s3:PutObject` under `skip-resource-constraints`, then I get an IndexError. Example template: ```yaml mode: crud write: - 'arn:aws:s3:::mybucket*/*' skip-resource-constraints: -...
I have a question and i need a suggestion on that please. If i'm providing this policy-sentry tool as a product, in a way that the end users will see...
API output schema should be consistent but that's not the case for query/actions `query action-table --service s3 --name GetObject` returns a dictionary: ``` {"s3": [{"action": "s3:GetObject", "description": "Grants permission to...
Based on Amazon docs there are 30 Global Condition Context Keys. It would be great if we had a direct way to query those. https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html aws:CalledVia aws:CalledViaFirst aws:CalledViaLast aws:CurrentTime aws:EpochTime...
Missing `cloudfront:CreateInvalidation` https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_CreateInvalidation.html ``` $ policy_sentry query action-table --service cloudfront --resource-type "*" --fmt yaml IAM actions under cloudfront service that have the resource type *: - cloudfront:CreateKeyGroup - cloudfront:CreateMonitoringSubscription -...
When I try to write-policy (`policy_sentry write-policy --input-file actions.yml -m`)using the attached file (renamed extension to .txt instead of .yml) [actions.txt](https://github.com/salesforce/policy_sentry/files/13447333/actions.txt), I get the following error: ``` Traceback (most recent...
## Problem I was having issues finding the service name for amazon health events (`health`) and privateca (`acm-pca`) and it would be nice to do query a service-table that could...
This is an automated PR created because AWS IAM definitions have changed.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 6.0.3 to 6.0.5. Release notes Sourced from peter-evans/create-pull-request's releases. Create Pull Request v6.0.5 ⚙️ Fixes an issue with proxy support for users that run self-hosted behind a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}