Dump all OCI IAM policy statements. Helps track down policies that grant you unexpected and unwanted access.

dump_all_iam_statements.sh

#!/bin/sh

set -x

# Get all OCI IAM policy statements.
# Run as an Admin.

OUTPUT_FILE=all_iam_statements_$(date +'%Y-%m-%d').txt
rm -f $OUTPUT_FILE

# Root compartment.
TENANCY=$(oci iam compartment list --all | jq -rc '.data[] | ."compartment-id"' | head -1)
oci iam policy list --compartment-id $TENANCY >> $OUTPUT_FILE

# Everything else.
ALL_COMPARTMENTS=$(oci iam compartment list --all | jq -rc '.data[] | .id')
for COMPARTMENT in $ALL_COMPARTMENTS; do
    oci iam policy list --compartment-id $COMPARTMENT >> $OUTPUT_FILE
done