iam

package
v1.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Overview

Package policy provides a custom function to unmarshal AWS policies.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckAgeAccessKeyLessThan90Days

func CheckAgeAccessKeyLessThan90Days(checkConfig commons.CheckConfig, accessKeysForUsers []AccessKeysForUser, testName string)

func CheckIf2FAActivated

func CheckIf2FAActivated(checkConfig commons.CheckConfig, mfaForUsers []MFAForUser, testName string)

func CheckIfRoleCanElevateRights

func CheckIfRoleCanElevateRights(checkConfig commons.CheckConfig, roleToPoliciesElevated []RoleToPoliciesElevate, testName string)

func CheckIfUserCanElevateRights

func CheckIfUserCanElevateRights(checkConfig commons.CheckConfig, userToPolociesElevated []UserToPoliciesElevate, testName string)

func CheckIfUserLastPasswordUse120Days

func CheckIfUserLastPasswordUse120Days(checkConfig commons.CheckConfig, users []types.User, testName string)

func CheckNoConsolePasswordForNonHumanUser added in v1.9.0

func CheckNoConsolePasswordForNonHumanUser(checkConfig commons.CheckConfig, users []types.User, testName string)

func CheckPasswordPolicy added in v1.9.0

func CheckPasswordPolicy(checkConfig commons.CheckConfig, passwordPolicy types.PasswordPolicy, testName string)

func CheckPolicyForAllowInRequiredPermission

func CheckPolicyForAllowInRequiredPermission(policies []Policy, requiredPermission [][]string) [][]string

func GetAllPolicyForRole

func GetAllPolicyForRole(wg *sync.WaitGroup, queueCheck chan RolePolicies, s aws.Config, role types.Role)

func GetAllPolicyForUser

func GetAllPolicyForUser(wg *sync.WaitGroup, queueCheck chan UserPolicies, s aws.Config, user types.User)

func GetAllPolicyVersions

func GetAllPolicyVersions(s aws.Config, policyArn *string) []types.PolicyVersion

func GetAllRoles

func GetAllRoles(s aws.Config) []types.Role

func GetAllUsers

func GetAllUsers(s aws.Config) []types.User

func GetPasswordPolicy added in v1.9.0

func GetPasswordPolicy(s aws.Config) types.PasswordPolicy

func GetPolicyAttachedToRole

func GetPolicyAttachedToRole(s aws.Config, role types.Role) []types.AttachedPolicy

func GetPolicyAttachedToUser

func GetPolicyAttachedToUser(s aws.Config, user types.User) []types.AttachedPolicy

func GetPolicyDocument

func GetPolicyDocument(wg *sync.WaitGroup, queue chan *string, s aws.Config, policyArn *string)

func RunChecks

func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check)

func SortPolicyVersions

func SortPolicyVersions(policyVersions []types.PolicyVersion)

Types

type AccessKeysForUser

type AccessKeysForUser struct {
	UserName   string
	AccessKeys []types.AccessKeyMetadata
}

func GetAccessKeysForUsers

func GetAccessKeysForUsers(s aws.Config, u []types.User) []AccessKeysForUser

type MFAForUser

type MFAForUser struct {
	UserName string
	MFAs     []types.MFADevice
}

func GetMfaForUsers

func GetMfaForUsers(s aws.Config, u []types.User) []MFAForUser

type Policy

type Policy struct {
	Version    string      `json:"Version"`
	ID         string      `json:"ID,omitempty"`
	Statements []Statement `json:"Statement"`
}

Policy represents an AWS IAM policy document

func JsonDecodePolicyDocument

func JsonDecodePolicyDocument(policyDocumentJson *string) Policy

func (*Policy) UnmarshalJSON

func (policyJSON *Policy) UnmarshalJSON(policy []byte) error

UnmarshalJSON decodifies input JSON info to awsPolicy type

type RolePolicies

type RolePolicies struct {
	RoleName string
	Policies []Policy
}

func GetRolePolicies

func GetRolePolicies(roles []types.Role, s aws.Config) []RolePolicies

type RoleToPoliciesElevate

type RoleToPoliciesElevate struct {
	RoleName string
	Policies [][]string
}

func GetRoleToPoliciesElevate

func GetRoleToPoliciesElevate(rolePolicies []RolePolicies) []RoleToPoliciesElevate

type Statement

type Statement struct {
	StatementID  string              `json:"StatementID,omitempty"`  // Statement ID, service specific
	Effect       string              `json:"Effect"`                 // Allow or Deny
	Principal    map[string][]string `json:"Principal,omitempty"`    // principal that is allowed or denied
	NotPrincipal map[string][]string `json:"NotPrincipal,omitempty"` // exception to a list of principals
	Action       []string            `json:"Action"`                 // allowed or denied action
	NotAction    []string            `json:"NotAction,omitempty"`    // matches everything except
	Resource     []string            `json:"Resource,omitempty"`     // object or objects that the statement covers
	NotResource  []string            `json:"NotResource,omitempty"`  // matches everything except
	Condition    []string            `json:"Condition,omitempty"`    // conditions for when a policy is in effect
}

Statement represents the body of an AWS IAM policy document

func (*Statement) Parse

func (statementJSON *Statement) Parse(statement map[string]interface{})

Parse decodifies input JSON info into Statement type

type UserPolicies

type UserPolicies struct {
	UserName string
	Policies []Policy
}

func GetUserPolicies

func GetUserPolicies(users []types.User, s aws.Config) []UserPolicies

type UserToPoliciesElevate

type UserToPoliciesElevate struct {
	UserName string
	Policies [][]string
}

func GetUserToPoliciesElevate

func GetUserToPoliciesElevate(userPolicies []UserPolicies) []UserToPoliciesElevate

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL