Generate IAM actions list from AWS Access Advisor reports.
Project description
Overview
Generate IAM actions list from AWS Access Advisor reports.
Prerequisites
Python >= 3.6
aws-authenticator (https://pypi.org/project/aws-authenticator/) >= 2022.10.1.0
Required Arguments
AWS entity ARN (role, user, etc. to use for report generation)
AWS authentication method (profile, iam, or sso)
Conditional Arguments
If authenticating with named profiles:
AWSCLI profile name
If authenticating with IAM acccess key credentials:
AWS access key id
AWS secret access key
If authenticating with SSO:
AWS account ID
AWS SSO Permission Set (role) name
AWS SSO login URL
Usage
Installation:
pip3 install aws-access-advisor
# or
python3 -m pip install aws-access-advisor
In Python3 authenticating with named profiles:
import aws_access_advisor as access
report = access.get_report(
"<entity_arn>",
"profile",
profile_name="<profile_name>",
)
print(
f'Job status: {report["JobStatus"]} after {report["processing_time"]} second(s).'
)
print("\n".join(access.parse(report)))
In Python3 authenticating with IAM access key credentials:
import aws_access_advisor as access
report = access.get_report(
"<entity_arn>",
"iam"
access_key_id="<access_key_id>",
secret_access_key="<secret_access_key>",
)
print(
f'Job status: {report["JobStatus"]} after {report["processing_time"]} second(s).'
)
print("\n".join(access.parse(report)))
In Python3 authenticating with SSO:
import aws_access_advisor as access
report = access.get_report(
"<entity_arn>",
"sso"
sso_url="<sso_url>",
sso_role_name="<sso_role_name>",
sso_account_id="<sso_account_id>",
)
print(
f'Job status: {report["JobStatus"]} after {report["processing_time"]} second(s).'
)
print("\n".join(access.parse(report)))
In BASH authenticating with named profiles:
python [/path/to/module/]aws_access_advisor \
-e <entity_arn> \
-m profile \
-p <profile_name>
In BASH authenticating with IAM access key credentials:
python [/path/to/module/]aws_access_advisor \
-e <entity_arn> \
-m iam \
-k <access_key_id> \
-s <secret_access_key>
In BASH authenticating with SSO:
python [/path/to/module/]aws_access_advisor \
-e <entity_arn> \
-m sso \
-a <sso_account_id> \
-r <sso_role_name> \
-u <sso_url>
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws_access_advisor-2022.10.2.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 9f0d42a594b950b98178b1d4bbf166de765383c707ccc7f4518ec3b3a4e70ec2 |
|
MD5 | 68111c9c880f9cf26974f7fbcbd8a725 |
|
BLAKE2b-256 | 0335c0106b1204b7fd590c1615d40138843549f3b24840a135c4e217815ec26f |
Hashes for aws_access_advisor-2022.10.2.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 38751192c465f0b36a5dd5391378f2f70b7bdf38c9b0f62a00b04a37a7e625e8 |
|
MD5 | fd64170b3cf0fb707284fe44f1f7d600 |
|
BLAKE2b-256 | 38c943b1cac5796f0d4cc0182dc58f778e65af69668d92927e97bad742e1a0cc |