Documentation ¶
Overview ¶
Package policy provides a custom function to unmarshal AWS policies.
Index ¶
- func CheckAgeAccessKeyLessThan90Days(checkConfig commons.CheckConfig, accessKeysForUsers []AccessKeysForUser, ...)
- func CheckIf2FAActivated(checkConfig commons.CheckConfig, mfaForUsers []MFAForUser, testName string)
- func CheckIfRoleCanElevateRights(checkConfig commons.CheckConfig, ...)
- func CheckIfUserCanElevateRights(checkConfig commons.CheckConfig, ...)
- func CheckIfUserLastPasswordUse120Days(checkConfig commons.CheckConfig, users []types.User, testName string)
- func CheckNoConsolePasswordForNonHumanUser(checkConfig commons.CheckConfig, users []types.User, testName string)
- func CheckPasswordPolicy(checkConfig commons.CheckConfig, passwordPolicy types.PasswordPolicy, ...)
- func CheckPolicyForAllowInRequiredPermission(policies []Policy, requiredPermission [][]string) [][]string
- func GetAllPolicyForRole(wg *sync.WaitGroup, queueCheck chan RolePolicies, s aws.Config, ...)
- func GetAllPolicyForUser(wg *sync.WaitGroup, queueCheck chan UserPolicies, s aws.Config, ...)
- func GetAllPolicyVersions(s aws.Config, policyArn *string) []types.PolicyVersion
- func GetAllRoles(s aws.Config) []types.Role
- func GetAllUsers(s aws.Config) []types.User
- func GetPasswordPolicy(s aws.Config) types.PasswordPolicy
- func GetPolicyAttachedToRole(s aws.Config, role types.Role) []types.AttachedPolicy
- func GetPolicyAttachedToUser(s aws.Config, user types.User) []types.AttachedPolicy
- func GetPolicyDocument(wg *sync.WaitGroup, queue chan *string, s aws.Config, policyArn *string)
- func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, ...)
- func SortPolicyVersions(policyVersions []types.PolicyVersion)
- type AccessKeysForUser
- type MFAForUser
- type Policy
- type RolePolicies
- type RoleToPoliciesElevate
- type Statement
- type UserPolicies
- type UserToPoliciesElevate
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckAgeAccessKeyLessThan90Days ¶
func CheckAgeAccessKeyLessThan90Days(checkConfig commons.CheckConfig, accessKeysForUsers []AccessKeysForUser, testName string)
func CheckIf2FAActivated ¶
func CheckIf2FAActivated(checkConfig commons.CheckConfig, mfaForUsers []MFAForUser, testName string)
func CheckIfRoleCanElevateRights ¶
func CheckIfRoleCanElevateRights(checkConfig commons.CheckConfig, roleToPoliciesElevated []RoleToPoliciesElevate, testName string)
func CheckIfUserCanElevateRights ¶
func CheckIfUserCanElevateRights(checkConfig commons.CheckConfig, userToPolociesElevated []UserToPoliciesElevate, testName string)
func CheckIfUserLastPasswordUse120Days ¶
func CheckIfUserLastPasswordUse120Days(checkConfig commons.CheckConfig, users []types.User, testName string)
func CheckNoConsolePasswordForNonHumanUser ¶ added in v1.9.0
func CheckNoConsolePasswordForNonHumanUser(checkConfig commons.CheckConfig, users []types.User, testName string)
func CheckPasswordPolicy ¶ added in v1.9.0
func CheckPasswordPolicy(checkConfig commons.CheckConfig, passwordPolicy types.PasswordPolicy, testName string)
func GetAllPolicyForRole ¶
func GetAllPolicyForUser ¶
func GetAllPolicyVersions ¶
func GetAllPolicyVersions(s aws.Config, policyArn *string) []types.PolicyVersion
func GetPasswordPolicy ¶ added in v1.9.0
func GetPasswordPolicy(s aws.Config) types.PasswordPolicy
func GetPolicyAttachedToRole ¶
func GetPolicyAttachedToUser ¶
func GetPolicyDocument ¶
func SortPolicyVersions ¶
func SortPolicyVersions(policyVersions []types.PolicyVersion)
Types ¶
type AccessKeysForUser ¶
type AccessKeysForUser struct { UserName string AccessKeys []types.AccessKeyMetadata }
func GetAccessKeysForUsers ¶
func GetAccessKeysForUsers(s aws.Config, u []types.User) []AccessKeysForUser
type MFAForUser ¶
func GetMfaForUsers ¶
func GetMfaForUsers(s aws.Config, u []types.User) []MFAForUser
type Policy ¶
type Policy struct { Version string `json:"Version"` ID string `json:"ID,omitempty"` Statements []Statement `json:"Statement"` }
Policy represents an AWS IAM policy document
func (*Policy) UnmarshalJSON ¶
UnmarshalJSON decodifies input JSON info to awsPolicy type
type RolePolicies ¶
func GetRolePolicies ¶
func GetRolePolicies(roles []types.Role, s aws.Config) []RolePolicies
type RoleToPoliciesElevate ¶
func GetRoleToPoliciesElevate ¶
func GetRoleToPoliciesElevate(rolePolicies []RolePolicies) []RoleToPoliciesElevate
type Statement ¶
type Statement struct { StatementID string `json:"StatementID,omitempty"` // Statement ID, service specific Effect string `json:"Effect"` // Allow or Deny Principal map[string][]string `json:"Principal,omitempty"` // principal that is allowed or denied NotPrincipal map[string][]string `json:"NotPrincipal,omitempty"` // exception to a list of principals Action []string `json:"Action"` // allowed or denied action NotAction []string `json:"NotAction,omitempty"` // matches everything except Resource []string `json:"Resource,omitempty"` // object or objects that the statement covers NotResource []string `json:"NotResource,omitempty"` // matches everything except Condition []string `json:"Condition,omitempty"` // conditions for when a policy is in effect }
Statement represents the body of an AWS IAM policy document
type UserPolicies ¶
func GetUserPolicies ¶
func GetUserPolicies(users []types.User, s aws.Config) []UserPolicies
type UserToPoliciesElevate ¶
func GetUserToPoliciesElevate ¶
func GetUserToPoliciesElevate(userPolicies []UserPolicies) []UserToPoliciesElevate
Click to show internal directories.
Click to hide internal directories.