Skip to main content

No project description provided

Project description

IAM SARIF Report

Code style: black

Validate your IAM Policies and SCPs with AWS Policy Validator, and convert those results into SARIF documents for reporting.

Use Me

To generate findings, iam-sarif-report makes AWS API requests. The AWS Principal you use must be allowed to use the access-analyzer:ValidatePolicy command.

{
  "Effect": "Allow",
  "Action": "access-analyzer:ValidatePolicy",
  "Resource": "*"
}

GitHub Action

See the action.yaml for detailed usage information.

on: [push]
jobs:
  example:
    permissions:
      security-events: write
      actions: read
      contents: read
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      # setup aws access
      - uses: aws-actions/configure-aws-credentials@v3
        with:
          role-to-assume: arn:aws:iam::111111111111:role/my-github-actions-role-test
          aws-region: eu-west-1
      # validate some policies, and get some SARIF back
      # the action creates .sarif file for each policy in the policies directory
      - uses: georgealton/iam-sarif-report@v1
        with:
          policies: policies/
          results: results
      # upload sarif files
      - uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: results

Locally

pipx run iam-sarif-report tests/data/policy_checks/policies/arn-region-not-allowed.json

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iam-sarif-report-1.0.0.tar.gz (53.9 kB view hashes)

Uploaded Source

Built Distribution

iam_sarif_report-1.0.0-py3-none-any.whl (34.4 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page