Is there a tool that tells you which IAM actions to allow if you give it an API operation?

This page summarizes the projects mentioned and recommended in the original post on /r/aws
aws-cloudtrail AWS aws-cloudformation Iam Heuristic

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • trailscraper

    A command-line tool to get valuable information out of AWS CloudTrail

    • I’ve used this project in the past to pull out policy information https://github.com/flosell/trailscraper (it’s a CLI, FYI)

  • parliament

    AWS IAM linting library

    • I've been literally tweeting at aws for a long time now for a tool like this lol, haven't found anything. but you can play around with Parliament

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • cloudtracker

    CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.

    • There are a few tools around that do this. There is another to show you what permissions a role or user has used in the last x time period. https://github.com/duo-labs/cloudtracker

  • actionhero

    • This should help! it'll work with anything that uses the SDK under the covers (cli,terraform,sam,etc) https://github.com/princespaghetti/actionhero

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • TrailScraper

    1 project | /r/devopspro | 24 Oct 2022

  • How to get the exact IAM services/roles needed to run a command

    2 projects | /r/aws | 2 Apr 2021

  • flosell/trailscraper - a command-line tool to get valuable information out of AWS CloudTrail

    1 project | /r/bag_o_news | 15 Mar 2021

  • TrailScraper: A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies

    1 project | /r/blueteamsec | 14 Mar 2021

  • Trailscraper can scrape your Cloudtrail logs and generate IAM Policies from the resources and verbs used by your users or roles

    1 project | /r/sre | 24 Feb 2021