Skip to content

Latest commit

 

History

History
328 lines (314 loc) · 16.8 KB

README.md

File metadata and controls

328 lines (314 loc) · 16.8 KB
Raw

AWS IAM Tracker

This project collects IAM actions, AWS APIs and managed policies from various public sources.

You can explore the data collected using the static site.

Collected data is published to the policies and services folders in this repo.

Thank you to alanakirby/aktion for originally having this idea and being gracious about me shamelessly ripping it off.

Stats

  • Unique services: 274
  • Unique actions: 10719
  • Managed policies: 820

Most common managed policy name prefixes:

Policy ARN Count
arn:aws:iam::aws:policy/AWS* 234
arn:aws:iam::aws:policy/Amazon* 220
arn:aws:iam::aws:policy/aws-service-role/* 156
arn:aws:iam::aws:policy/service-role/* 123
arn:aws:iam::aws:policy/job-function/* 7
Other 80

The following table summarises the AWS APIs.

  • The first column is the name of the API as far as IAM policies are concerned.
  • The second column is IAM actions that exactly match the names of invokable APIs exposed by AWS.
  • The third column is invokable APIs that don't have a corresponding IAM action.
  • The fourth column is IAM actions that don't have a corresponding invokable API.
Service Action/API pairs APIs without actions Actions without APIs
ec2 443 6 0
sagemaker 244 0 2
chime 182 1 51
iam 158 0 1
glue 147 10 1
lightsail 142 0 0
ses 138 0 0
rds 137 0 1
ssm 131 1 10
mobiletargeting 112 0 0
greengrass 107 0 1
servicecatalog 107 0 0
connect 100 0 3
cognito-idp 100 0 0
quicksight 99 0 19
gamelift 95 0 0
redshift 93 11 18
a4b 93 0 3
storagegateway 89 0 1
config 86 0 0
waf-regional 81 0 0
codecommit 77 0 11
waf 77 0 0
devicefarm 77 0 0
s3 75 57 42
cloudfront 75 8 0
lex 75 3 5
opsworks 74 0 0
elasticache 65 0 0
route53 64 0 0
clouddirectory 63 3 0
ds 62 0 6
comprehend 61 0 0
route53resolver 60 0 0
guardduty 58 0 0
autoscaling 57 3 0
iotsitewise 57 1 0
robomaker 57 0 2
frauddetector 57 0 0
directconnect 56 3 0
lambda 56 2 4
medialive 55 1 0
cloudformation 55 0 3
elasticloadbalancing 54 0 1
dms 53 2 0
workspaces 53 0 0
ecs 52 0 2
macie2 51 4 0
securityhub 51 0 7
backup 51 0 2
events 51 0 1
rekognition 51 0 0
organizations 51 0 0
iotwireless 51 0 0
auditmanager 51 0 0
workmail 49 5 51
imagebuilder 49 0 0
dynamodb 48 6 10
personalize 48 3 0
appstream 47 1 1
codedeploy 47 0 1
globalaccelerator 47 0 0
elasticmapreduce 46 1 15
elasticbeanstalk 46 1 3
kms 45 1 2
nimble 45 0 2
codebuild 44 0 8
logs 42 0 5
workdocs 41 0 10
appsync 41 0 2
wafv2 40 0 2
license-manager 40 0 0
mechanicalturk 39 0 0
databrew 39 0 0
appmesh 38 0 1
es 37 3 9
codepipeline 37 2 0
swf 37 0 12
inspector 37 0 0
amplify 37 0 0
cloudwatch 36 0 0
forecast 35 1 0
geo 35 0 3
sms 35 0 2
networkmanager 35 0 0
iotthingsgraph 35 0 0
codeartifact 34 0 4
ecr 34 0 1
athena 34 0 1
iotanalytics 34 0 0
worklink 33 0 1
sns 33 0 0
shield 33 0 0
glacier 33 0 0
cloudhsm 33 0 0
appconfig 33 0 0
datasync 32 3 0
eks 32 0 1
sso 31 0 52
wellarchitected 31 0 0
schemas 31 0 0
ce 30 0 10
kafka 30 0 0
transcribe 29 0 2
network-firewall 29 0 0
kendra 29 0 0
profile 28 2 0
cloudsearch 28 1 4
route53domains 28 0 0
machinelearning 28 0 0
kinesis 28 0 0
access-analyzer 28 0 0
kinesisanalytics 27 2 1
kinesisvideo 27 0 3
xray 27 0 0
mediaconnect 27 0 0
applicationinsights 27 0 0
mediastore 26 0 0
ivs 26 0 0
iot1click 26 0 0
fms 26 0 0
mgn 25 0 26
elasticfilesystem 25 0 5
lookoutmetrics 25 0 1
mediaconvert 25 0 0
groundstation 25 0 0
discovery 25 0 0
ram 24 0 0
amplifybackend 24 0 0
states 23 0 0
servicediscovery 23 0 0
managedblockchain 23 0 0
ecr-public 23 0 0
cognito-identity 23 0 0
codeguru-profiler 23 0 0
acm-pca 23 0 0
snowball 22 3 0
dataexchange 22 0 1
mq 22 0 0
lookoutequipment 22 0 0
dax 21 0 9
devops-guru 21 0 0
iotevents 20 3 14
comprehendmedical 20 1 0
qldb 20 0 3
transfer 20 0 0
sqs 20 0 0
mgh 20 0 0
secretsmanager 19 3 0
lookoutvision 19 0 3
datapipeline 19 0 2
servicequotas 19 0 0
opsworks-cm 19 0 0
batch 19 0 0
mediapackage 18 1 0
appflow 18 0 5
fsx 18 0 4
codestar 18 0 3
cloudtrail 18 0 0
cognito-sync 17 0 2
signer 17 0 0
elastictranscoder 17 0 0
timestream 16 1 3
mediapackage-vod 16 1 0
resource-groups 16 0 1
detective 15 0 5
emr-containers 15 0 0
acm 15 0 0
support 14 0 8
fis 14 0 3
codeguru-reviewer 14 0 3
serverlessrepo 14 0 1
translate 14 0 0
lakeformation 13 10 1
cloud9 13 0 2
synthetics 13 0 0
iotdeviceadvisor 13 0 0
health 13 0 0
codestar-notifications 13 0 0
honeycode 12 0 14
codestar-connections 12 0 9
firehose 12 0 0
aws-marketplace 11 0 39
compute-optimizer 11 0 0
airflow 11 0 0
sdb 10 0 0
outposts 10 0 0
application-autoscaling 10 0 0
iot 9 0 235
app-integrations 9 0 2
savingsplans 9 0 0
redshift-data 9 0 0
polly 9 0 0
braket 9 0 0
budgets 8 14 2
mobilehub 8 1 15
healthlake 8 0 7
sts 8 0 3
tag 8 0 0
sms-voice 8 0 0
iotfleethub 8 0 0
dlm 8 0 0
mediatailor 7 24 0
macie 7 0 0
elastic-inference 6 0 1
textract 6 0 0
rds-data 6 0 0
importexport 6 0 0
ebs 6 0 0
autoscaling-plans 6 0 0
aps 5 0 5
identitystore 4 0 0
cur 4 0 0
s3-outposts 3 0 29
pricing 3 0 0
pi 2 0 0
marketplacecommerceanalytics 2 0 0
ec2-instance-connect 2 0 0
workmailmessageflow 1 1 0
mobileanalytics 1 0 2
execute-api 0 234 3
apigateway 0 152 9
finspace 0 8 0
IoTSecuredTunneling 0 7 0
awsssoportal 0 4 0
finspace-api 0 3 0
awsssooidc 0 3 0
sso-directory 0 0 52
proton 0 0 50
panorama 0 0 42
appmesh-preview 0 0 36
ssm-incidents 0 0 29
controltower 0 0 29
ssm-contacts 0 0 26
deepracer 0 0 26
deeplens 0 0 24
trustedadvisor 0 0 21
kafka-cluster 0 0 19
s3-object-lambda 0 0 18
deepcomposer 0 0 18
dbqms 0 0 13
monitron 0 0 12
chatbot 0 0 12
freertos 0 0 11
elemental-activations 0 0 10
grafana 0 0 9
cloudshell 0 0 9
launchwizard 0 0 8
cassandra 0 0 8
activate 0 0 8
elemental-appliances-software 0 0 7
aws-portal 0 0 7
ec2messages 0 0 6
iot-device-tester 0 0 5
groundtruthlabeling 0 0 5
elemental-support-cases 0 0 5
aws-marketplace-management 0 0 5
ssmmessages 0 0 4
artifact 0 0 4
tiros 0 0 3
resource-explorer 0 0 3
awsconnector 0 0 3
account 0 0 3
sumerian 0 0 2
purchase-orders 0 0 2
wam 0 0 1
rds-db 0 0 1
neptune-db 0 0 1
iq-permission 0 0 1
iq 0 0 1
elemental-support-content 0 0 1
codeguru 0 0 1
backup-storage 0 0 1
arsenal 0 0 1

Most common action prefixes:

Prefix Count
List 1563
Get 1412
Describe 1300
Delete 1254
Create 1153
Update 921
Put 313
Start 197
Tag 166
Untag 164