This is a simple AWS IAM Analysis utility to gather enitre useful information from a AWS account.
The below command uses the default
AWS credentials configured in your system and saves the entire output in JSON format output.json
. To perform this analysis you need AWS SecurityAudit
policy permissions, which has read-only privileges to your AWS resources.
python app.py
the aws-iam-analyzer requires boto3 to run, just install it by typing:
pip install -r requirements.txt
{
"AccountAliases": [
"madhuakula-account"
],
"AccountAuthorizationDetails": {
"GroupDetailList": [
{
"Arn": "arn:aws:iam::123456789012:group/madhuakula",
"AttachedManagedPolicies": [
{
"PolicyArn": "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess",
"PolicyName": "AmazonAPIGatewayInvokeFullAccess"
},
{
"PolicyArn": "arn:aws:iam::aws:policy/AmazonAthenaFullAccess",
"PolicyName": "AmazonAthenaFullAccess"
},
access_key
and secret_access_key
and region
AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
, AWS_DEFAULT_REGION
~/.aws/config
and ~/.aws/credentials