Created
December 23, 2021 18:01
-
-
Save cartershanklin/f8e2cf281c3d9918da3a46b3a1816299 to your computer and use it in GitHub Desktop.
Dump all OCI IAM policy statements. Helps track down policies that grant you unexpected and unwanted access.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -x | |
# Get all OCI IAM policy statements. | |
# Run as an Admin. | |
OUTPUT_FILE=all_iam_statements_$(date +'%Y-%m-%d').txt | |
rm -f $OUTPUT_FILE | |
# Root compartment. | |
TENANCY=$(oci iam compartment list --all | jq -rc '.data[] | ."compartment-id"' | head -1) | |
oci iam policy list --compartment-id $TENANCY >> $OUTPUT_FILE | |
# Everything else. | |
ALL_COMPARTMENTS=$(oci iam compartment list --all | jq -rc '.data[] | .id') | |
for COMPARTMENT in $ALL_COMPARTMENTS; do | |
oci iam policy list --compartment-id $COMPARTMENT >> $OUTPUT_FILE | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment