This is a simple AWS IAM Analysis utility to gather enitre useful information from a AWS account.
The below command uses the default AWS credentials configured in your system and saves the entire output in JSON format output.json. To perform this analysis you need AWS SecurityAudit policy permissions, which has read-only privileges to your AWS resources.
python app.pythe aws-iam-analyzer requires boto3 to run, just install it by typing:
pip install -r requirements.txt- The output looks like below
{
"AccountAliases": [
"madhuakula-account"
],
"AccountAuthorizationDetails": {
"GroupDetailList": [
{
"Arn": "arn:aws:iam::123456789012:group/madhuakula",
"AttachedManagedPolicies": [
{
"PolicyArn": "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess",
"PolicyName": "AmazonAPIGatewayInvokeFullAccess"
},
{
"PolicyArn": "arn:aws:iam::aws:policy/AmazonAthenaFullAccess",
"PolicyName": "AmazonAthenaFullAccess"
},- Implement AWS credentials input/validation
- Check initially for arguments passed with AWS
access_keyandsecret_access_keyandregion - Else, see the OS environment variables available
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AWS_DEFAULT_REGION - Then finally check and use system aws configurations at
~/.aws/configand~/.aws/credentials
- Check initially for arguments passed with AWS
- Many ohter...