README
¶
aws-iam-policy-sim
A simple IAM Policy Simulator CLI
Installation
$ go install github.com/utgwkk/aws-iam-policy-sim@latest
Usage
First, prepare JSON like below (NOTE: you can use IAM policy document JSON directly!)
{
"Statement": [
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectTagging",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::example-bucket/*"
]
},
{
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example-bucket"
}
]
}
Then, execute aws-iam-policy-sim.
$ aws-iam-policy-sim --role-name example-role < path/to/statement.json
2024-12-03 08:22:00 INF Allowed level=INFO msg=Allowed action=s3:PutObject resource=arn:aws:s3:::example-bucket/*
2024-12-03 08:22:00 INF Allowed level=INFO msg=Allowed action=s3:GetObject resource=arn:aws:s3:::example-bucket/*
2024-12-03 08:22:00 INF Allowed level=INFO msg=Allowed action=s3:GetObjectTagging resource=arn:aws:s3:::example-bucket/*
2024-12-03 08:22:00 INF Allowed level=INFO msg=Allowed action=s3:DeleteObject resource=arn:aws:s3:::example-bucket/*
2024-12-03 08:22:00 INF Allowed level=INFO msg=Allowed action=s3:ListBucket resource=arn:aws:s3:::example-bucket
If your IAM role lacks some permission, aws-iam-policy-sim reports an error.
$ aws-iam-policy-sim --role-name example-role < path/to/statement.json
2024-12-03 08:22:00 INF Allowed action=s3:PutObject resource=arn:aws:s3:::example-bucket/*
2024-12-03 08:22:00 INF Allowed action=s3:GetObject resource=arn:aws:s3:::example-bucket/*
2024-12-03 08:22:00 INF Allowed action=s3:GetObjectTagging resource=arn:aws:s3:::example-bucket/*
2024-12-03 08:22:00 INF Allowed action=s3:DeleteObject resource=arn:aws:s3:::example-bucket/*
2024-12-03 08:22:00 ERR Implicit deny action=s3:ListBucket resource=arn:aws:s3:::example-bucket
Limitations
aws-iam-policy-simonly supports a simulation for IAM Roles. Simulations for IAM Users or Groups are not supported now.
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.