No project description provided
Project description
IAM SARIF Report
Validate your IAM Policies and SCPs for best practice, and convert those results into SARIF documents for reporting.
Use Me
To generate findings, we've got to make API requests to AWS. The AWS Principal you use must be allowed to use the access-analyzer service ValidatePolicy action.
{
"Effect": "Allow",
"Action": "access-analyzer:ValidatePolicy",
"Resource": "*"
}
GitHub Action
See the action.yaml for detailed usage information.
on: [push]
jobs:
example:
runs-on: ubuntu-latest
steps:
# checkout your code
- uses: actions/checkout@v3
# setup aws access
- uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam::111111111111:role/my-github-actions-role-test
aws-region: eu-west-1
# validate some policies!
- uses: georgealton/iam-sarif-report@v1
with:
policies: policies/
results: results
# upload results
- uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results
Locally
pipx run iam-sarif-report tests/data/policy_checks/policies/arn-region-not-allowed.json
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
iam-sarif-report-0.1.0.tar.gz
(53.6 kB
view hashes)
Built Distribution
Close
Hashes for iam_sarif_report-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5ca7eb45d37994bfd9e7a5d341c8fa1d49344db10f5d770e6011e7209d75d72d |
|
MD5 | 4e5cfc91c726a5d83e2c6b8a3094fb2b |
|
BLAKE2b-256 | 902c0438312ca6c3d66a46e333dbfe9eb0edfa28c8fbfe39cd43f3484f8740f8 |