Skip to main content

Minify IAM actions using wildcards to save up as many characters as possible without granting unintended permissions

Project description

IAM Policies minifier

Optimize long AWS IAM policies by strategically using wildcards, reducing the number of characters, and maintaining the intended scope of permissions.

Background

When crafting long and complex AWS IAM customer-managed policies, the 6,144 character limit imposed by AWS can become a problem. While one approach to address this limitation is to split a long policy into multiple customer-managed policies, this may not always be the ideal solution. In such scenarios, it's possible to reduce the length of a policy by strategically using wildcards where possible.

The iam-minify-er traverses through a list of IAM actions defined in a policy, identifies optimal locations for wildcards, and effectively reduces the character count while maintaining the intended permission scope.

Instalation

python -m pip install iam-minify

Usage & features

  • iam-minify example-policy.json

The script will traverse though all policy statemends defined in the policy document, and optimise IAM actions within the same statement. It processes different policy statements in isolation in order to not grant unintended access to resources.

Limitations

  • Actions in the supplied IAM policy documents can contain wildcards only at the end of the string. Wildcards anywhere else than at the end of the string are currently not supported. E.g., s3:Get* will work while s3:*Object will throw an error.

Example

Consider the following IAM policy:

// ./example-policy.json

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListAccessPoints",
        "s3:ListAccessPointsForObjectLambda",
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:ListBucketVersions",
        "s3:ListJobs",
        "s3:ListMultipartUploadParts",
        "s3:ListMultiRegionAccessPoints"
        "s3:ListStorageLensConfigurations",
      ],
      "Resource": "*"
    }
  ]
}

Executing iam-minify example-policy.json will output the following result:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListAccessP*",
        "s3:ListAl*",
        "s3:ListB*",
        "s3:ListJ*",
        "s3:ListM*",
        "s3:ListStorageLensC*"
      ],
      "Resource": "*"
    }
  ]
}

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iam-minify-0.0.4.tar.gz (7.2 kB view details)

Uploaded Source

Built Distribution

iam_minify-0.0.4-py3-none-any.whl (8.1 kB view details)

Uploaded Python 3

File details

Details for the file iam-minify-0.0.4.tar.gz.

File metadata

  • Download URL: iam-minify-0.0.4.tar.gz
  • Upload date:
  • Size: 7.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.0.0 CPython/3.12.2

File hashes

Hashes for iam-minify-0.0.4.tar.gz
Algorithm Hash digest
SHA256 d383fc98fa6274575f8f52dec8647bb5a9ed4183c53c72898136edb1d51cc457
MD5 4948cd3c93c682947f1a8dc7d5316f1a
BLAKE2b-256 29ebd9feecc3f5528ba34312e8ba9fde3afb60e49379d0ff0626554f499099cb

See more details on using hashes here.

File details

Details for the file iam_minify-0.0.4-py3-none-any.whl.

File metadata

  • Download URL: iam_minify-0.0.4-py3-none-any.whl
  • Upload date:
  • Size: 8.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.0.0 CPython/3.12.2

File hashes

Hashes for iam_minify-0.0.4-py3-none-any.whl
Algorithm Hash digest
SHA256 3c5e320735394b249ae22e7ed71c454336031b484aab53f1b28a8b8b0909a9cf
MD5 b5ec55c505bb02891d0baff850fd6248
BLAKE2b-256 b90f7fc2c9d13e7f3d145cc165a7f33bcac8cc02b19dfc4b2e1f4b02a1663045

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page