No project description provided
Project description
IAM SARIF Report
Validate your IAM Policies and SCPs with AWS Policy Validator, and convert those results into SARIF documents for reporting.
Use Me
To generate findings, iam-sarif-report makes AWS API requests. The AWS Principal you use must be allowed to use the access-analyzer:ValidatePolicy
command.
{
"Effect": "Allow",
"Action": "access-analyzer:ValidatePolicy",
"Resource": "*"
}
GitHub Action
See the action.yaml for detailed usage information.
on: [push]
jobs:
example:
permissions:
security-events: write
actions: read
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
# setup aws access
- uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: arn:aws:iam::111111111111:role/my-github-actions-role-test
aws-region: eu-west-1
# validate some policies, and get some SARIF back
# the action creates .sarif file for each policy in the policies directory
- uses: georgealton/iam-sarif-report@v1
with:
policies: policies/
results: results
# upload sarif files
- uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: results
Locally
pipx run iam-sarif-report tests/data/policy_checks/policies/arn-region-not-allowed.json
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
iam-sarif-report-1.0.0.tar.gz
(53.9 kB
view hashes)
Built Distribution
Close
Hashes for iam_sarif_report-1.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a194854a2b299fe7bda70c077a03604bccb44c91a438e362872682fa86de2f78 |
|
MD5 | c434575dc16a6314d0aabc149430e07d |
|
BLAKE2b-256 | 20618db15b74138a4ca2916ba6b7a0802053897318f597e24570f4ac7ad36b78 |