Documentation
¶
Overview ¶
Package iam contains functions that interact with the AWS IAM service along with the data structures necessary to integrate this data cleanly.
Index ¶
- func EnrichRoleWithPolicies(ctx context.Context, cfg aws.Config, role *types.Role) (RoleResource, []PolicyResource, error)
- func GetAllRoles(ctx context.Context, client *iam.Client) ([]types.Role, error)
- func GetInlinePoliciesForRole(ctx context.Context, cfg aws.Config, roleName string) ([]*iam.GetRolePolicyOutput, error)
- func GetRoleDetails(ctx context.Context, cfg aws.Config, roleName string) (*types.Role, error)
- type AWSResourceReport
- type AWSResources
- type DecodedPolicyVersion
- type DecodedRole
- type InlinePolicy
- type PolicyReport
- type PolicyResource
- type RoleResource
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EnrichRoleWithPolicies ¶
func EnrichRoleWithPolicies(ctx context.Context, cfg aws.Config, role *types.Role) (RoleResource, []PolicyResource, error)
EnrichRoleWithPolicies retrieves the attached and inline policies for a given IAM role. It returns a RoleResource struct that contains the role, any attached policies, and any inline policies. It also returns a slice of PolicyResource structs that contain the attached policies for the role.
func GetAllRoles ¶
GetAllRoles retrieves all Roles that are available to the caller.
func GetInlinePoliciesForRole ¶
func GetInlinePoliciesForRole(ctx context.Context, cfg aws.Config, roleName string) ([]*iam.GetRolePolicyOutput, error)
GetInlinePoliciesForRole captures any policies that have been inlined within a given IAM role. It returns a slice of the AWS GetRolePolicyOutput struct. If the client is unable to list policies for the role, it will return an error.
Types ¶
type AWSResourceReport ¶ added in v0.0.4
type AWSResourceReport struct {
AccountID string `json:"account_id" yaml:"account_id"`
Resources AWSResources `json:"resources" yaml:"resources"`
Errors []string `json:"errors" yaml:"errors"`
}
AWSResourceReport is a struct that contains The Resources and Errors.. This struct is used to represent the output of the `methodaws iam role` subcommand, easing data integration and providing a more holistic view of all of the IAM roles and policies that are available to the current AWS account.
func EnumerateIamRoles ¶
EnumerateIamRoles retrieves all IAM roles available to the caller. It returns a AWSResourceReport struct that contains all roles, attached or inline policies, and any non-fatal errors that occurred during the execution of the function.
type AWSResources ¶ added in v0.0.4
type AWSResources struct {
Roles []RoleResource `json:"roles" yaml:"roles"`
Policies PolicyReport `json:"policy_report" yaml:"policy_report"`
}
AWSResources is a struct that contains a slice of RoleResource structs and a PolicyReport. This struct is used to represent the output of the `methodaws iam` subcommand, easing data integration and providing a more holistic view of all of the IAM roles and policies that are available to the current AWS account.
type DecodedPolicyVersion ¶
type DecodedPolicyVersion struct {
CreateDate *time.Time `json:"create_date" yaml:"create_date"`
// The policy document, decoded from its AWS provided URL encoding to a stringified JSON object
Document *string `json:"document" yaml:"document"`
IsDefaultVersion bool `json:"is_default_version" yaml:"is_default_version"`
VersionID *string `json:"version_id" yaml:"version_id"`
}
DecodedPolicyVersion is a struct that contains the decoded policy version details. This struct provides us with a mechanism to decode the policy document from its AWS provided URL encoding to a stringified JSON object.
type DecodedRole ¶
type DecodedRole struct {
Role types.Role `json:"role" yaml:"role"`
DecodedAssumeRolePolicyDocument *string `json:"decoded_assume_role_policy_document" yaml:"decoded_assume_role_policy_document"`
}
DecodedRole is a struct that contains the role details and the decoded assume role policy document. This struct is used to represent the role details of an IAM role in a more human-readable format.
type InlinePolicy ¶
type InlinePolicy struct {
PolicyName string `json:"policy_name" yaml:"policy_name"`
Policy string `json:"policy" yaml:"policy"`
}
InlinePolicy is a struct that contains the policy name and policy document. This struct is used to represent the inline policies that are attached to an IAM role.
type PolicyReport ¶
type PolicyReport struct {
Policies []PolicyResource `json:"policies" yaml:"policies"`
Errors []string `json:"errors" yaml:"errors"`
}
PolicyReport is a struct that contains a slice of PolicyResource structs and any errors that occurred during the collection of the policies. This struct is used to represent the output of the `methodaws iam policies` subcommand.
func GetAttachedPoliciesForRole ¶
GetAttachedPoliciesForRole captures any policies that have been attached to a given IAM role. It returns a PolicyReport struct that contains the attached policies and any non-fatal errors that occurred during the execution of the function.
type PolicyResource ¶
type PolicyResource struct {
Policy types.Policy `json:"policy" yaml:"policy"`
PolicyVersion DecodedPolicyVersion `json:"policy_version" yaml:"policy_version"`
}
PolicyResource is a struct that contains the policy and policy version details. This struct is used to represent the native AWS policy response alongside the decoded policy version.
type RoleResource ¶
type RoleResource struct {
Role DecodedRole `json:"role" yaml:"role"`
AttachedPoliciesArns []string `json:"attached_policies_arns" yaml:"attached_policies_arns"`
InlinePolicies []*InlinePolicy `json:"inline_policies" yaml:"inline_policies"`
}
RoleResource is a struct that contains the role details, attached policies, and inline policies for an IAM role. This struct is used to represent the output of the `methodaws iam role` subcommand, providing the most holistic information possible about all of the policies that a Role has available to it.
Source Files