-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Generate IAM Policy with all required Actions (#740)
* feat: generate iam policy per example * feat: add final policy generator script * chore: clean code - workflow env, one liner syntax * chore: bucket name as global env * fix: place policy per gh ref * fix: revert bb18d5
- Loading branch information
Showing
2 changed files
with
95 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
import json | ||
import boto3 | ||
import os | ||
|
||
iam_actions = [] | ||
s3 = boto3.resource('s3') | ||
bucket_name = os.getenv('BUCKET_NAME') | ||
bucket = s3.Bucket(bucket_name) | ||
bucket_files = [x.key for x in bucket.objects.all()] | ||
|
||
# Read all the files from the bucket | ||
for file in bucket_files: | ||
obj = s3.Object(bucket_name, file) | ||
f = obj.get()['Body'].read() | ||
data = json.loads(f) | ||
# Merge all policies actions, keep them unique with 'set' | ||
for statement in data['Statement']: | ||
iam_actions = list(set(iam_actions + statement['Action'])) | ||
|
||
# Skeleton IAM policy template , wild card all resources for now. | ||
template = { | ||
"Version": "2012-10-17", | ||
"Statement": [ | ||
{ | ||
"Effect": "Allow", | ||
"Action": [ | ||
], | ||
"Resource": "*" | ||
} | ||
] | ||
} | ||
|
||
# Apply merged actions to the skeleton IAM policy | ||
template['Statement'][0]['Action'] = sorted(iam_actions) | ||
print(json.dumps(template, indent=4)) |