probator_auditor_iam

class probator_auditor_iam.IAMAuditor

Bases: probator.plugins.BaseAuditor

Validate and apply IAM policies for AWS Accounts

run()

Iterate through all AWS accounts and apply roles and policies from Github

Returns:None

get_policies_from_git()

Retrieve policies from the Git repo. Returns a dictionary containing all the roles and policies

Returns:dict Return type:dict of str

static get_policies_from_aws(client, scope='Local')

Returns a list of all the policies currently applied to an AWS Account. Returns a list containing all the policies for the specified scope

Parameters:

• client (boto3.session.Session) – A boto3 Session object
• scope (str) – The policy scope to use. Default: Local

Returns:

list of dict

static get_roles(client)

Returns a list of all the roles for an account. Returns a list containing all the roles for the account.

Parameters:client (boto3.session.Session) – A boto3 Session object Returns:list of dict

create_policy(account, client, document, name, arn=None)

Create a new IAM policy.

If the policy already exists, a new version will be added and if needed the oldest policy version not in use will be removed. Returns a dictionary containing the policy or version information

Parameters:

• account (Account) – Account to create the policy on
• client (boto3.client) – A boto3 client object
• document (str) – Policy document
• name (str) – Name of the policy to create / update
• arn (str) – Optional ARN for the policy to update

Returns:

dict