Comments (4)
@mrudrara - The "services" and "actions" in the triage worksheet could be better termed as "services affected" and "actions affected". So, a given IAM policy could have permissions across three services, but let's say that the policy leverages resource constraints for all actions except for s3:GetObject
. In this case, the policy would have 1
under services, and 1
under actions.
Does that make sense?
And by all means, feel free to ask basic questions if needed. This is a new tool and chances are that if you're asking the question, others may be asking themselves the same thing. Glad you are enjoying it; happy to help.
from cloudsplaining.
Thank you, in my environment. I have multiple entries of the same Policy
Allow-Invoke-Lambdas,role,Customer,3,16,
Allow-Invoke-Lambdas,role,Customer,5,98,
Allow-Invoke-Lambdas,role,Customer,3,4,
Allow-Invoke-Lambdas,role,Customer,3,4,
Allow-Invoke-Lambdas,role,Customer,3,16,
Allow-Invoke-Lambdas,role,Customer,5,98,
Allow-Invoke-Lambdas,role,Customer,3,4,
Allow-Invoke-Lambdas,role,Customer,3,4,
Essentially these are inline policies (having the same name) attached to various roles but with different Services and Actions.
wondering why it is categorized as a role?
from cloudsplaining.
I faced the same issue the other day, so I hear you. We used "role" to describe "Inline Role Policy" because listing "Inline Role Policy", "Inline Group Policy", "Inline User Policy" for every inline policy seemed a bit repetitive - but looking back, it seems like it would have been necessary to keep things clear.
I'm looking into some refactoring strategies for the Inline policies issue. Let me get back to you with some more details about what we're planning or considering in the refactored state - should have those details in the next week.
from cloudsplaining.
Perfect! Thank you.
It would be beneficial, especially inline policies though "named" are not searchable from the console.
wondering if I can propose an extra column to the role/group/user the inline policy is attached
from cloudsplaining.
Related Issues (20)
- Provide option to flag all risky actions, regardless of resource constraints or conditions
- Multi-Account Scan Strips Leading Zeros From Account ID HOT 3
- Migrate from Vue 2 -> Vue 3 and upgrade dependencies HOT 4
- Not able to run the tool HOT 2
- It would be nice to have an inclusion specifying version of scanning
- Unable to scan multiple accounts HOT 1
- Add new read actions to detection list
- Incorrect Link in Docs
- Infrastructure Modification check ignores conditions set on policy HOT 6
- is this solution runnable within a lambda HOT 1
- (InvalidClientTokenId) when calling the GetAccountAuthorizationDetails operation HOT 5
- Unable to identify "Policy leveraged by Compute Service Role" HOT 1
- Rightsizing the broad IAM policies Automatically
- Unhandled exception when running multi-account scan HOT 3
- Cannot build due to pyyaml-6.0 errors
- problem with installation from brew
- TypeError: list indices must be integers or slices, not str (Windows 10) HOT 5
- Security Risk Assessment HOT 1
- ARN Not found HOT 2
- Automatically publish container to Docker Hub via GitHub Actions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cloudsplaining.