aws-resource-based-policy-collector icon indicating copy to clipboard operation
aws-resource-based-policy-collector copied to clipboard

Published 20 hours ago verified publisher icon willdady

Metadata

Utility for collecting resource-based policies from AWS

AWS resource-based policy collector

This library aims to collect resource-based policies from an AWS account.

NOTE: This library does not cover all AWS services which support resource-based policies and has not been rigurously tested! Refer to supported services below.

Install

yarn add aws-resource-based-policy-collector

or

npm install aws-resource-based-policy-collector

Usage

Your environment must be configured with valid AWS credentials. See Setting credentials in Node.js. Your credentials must be authorised to perform read-only actions within your account.


import { collect } from 'aws-resource-based-policy-collector';

const main = async () => {
  const result = await collect();
  // ... Do something with result
};

main();

The collect function returns an array of objects per-service where each service object contains an array of resource objects. Each resource object contains a type and id to uniquly identify the resource.

Each resource contains a JSON encoded policy. Only resources with policies are included.

[
  {
    serviceName: 's3',
    resources: [
      {
        type: 'AWS::S3::Bucket',
        id: 'my-bucket',
        policy: '', // JSON encoded string
      }
    ]
  },
  ...
]

If an error is encounted when processing a service the error object is emitted into the optional error field.

[
  {
    serviceName: 's3',
    resources: [],
    error: '' // JSON encoded string
  },
  ...
]

Supported services

This library currently collects resource-based policies for AWS services listed below.

This list of services is taken from the tables found at AWS services that work with IAM, specifically those services with a Yes or Partial in the Resource-based policies column.

  • [x] Lambda
  • [x] Serverless Application Repository
  • [x] ECR
  • [x] AWS Backup
  • [x] EFS
  • [x] S3 Glacier
  • [x] S3
  • [ ] S3 on AWS Outposts
  • [ ] Cloud9
  • [x] CodeArtifact
  • [x] CodeBuild
  • [x] IAM
  • [x] SecretsManager
  • [ ] ACM Private Certificate Authority
  • [x] KMS
  • [ ] Lex v2
  • [x] CloudWatch Logs
  • [ ] Systems Manager Incident Manager
  • [ ] Systems Manager Incident Manager Contacts
  • [x] API Gateway
  • [x] VPC (endpoints)
  • [x] Elemental MediaStore
  • [x] OpenSearch
  • [ ] Glue
  • [x] EventBridge
  • [x] EventBridge Schemas
  • [x] SNS
  • [x] SQS
  • [ ] IoT
  • [ ] SES v2

Metadata

22
Stars
0
Forks
Watchers

Owner

verified publisher icon willdady

Metadata

Utility for collecting resource-based policies from AWS

Back