Rupert rupertbg
kylev
/ aws-op-list.rb
Last active
March 17, 2021 02:51
A script to print all the operations in each AWS service endpoint. Useful for crafting well-formed IAM permissions.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # List all the (known) operations on each AWS service API. This is | |
| # incredibly useful for building well-restricted IAM access | |
| # rules. With this list you can quickly see what "s3:Get*" matches, or | |
| # just glance through and look for something that might be missing and | |
| # breaking your app. | |
| # I can't believe I had to write this myself. I'm pretty sure there | |
| # are a lot of people out there with near-god-mode permission on IAM |