iam-results-default.json is missing policies despite an empty exclusions file about cloudsplaining HOT 7 CLOSED

Hey @kmcquade , thanks for the suggestion!
I did upgrade to 0.1.3 and while the upgrade did not help directly, tweaking the policy statement did.
I am still playing around with those parameters, so don't want to jump to any conclusions yet, but does a policy not get listed if the resource in the policy statement does not exist?
I just wrote a random non-existent resource name on my first run (when the policy was not listed), but when I changed it to "*", the policy showed up just fine in the "Customer Policies" tab.

I'll report if I find anything interesting along the way!

from cloudsplaining.

Hey @arshpunia! Have you tried it on a more recent version of Cloudsplaining? Version 0.1.0 fixed some issues with the exclusions mechanism. Most current version is 0.1.3.

The download command is the same, so just try installing the latest version and running it on your authz file. Let me know if that helps.

from cloudsplaining.

Mind joining the Gitter? https://gitter.im/cloudsplaining/community. I'd love to pick your brain as you're learning :)

I am still playing around with those parameters, so don't want to jump to any conclusions yet, but does a policy not get listed if the resource in the policy statement does not exist?

It doesn't look up resource ARNs to see if they exist in the AWS account.

when I changed it to "*", the policy showed up just fine in the "Customer Policies" tab.

That's by design. It only shows up in the "Customer Policies" tab or the "AWS Policies" tab if there's a security finding - PrivEsc, Infra modification, Resource Exposure, or Data Exfiltration. If there isn't, and the policy is not flagged as having a security issue, then it won't show up in those tabs at all.

Regarding the "Customer Policies" tab

Do you think I should change the names of those tabs? I thought about naming it "Customer Policy Findings" or "AWS Policy Findings" to make the purpose of those tabs clear, but that would make the navbar take up multiple lines, which would look cluttered.

I could just modify the text at the beginning of those tabs. Currently it's "The following table shows a list of Customer created IAM Policies that are currently used in the account - both Managed Policies and Inline Policies. If the policy is an inline policy, the table indicates the IAM Principal that the inline policy is associated with." I can revise that so it's clear that it only shows up in that tab if it's flagged as a finding. What do you think about that?

from cloudsplaining.

That's by design. It only shows up in the "Customer Policies" tab or the "AWS Policies" tab if there's a security finding - PrivEsc, Infra modification, Resource Exposure, or Data Exfiltration. If there isn't, and the policy is not flagged as having a security issue, then it won't show up in those tabs at all.

That makes sense. I'm sorry if I missed out on that part while reading up on the documentation.

Regarding the "Customer Policies" tab
I think that the tab-names are fairly self-explanatory, and the IAM Principals table also gives "pointers" on where to find details on a policy by classifying it as Customer Managed/AWS Managed/Customer Inline and so on.

I can revise that so it's clear that it only shows up in that tab if it's flagged as a finding. What do you think about that?

I think that's a great idea. It would help to just add that final line to both "AWS Policies" and "Customer Policies" tab for some added clarity.

And sure, I'll join the Gitter! :)
Thanks so much for all your help on this!

from cloudsplaining.

I'm sorry if I missed out on that part while reading up on the documentation.

No worries at all. If you are experiencing that, then I’m sure other users are as well, so I am glad to make changes so that is highlighted properly.

I think that's a great idea. It would help to just add that final line to both "AWS Policies" and "Customer Policies" tab for some added clarity.

Sweet. I’ll go ahead and do that.

from cloudsplaining.

Bingo! Thank you so much.
I'd be happy to contribute if you have any suggestions.
I've joined the gitter and if all's good, can we close the issue?

from cloudsplaining.

Sure thing! I’ll add the text we agreed on after the weekend before 0.1.4 release

from cloudsplaining.