Skip to content

Instantly share code, notes, and snippets.

@sbz

sbz/aws-policies.md

Last active July 24, 2024 16:50
Show Gist options
  • Save sbz/6a890f30fd61691d33e4869ba603ec99 to your computer and use it in GitHub Desktop.
Save sbz/6a890f30fd61691d33e4869ba603ec99 to your computer and use it in GitHub Desktop.
Download ZIP
List all existing AWS policies with services and actions
Raw
aws-policies.md 
% curl \
  -s 'https://awspolicygen.s3.amazonaws.com/js/policies.js' \
  | sed 's#app.PolicyEditorConfig=##' \
  | jq -r '.serviceMap[]|.StringPrefix as $prefix|.Actions[] | "\($prefix):\(.)"' \
  | sort -u
a2c:GetContainerizationJobDetails
a2c:GetDeploymentJobDetails
a2c:StartContainerizationJob
a2c:StartDeploymentJob
...
xray:TagResource
xray:UntagResource
xray:UpdateGroup
xray:UpdateSamplingRule
% cat aws-policies.sh
#!/bin/bash

regex=' '

[[ ! -z $1 ]] && {
    regex="$1"
}

curl \
  -s 'https://awspolicygen.s3.amazonaws.com/js/policies.js' \
  | sed 's#app.PolicyEditorConfig=##' \
  | jq -r '.serviceMap[]|.StringPrefix as $prefix|.Actions[] | "\($prefix):\(.)"' \
  | sort -u \
  | grep -E "$regex"
@sbz
Copy link
Author

sbz commented Jul 24, 2024
edited
Loading

  • Listing for AsumeRole action
$ ./aws-policies.sh '.*AssumeRole.*'
eks-auth:AssumeRoleForPodIdentity                                                                                                                         
iam:UpdateAssumeRolePolicy                                                                                                                                
sts:AssumeRole                                                                                                                                            
sts:AssumeRoleWithSAML                                                                                                                                    
sts:AssumeRoleWithWebIdentity
  • List every actions of sts service
$ ./aws-policies.sh ^sts                                                                                                                                    
sts:AssumeRole                                                                                                                                            
sts:AssumeRoleWithSAML                                                                                                                                    
sts:AssumeRoleWithWebIdentity                                                                                                                             
sts:DecodeAuthorizationMessage                                                                                                                            
sts:GetAccessKeyInfo                                                                                                                                      
sts:GetCallerIdentity                                                                                                                                     
sts:GetFederationToken                                                                                                                                    
sts:GetServiceBearerToken                                                                                                                                 
sts:GetSessionToken                                                                                                                                       
sts:SetContext                                                                                                                                            
sts:SetSourceIdentity                                                                                                                                     
sts:TagSession
  • Count every ec2:Describe actions
$ ./aws-policies.sh '^ec2:Describe' | wc -l
153

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment