Skip to content
A project to collate IAM actions, AWS APIs and managed policies from various public sources.
Go
Branch: master
Clone or download
Aidan bot
Aidan bot New actions
Latest commit 95aef4b Jan 24, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/workflows Disable SNS for now Nov 25, 2019
docs
generator Merge remote-tracking branch 'upstream/master' into docs Nov 25, 2019
policies New actions Jan 24, 2020
services New actions Jan 24, 2020
.gitignore Implemented #11 - Parameters in URL Nov 21, 2019
CONTRIBUTING.md Add contrib Nov 25, 2019
README.md New actions Jan 24, 2020
go.mod Record managed policies too Oct 24, 2019
go.sum Record managed policies too Oct 24, 2019
main.go Publish changes to SNS (#1) Oct 24, 2019

README.md

AWS IAM Tracker

This project collects IAM actions, AWS APIs and managed policies from various public sources.

You can explore the data collected using the static site.

Collected data is published to the policies and services folders in this repo.

Thank you to alanakirby/aktion for originally having this idea and being gracious about me shamelessly ripping it off.

Stats

  • Unique services: 216
  • Unique actions: 7861
  • Managed policies: 629

Most common managed policy name prefixes:

Policy ARN Count
arn:aws:iam::aws:policy/AWS* 178
arn:aws:iam::aws:policy/Amazon* 168
arn:aws:iam::aws:policy/aws-service-role/* 117
arn:aws:iam::aws:policy/service-role/* 97
arn:aws:iam::aws:policy/job-function/* 7
Other 62

The following table summarises the AWS APIs.

  • The first column is the name of the API as far as IAM policies are concerned.
  • The second column is IAM actions that exactly match the names of invokable APIs exposed by AWS.
  • The third column is invokable APIs that don't have a corresponding IAM action.
  • The fourth column is IAM actions that don't have a corresponding invokable API.
Service Action/API pairs APIs without actions Actions without APIs
ec2 363 36 0
iam 140 0 1
sagemaker 137 2 2
rds 123 7 1
glue 123 0 1
ssm 121 1 7
ses 103 9 0
mobiletargeting 102 5 0
lightsail 101 4 0
cognito-idp 100 0 0
chime 91 3 50
greengrass 90 0 0
redshift 86 0 18
servicecatalog 83 0 0
waf-regional 80 0 0
a4b 77 16 3
config 76 2 2
waf 76 0 0
gamelift 76 0 0
codecommit 75 0 11
opsworks 73 1 0
storagegateway 71 4 0
devicefarm 67 10 0
clouddirectory 62 4 0
route53 56 0 0
elasticloadbalancing 54 0 1
autoscaling 54 0 0
s3 53 48 39
directconnect 53 0 0
comprehend 51 0 0
ds 49 8 6
guardduty 49 1 0
appstream 47 0 3
organizations 47 0 0
backup 46 0 1
codedeploy 46 0 0
cloudformation 45 10 3
dms 45 2 0
kms 45 1 2
cloudfront 45 0 0
ecs 44 4 2
elasticbeanstalk 43 1 2
elasticache 42 6 0
dynamodb 42 3 6
workdocs 41 0 10
rekognition 41 0 0
imagebuilder 40 2 0
securityhub 40 0 0
personalize 39 3 0
logs 39 0 5
mechanicalturk 39 0 0
lambda 37 12 3
medialive 37 6 0
appsync 36 5 1
codepipeline 36 1 0
amplify 36 1 0
wafv2 36 0 0
robomaker 36 0 0
lex 35 6 0
iotthingsgraph 35 0 0
swf 34 3 12
codebuild 34 0 7
iotanalytics 33 1 0
workmail 33 0 53
sns 33 0 0
glacier 33 0 0
workspaces 32 9 0
inspector 32 5 0
events 31 0 0
cloudhsm 31 0 0
worklink 30 0 0
frauddetector 30 0 0
ecr 29 0 0
cloudwatch 29 0 0
connect 28 1 6
cloudsearch 28 1 4
sms 28 0 2
appmesh 28 0 1
networkmanager 28 0 0
machinelearning 28 0 0
elasticmapreduce 27 3 8
schemas 27 2 0
datasync 27 2 0
forecast 27 0 0
kinesis 26 2 0
kinesisvideo 26 0 3
kinesisanalytics 26 0 1
iot1click 26 0 0
mediaconvert 25 0 0
groundstation 25 0 0
discovery 25 0 0
route53domains 23 1 0
elasticfilesystem 22 1 5
ram 22 1 0
states 22 0 0
route53resolver 22 0 0
mq 22 0 0
dataexchange 22 0 0
es 21 2 5
dax 21 0 9
eks 21 0 0
cognito-identity 21 0 0
mediastore 20 3 0
iotevents 20 0 1
xray 20 0 0
sqs 20 0 0
servicediscovery 20 0 0
kendra 20 0 0
acm-pca 20 0 0
mgh 19 1 0
athena 19 0 11
datapipeline 19 0 2
ce 19 0 0
codestar 18 0 3
transfer 18 0 0
shield 18 0 0
secretsmanager 18 0 0
managedblockchain 18 0 0
cloudtrail 18 0 0
access-analyzer 18 0 0
applicationinsights 17 10 0
kafka 17 3 0
snowball 17 2 0
cognito-sync 17 0 2
globalaccelerator 17 0 0
fms 17 0 0
elastictranscoder 17 0 0
quicksight 16 49 8
qldb 16 0 3
servicequotas 16 0 0
batch 16 0 0
opsworks-cm 15 4 0
license-manager 15 1 0
transcribe 15 0 0
mediapackage 14 4 0
mediaconnect 14 3 0
support 14 0 8
fsx 14 0 0
serverlessrepo 13 0 1
lakeformation 13 0 1
health 13 0 0
codestar-notifications 13 0 0
acm 13 0 0
signer 12 0 0
resource-groups 12 0 0
mediapackage-vod 12 0 0
firehose 12 0 0
aws-marketplace 11 0 32
detective 11 0 5
cloud9 10 0 2
sdb 10 0 0
application-autoscaling 10 0 0
codeguru-profiler 9 0 3
translate 9 0 0
polly 9 0 0
mobilehub 8 1 15
iot 8 0 185
sts 8 0 1
tag 8 0 0
sms-voice 8 0 0
savingsplans 8 0 0
dlm 8 0 0
mediatailor 7 0 0
macie 7 0 0
textract 6 0 0
rds-data 6 0 0
importexport 6 0 0
compute-optimizer 6 0 0
autoscaling-plans 6 0 0
outposts 5 0 0
codeguru-reviewer 4 0 3
cur 4 0 0
pricing 3 0 0
ebs 3 0 0
comprehendmedical 2 11 0
pi 2 0 0
mobileanalytics 1 0 2
workmailmessageflow 1 0 0
ec2-instance-connect 1 0 0
execute-api 0 209 3
apigateway 0 148 7
appconfig 0 29 0
budgets 0 14 2
IoTSecuredTunneling 0 7 0
codestar-connections 0 4 0
awsssoportal 0 4 0
elastic-inference 0 3 1
awsssooidc 0 3 0
marketplacecommerceanalytics 0 2 0
iotsitewise 0 0 77
sso 0 0 53
sso-directory 0 0 37
deepracer 0 0 26
appmesh-preview 0 0 26
deeplens 0 0 24
trustedadvisor 0 0 12
chatbot 0 0 12
freertos 0 0 11
synthetics 0 0 9
dbqms 0 0 9
launchwizard 0 0 8
aws-portal 0 0 7
ec2messages 0 0 6
wellarchitected 0 0 5
cassandra 0 0 5
aws-marketplace-management 0 0 5
ssmmessages 0 0 4
groundtruthlabeling 0 0 4
artifact 0 0 4
account 0 0 3
sumerian 0 0 2
wam 0 0 1
rds-db 0 0 1
neptune-db 0 0 1
backup-storage 0 0 1
arsenal 0 0 1

Most common action prefixes:

Prefix Count
List 1072
Get 1047
Describe 1002
Delete 921
Create 855
Update 643
Put 217
Start 135
Modify 104
Tag 99
You can’t perform that action at this time.