stackoom
  简体   繁体   中英

How to list all actions IAM role can perform on S3 bucket

 原文  2020-10-20 15:50:12       amazon-web-services/ amazon-s3/ boto3/ amazon-iam

Question

Given an IAM role and an S3 bucket, how can I extract a list of all the actions that IAM role is allowed to perform on that S3 bucket? Preferably using boto3.

Between S3 bucket policies denying roles that don't look like a certain string, cross account restrictions, differing allowed actions in the IAM policy and the S3 bucket policy, differing resolution of those disparities depending on same account/cross account status, and checking if this resource with a wildcard asterisk matches the resource in question, writing a parser for these policies is becoming a daunting task. Is there a simpler way?

I have a very large list of IAM roles and S3 buckets, so any kind of manual comparison would be too time consuming. Boto3 preferred, but not required.

1 answers

solution1
 1 ACCPTED  2020-10-20 19:31:43

IAM policy simulator is a handy tool to test complex policies and permissions. You will find it useful.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to lockdown S3 bucket to specific users and IAM role(s) How to restrict Upload to an S3 bucket for everyone except an IAM Role S3 Bucket Policy and IAM Role Conflicting S3 bucket policy to deny all except a particular AWS service role and IAM role Can't access S3 bucket using IAM Role from an EC2 instance Can I use existing AWS IAM role to create S3 bucket via Cloudformation template? S3 bucket policy IAM role showing up as API key CloudFormation, S3 bucket access to cross-acccount IAM role Accessing S3 bucket from a script using IAM Role How to call s3 bucket from ECS container via aws sdk (java) by using IAM role
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM