Adds ability to
find_admins to look for arbitrary privileges. For example, to find users and roles that can list what S3 buckets exist in an account or list the contents of S3 buckets use:
python cloudmapper.py find_admins --account test --privs s3:ListAllMyBuckets,s3:ListBucket
Also adds a json output flag
--json. This is not too useful now, one day I'd like to include extra info, such as which of the actions have been granted and what policies granted it.
Also adds a flag
--include_restricted to include principals that have one of the privileges, but with a resource other than
* or a condition set. The default is not to show principals with these restrictions. IAM policies are complicated so both techniques potentially have false positives based on your interests. For example, if
iam:* is only allowed when MFA is enabled, an IAM user with this policy would not show up by default, but would if
--include_restricted was passed.