This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
cp policy_sentry/shared/data/aws.sqlite3 ~/.policy_sentry/db-old.sqlite3 | |
policy_sentry initialize --fetch | |
cp ~/.policy_sentry/aws.sqlite3 ~/.policy_sentry/db-new.sqlite3 | |
sqlite3 -header -csv ~/.policy_sentry/db-old.sqlite3 "select service, name, description, access_level, resource_type_name, resource_type_name_append_wildcard, resource_arn_format, condition_keys, dependent_actions from actiontable;" > actiontable-old.csv | |
sqlite3 -header -csv ~/.policy_sentry/db-old.sqlite3 "select resource_type_name, raw_arn, arn, partition, service, region, account, resource, resource_path, condition_keys from arntable;" > arntable-old.csv | |
sqlite3 -header -csv ~/.policy_sentry/db-old.sqlite3 "select service, condition_key_name, condition_key_service, description, condition_value_type from conditiontable;" > conditiontable-old.csv |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "A4bTaggingDevice", | |
"Effect": "Allow", | |
"Action": [ | |
"a4b:tagresource", | |
"a4b:untagresource" | |
], |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "A4bTaggingDevice", | |
"Effect": "Allow", | |
"Action": [ | |
"a4b:t*", | |
"a4b:un*" | |
], |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mode: crud | |
read: | |
- 'arn:aws:ssm:us-east-1:123456789012:parameter/myparameter' | |
write: | |
- 'arn:aws:ssm:us-east-1:123456789012:parameter/myparameter' | |
list: | |
- 'arn:aws:ssm:us-east-1:123456789012:parameter/myparameter' | |
tagging: | |
- 'arn:aws:secretsmanager:us-east-1:123456789012:secret:mysecret' | |
permissions-management: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mode: crud | |
name: '' | |
# Specify resource ARNs | |
read: | |
- '' | |
write: | |
- '' | |
list: | |
- '' | |
tagging: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "SsmReadParameter", | |
"Effect": "Allow", | |
"Action": [ | |
"ssm:GetParameter", | |
"ssm:GetParameterHistory", | |
"ssm:GetParameters", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"s3:GetObject" | |
], | |
"Resource": "arn:aws:s3:::my-bucket/*" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "Ec2WriteSecuritygroup", | |
"Effect": "Allow", | |
"Action": [ | |
"ec2:AuthorizeSecurityGroupEngress", | |
"ec2:AuthorizeSecurityGroupIngress" | |
], |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"s3:GetObject" | |
], | |
"Resource": "*" | |
} |