|
|
|
|
|
|
by kmcquade
2444 days ago
|
|
|
It does, but some disclaimers:
1. The generated policies have Resources set to all, not to a specific resource ARN
2. It downloads all of the CloudTrail logs. This takes a while. Cloudtracker (https://github.com/duo-labs/cloudtracker) uses Amazon Athena, which is more efficient. In the future, I'd like to see a combined approach between all three of these tools to generate IAM policies based on Cloudtrail logs.
3. It is accurate to the point where there is a 1-to-1 mapping with the IAM actions vs CloudTrail logs. As I mentioned in other comments, since not every IAM Action is logged in CloudTrail and not every CloudTrail action matches IAM Actions, the results are not always accurate. With that being said, it is a wicked tool and you should try it out. |
|
|