{ "info": { "author": "Sam Keen", "author_email": "sam.sjk@gmail.com", "bugtrack_url": null, "classifiers": [], "description": "# policy-tools\n\n[![CircleCI](https://circleci.com/gh/samkeen/policy-tools.svg?style=svg)](https://circleci.com/gh/samkeen/policy-tools)\n\n[![codecov](https://codecov.io/gh/samkeen/policy-tools/branch/master/graph/badge.svg)](https://codecov.io/gh/samkeen/policy-tools)\n\n[![Requirements Status](https://requires.io/github/samkeen/policy-tools/requirements.svg?branch=master)](https://requires.io/github/samkeen/policy-tools/requirements/?branch=master)\n\n## Summary\n\nThis is a utility of helper tools for working with AWS IAM Policies.\n\nCurrently it programmatically determine the effect of an AWS Organizations \n[Service Control Policy](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html) \non a given user policy.\n\n```python\nresult = scp.effect_on(user_policy)\nprint result.denied_actions\n```\n\n## Usage\n\nCreate your \"All IAM actions\" set\n```python \n# policies-gen.json.js is the content of https://awspolicygen.s3.amazonaws.com/js/policies.js\nwith open('policies-gen.json.js') as file_stream:\n all_actions_source_data = file_stream.read()\n```\nCreate your ActionExpander utility. It simply expands *glob* statements (e.g. `s3:*`) into the full matched set of IAM actions.\n```python \npolicy_actions_expander = ActionExpander(PolicyGenActionsMasterList(all_actions_source_data))\n```\nCreate the user policy and the service control policy\n```python\nuser_policy = Policy(\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"AllowSts\",\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n \"Action\": [\n \"sqs:*\"\n ]\n },\n {\n \"Sid\": \"AllowEfs\",\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n \"Action\": [\n \"elastictranscoder:*\"\n ]\n }\n ]\n }\"\"\", action_expander)\n\n scp = ServiceControlPolicy(\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"AllowS3Read\",\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n \"Action\": [\n \"sqs:Get*\",\n \"sqs:List*\"\n ]\n },\n {\n \"Sid\": \"AllowElasticTranscoderRead\",\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n \"Action\": [\n \"elastictranscoder:Read*\",\n \"elastictranscoder:List*\"\n ]\n }\n ]\n }\"\"\", action_expander) \n```\nDetermine the effect of the SCP on the user policy\n```python\nresult = scp.effect_on(user_policy)\nprint result.denied_actions\n\n{ 'sqs:SetQueueAttributes',\n 'sqs:PurgeQueue',\n 'sqs:DeleteMessageBatch',\n 'sqs:ReceiveMessage',\n 'sqs:RemovePermission',\n 'sqs:ChangeMessageVisibilityBatch',\n 'sqs:SendMessageBatch',\n 'sqs:CreateQueue',\n 'sqs:TagQueue',\n 'sqs:AddPermission',\n 'sqs:UntagQueue',\n 'sqs:SendMessage',\n 'sqs:DeleteMessage',\n 'sqs:ChangeMessageVisibility',\n 'sqs:DeleteQueue',\n 'elastictranscoder:TestRole',\n 'elastictranscoder:CreatePipeline',\n 'elastictranscoder:DeletePipeline',\n 'elastictranscoder:UpdatePipelineNotifications',\n 'elastictranscoder:DeletePreset',\n 'elastictranscoder:CancelJob',\n 'elastictranscoder:CreateJob',\n 'elastictranscoder:UpdatePipelineStatus',\n 'elastictranscoder:CreatePreset',\n 'elastictranscoder:UpdatePipeline'\n }\n\n```\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/samkeen/policy-tools", "keywords": "", "license": "Apache License, Version 2.0", "maintainer": "", "maintainer_email": "", "name": "PolicyTools", "package_url": "https://pypi.org/project/PolicyTools/", "platform": "", "project_url": "https://pypi.org/project/PolicyTools/", "project_urls": { "Homepage": "https://github.com/samkeen/policy-tools" }, "release_url": "https://pypi.org/project/PolicyTools/0.1.0/", "requires_dist": null, "requires_python": "", "summary": "", "version": "0.1.0" }, "last_serial": 5298482, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "345cd75b65272017620814de9f04470f", "sha256": "077a9d2d10e59098ec3821a9c714c1fb1f0a3bc42fa0e915259302982d206b9b" }, "downloads": -1, "filename": "PolicyTools-0.1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "345cd75b65272017620814de9f04470f", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 20230, "upload_time": "2019-05-21T15:36:37", "url": "https://files.pythonhosted.org/packages/3b/bf/7359bab8fe33c73d2265a4b07ed548a4b0ec18be9acd4ebf455e8718fb0a/PolicyTools-0.1.0-py3-none-any.whl" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "345cd75b65272017620814de9f04470f", "sha256": "077a9d2d10e59098ec3821a9c714c1fb1f0a3bc42fa0e915259302982d206b9b" }, "downloads": -1, "filename": "PolicyTools-0.1.0-py3-none-any.whl", "has_sig": false, "md5_digest": "345cd75b65272017620814de9f04470f", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 20230, "upload_time": "2019-05-21T15:36:37", "url": "https://files.pythonhosted.org/packages/3b/bf/7359bab8fe33c73d2265a4b07ed548a4b0ec18be9acd4ebf455e8718fb0a/PolicyTools-0.1.0-py3-none-any.whl" } ] }