Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Override Access Level in Actions Table with a config file #8

Closed
kmcquade opened this issue Oct 15, 2019 · 0 comments · Fixed by #17
Closed

Feature: Override Access Level in Actions Table with a config file #8

kmcquade opened this issue Oct 15, 2019 · 0 comments · Fixed by #17
Assignees
@kmcquade
Labels
enhancement New feature or request

Comments

@kmcquade
Copy link
Collaborator

kmcquade commented Oct 15, 2019
edited
Loading

Sometimes the AWS documentation is incorrect - for example, as of today, I have the following documentation change requests still open with AWS:

  • Systems Manager:
    • ssm:PutParameter is listed as “Tagging” on the “Actions, Resources, and Conditions Keys” page. Should be “Write”
  • CloudWatch Events:
    • The entire events (Cloudwatch events) API is missing from the “Actions, Resources, and Conditions Keys” page. CloudWatch events is now EventBridge
  • EC2
    • The following actions are listed as “Write” access level on the “Actions, Resources, and Conditions Keys” page. They should be “Permissions management”
      • ec2:ResetSnapshotAttribute
      • ec2:CreateNetworkInterfacePermission
      • ec2:DeleteNetworkInterfacePermission
      • ec2:ModifyVpcEndpointServicePermissions

Additionally, there are some items that are listed appropriately for the purposes of the AWS documentation itself, but should be considered as "Permissions Management" access level for the purposes of this tool. For example:

  • All actions under IAM that are listed at the "Write" access level should be "Permissions Management" for the purposes of this tool
  • All actions under RAM that are listed at "Write" access level should be "Permissions Management" for the purposes of this tool

Therefore, I should be able to supply a YML file at policy_sentry initialize time that overrides the Access level provided by the documentation. That way, we don't have to wait for AWS to update their docs to have the proper access levels in place.
@kmcquade kmcquade added the enhancement New feature or request label Oct 15, 2019
@kmcquade kmcquade self-assigned this Oct 15, 2019
@kmcquade kmcquade mentioned this issue Oct 18, 2019
Merged
kmcquade added a commit that referenced this issue Oct 18, 2019
@kmcquade
Merge pull request #17 from kmcquade/fix/GH-8
387c03a 
Override AWS's provided Access Levels with a YML file
@kmcquade kmcquade mentioned this issue Nov 4, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kmcquade kmcquade

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Override AWS's provided Access Levels with a YML file kmcquade/policy_sentry
1 participant
@kmcquade