Generate IAM actions list from AWS Access Advisor reports.
Project description
Overview
Generate IAM actions list from AWS Access Advisor reports.
Prerequisites
Python >= 3.6
aws-authenticator (https://pypi.org/project/aws-authenticator/) >= 2022.10.1.0
Required Arguments
AWS entity ARN (role, user, etc. to use for report generation)
AWS authentication method (profile, iam, or sso)
Conditional Arguments
If authenticating with named profiles:
AWSCLI profile name
If authenticating with IAM acccess key credentials:
AWS access key id
AWS secret access key
If authenticating with SSO:
AWS account ID
AWS SSO Permission Set (role) name
AWS SSO login URL
Usage
Installation:
pip3 install aws-access-advisor
# or
python3 -m pip install aws-access-advisorIn Python3 authenticating with named profiles:
import aws_access_advisor as access
report = access.get_report(
"<entity_arn>",
"profile",
profile_name="<profile_name>",
)
print(
f'Job status: {report["JobStatus"]} after {report["processing_time"]} second(s).'
)
print("\n".join(access.parse(report)))In Python3 authenticating with IAM access key credentials:
import aws_access_advisor as access
report = access.get_report(
"<entity_arn>",
"iam"
access_key_id="<access_key_id>",
secret_access_key="<secret_access_key>",
)
print(
f'Job status: {report["JobStatus"]} after {report["processing_time"]} second(s).'
)
print("\n".join(access.parse(report)))In Python3 authenticating with SSO:
import aws_access_advisor as access
report = access.get_report(
"<entity_arn>",
"sso"
sso_url="<sso_url>",
sso_role_name="<sso_role_name>",
sso_account_id="<sso_account_id>",
)
print(
f'Job status: {report["JobStatus"]} after {report["processing_time"]} second(s).'
)
print("\n".join(access.parse(report)))In BASH authenticating with named profiles:
python [/path/to/]aws_access_advisor \
-e <entity_arn> \
-m profile \
-p <profile_name>In BASH authenticating with IAM access key credentials:
python [/path/to/]aws_access_advisor \
-e <entity_arn> \
-m iam \
-k <access_key_id> \
-s <secret_access_key>In BASH authenticating with SSO:
python [/path/to/]aws_access_advisor \
-e <entity_arn> \
-m sso \
-a <sso_account_id> \
-r <sso_role_name> \
-u <sso_url>Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file aws_access_advisor-2024.1.0.0.tar.gz.
File metadata
- Download URL: aws_access_advisor-2024.1.0.0.tar.gz
- Upload date:
- Size: 2.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.10.12 Linux/5.4.109+
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 076593c5e118ec22cbd13cc752d1371f96b35e826e31d106891913393b57baa1 |
|
| MD5 | 3cc52b1db08842466313c791928ea9a1 |
|
| BLAKE2b-256 | 357285b986441d275d602acffd6ec1e776a7ceedfa89cb5ec992b96d044835ee |
File details
Details for the file aws_access_advisor-2024.1.0.0-py3-none-any.whl.
File metadata
- Download URL: aws_access_advisor-2024.1.0.0-py3-none-any.whl
- Upload date:
- Size: 3.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.7.1 CPython/3.10.12 Linux/5.4.109+
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 364f69697d238cc8b043c9b156954b115b915c3c030fc4784ba20adcc400536a |
|
| MD5 | 7f393688cdbb5e55c213354d6ea28803 |
|
| BLAKE2b-256 | 014613cea50385220c2bda937bf6489b905eda13e1e661af2cc606a77876607a |
