Last active
September 16, 2022 03:46
-
-
Save crashGoBoom/add82aaf8e4e3505fd2b8cd6341c705d to your computer and use it in GitHub Desktop.
Use AWS IAM Policy Simulator with the CLI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The action we want to test | |
| _action="s3:GetObject" | |
| # The JSON you want to convert to a string | |
| _json_to_convert='{ "Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "*","Resource": "*"}]}' | |
| # Your resource arn goes here | |
| _resource_arn="arn:aws:s3:::${_some_s3_bucket}/${_some_prefix}/*" | |
| # This command will format the json policy as a string for the cli to use | |
| # echo ${_json_to_convert} | jq '[.|tostring]' | |
| # But we will send it to a fifo with '<()' instead of creating a json file every time | |
| aws iam simulate-custom-policy \ | |
| --policy-input-list \ | |
| file://<(echo ${_json_to_convert} | jq '[.|tostring]') \ | |
| --action-names "${_action}" \ | |
| --resource-arns "${_resource_arn}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment