Generate IAM actions list from AWS Access Advisor reports.
Project description
Overview
Generate IAM actions list from AWS Access Advisor reports.
Prerequisites
Python >= 3.6
aws_ssooidc >= 2021.1.1.1 (installed as a dependency)
boto3 >= 1.17.78 (installed as a dependency)
Required Arguments
AWS account ID
AWS entity ARN (role, user, etc. to use for report generation)
AWS SSO Permission Set name for login purposes
AWS SSO login URL
Usage
Installation:
pip3 install aws_access_advisor
# or
python3 -m pip install aws_access_advisor
In Python3:
import <file_name_without_.py>
auth = <file_name_without_.py>.login("<account_id>", "<sso_url>", "<admin_role_name>")
report = <file_nafile_name_without_.pyme>.get_report(
"<entity_role_arn>",
auth["roleCredentials"]["accessKeyId"],
auth["roleCredentials"]["secretAccessKey"],
auth["roleCredentials"]["sessionToken"]
)
print(
f'Job status: {report["JobStatus"]} after {report["processing_time"]} second(s).'
)
for obj in report["ServicesLastAccessed"]:
if "LastAuthenticatedEntity" in obj:
try:
for obj_in in obj["TrackedActionsLastAccessed"]:
if "LastAccessedEntity" in obj_in:
print(f'"{obj["ServiceNamespace"]}:{obj_in["ActionName"]}",')
except Exception as e:
print(f'"{obj["ServiceNamespace"]}:*",')
In BASH:
python <file_name_with_.py> \
-a <account_id> \
-e <entity_role_arn> \
-r <admin_role_name> \ # [OPTIONAL]
-u <sso_url> \ # [OPTIONAL]
> <output_path>
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for aws_access_advisor-2022.10.1.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | e76ecbcac710a940396d110a6d8f3f23ce8844677ecf1032bba05d0fe31efc54 |
|
MD5 | 588f0f4557ad727786d3c7ce590b4646 |
|
BLAKE2b-256 | 3e290fd5872c9762354c265842b26d7d05811447c1a422c196d1ca4698d40a33 |
Close
Hashes for aws_access_advisor-2022.10.1.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 543316c47adbeda0c16245a1a13e4b07f8de8365085c357bbf9ac94816eaa83c |
|
MD5 | e674725c891641d61bbebaceba2a9fe8 |
|
BLAKE2b-256 | cf51679111ec49ac2824da78fa0e5a47b62e11e2b5944f2185280c56969bf63e |