A tool to automatically generate IAM permissions from CloudFormation templates

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mrlikrsh from gravatar.com mrlikrsh

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Author: S Murali Krishnan
  • Tags aws , cloudformation , iam , permissions
  • Requires: Python >=3.9
Classifiers
Report project as malware

Project description

CloudFormation Permissions Generator (cfn-perm)

A tool to automatically generate IAM permissions from CloudFormation templates.

Overview

This tool analyzes CloudFormation templates to identify all resource types used, then queries the CloudFormation registry to determine the required IAM permissions for each resource type. It can generate IAM policy documents or create IAM roles with the appropriate permissions.

Features

  • Parse CloudFormation templates in JSON or YAML format
  • Extract resource types and determine required permissions
  • Generate IAM policy documents with appropriate permissions
  • Create IAM roles with the generated permissions
  • Option to allow or deny delete permissions
  • Support for permissions boundaries

Prerequisites

Installation

Using pip:

pip install cfn-perm

From source:

git clone https://github.com/yourusername/cfn-perm.git
cd cfn-perm
pip install -r requirements.txt

Usage

python source/app.py <template_file> [options]
# or using shorthand options
python source/app.py -t <template_file> [options]

Arguments

  • template_file or -t, --template-file: Path to the CloudFormation template file (JSON or YAML)

Options

  • -d, --allow-delete: Allow delete permissions instead of denying them
  • -c, --create-role: Create an IAM role with the generated permissions (default: True)
  • -r, --role-name: Name for the IAM role (if not specified, uses 'cfn-perm-<random_hash>')
  • -p, --permissions-boundary: ARN of the permissions boundary to attach to the role

Examples

Generate a policy document from a template:

python source/app.py path/to/template.yaml
# or
python source/app.py -t path/to/template.yaml

Create an IAM role with delete permissions denied (default behavior):

python source/app.py path/to/template.yaml

Create an IAM role with delete permissions allowed:

python source/app.py path/to/template.yaml -d

Create an IAM role with a custom name:

python source/app.py path/to/template.yaml -r MyCustomRole

Create an IAM role with a permissions boundary:

python source/app.py path/to/template.yaml -p arn:aws:iam::123456789012:policy/boundary

How It Works

  1. The tool parses the CloudFormation template to extract all resource types
  2. For each resource type, it queries the CloudFormation registry to get the required permissions
  3. It categorizes permissions into "update" (create/update/read) and "delete-specific" permissions
  4. It generates a policy document with appropriate Allow and Deny statements
  5. It saves the policy document to a file with a unique name
  6. If requested (default), it creates an IAM role with the generated policy

License

This project is licensed under the MIT License - see the LICENSE file for details.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for mrlikrsh from gravatar.com mrlikrsh

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • Author: S Murali Krishnan
  • Tags aws , cloudformation , iam , permissions
  • Requires: Python >=3.9
Classifiers

Release history Release notifications | RSS feed

This version

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cfn_perm-0.1.3.tar.gz (5.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cfn_perm-0.1.3-py3-none-any.whl (6.0 kB view details)

Uploaded Python 3

File details

Details for the file cfn_perm-0.1.3.tar.gz.

File metadata

  • Download URL: cfn_perm-0.1.3.tar.gz
  • Upload date:
  • Size: 5.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.2

File hashes

Hashes for cfn_perm-0.1.3.tar.gz
Algorithm Hash digest
SHA256 f45b667939d3d53f6f628d1d077957eaf243088d4ca92d13fff26e4853abf733
MD5 29bd834d3cf6d2eb2d675107d2a61078
BLAKE2b-256 abd65ef8b7dafd3a838bc137fa0280f183c8f2a05b171da3576e68a48c73636e

See more details on using hashes here.

File details

Details for the file cfn_perm-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: cfn_perm-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 6.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.2

File hashes

Hashes for cfn_perm-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 fdbeea5d2e8d1161e70266906593e2d3b293b17080e672bd76af92313d407bc7
MD5 79c7e05184897ad6a9bacc8e66d99895
BLAKE2b-256 077c8e5456785593c1772176072a5d459432d3715979991bc8b6560835cf2d40

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page