如何列出执行 Terraform 应用所需的所有 AWS IAM 操作?
[英]How do I list all AWS IAM actions required to perform a Terraform apply?
问题描述
I have about 30 terraform files which have Infra code for aws.
我有大约 30 个 terraform 文件,其中包含用于 aws 的 Infra 代码。 AWS resource action operations are required to terraform apply in this files. AWS 资源操作操作需要 terraform 在此文件中应用。
I want to find all EC2 operations used in these files like "DescribeInstances", "TerminateInstance"...etc.我想找到这些文件中使用的所有 EC2 操作,例如“DescribeInstances”、“TerminateInstance”...等。 similarly for other aws resources.对于其他 AWS 资源也是如此。
The idea here is to granularize the policy in AWS by finding all AWS resource used in this file and action performed.这里的想法是通过查找此文件中使用的所有 AWS 资源和执行的操作来细化 AWS 中的策略。
How do I list all AWS IAM actions required to perform a Terraform apply?如何列出执行 Terraform 应用所需的所有 AWS IAM 操作?
1 个解决方案
解决方案1
0 2020-05-03 16:20:21
I am assuming you need a tool that determines the least IAM privileges required for your AWS Provider for Terraform.我假设您需要一个工具来确定您的 AWS 提供商 Terraform 所需的最低 IAM 权限。
This tool looks suitable: https://github.com/scottwinkler/terraform-policymaker这个工具看起来很合适: https://github.com/scottwinkler/terraform-policymaker
To run it you need to:要运行它,您需要:
build it:
构建它:go buildexecute it with a path to the folder where you run terraform apply:
使用运行 terraform 的文件夹的路径执行它:./terraform-policymaker -path=/path/to/where/you/terraform/apply/
It should output a list of all IAM actions required to execute your plan.它应该 output 列出执行您的计划所需的所有 IAM 操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.