Skip to content

mdesanti/trackiam

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

182 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
generator
generator
 
 
policies
policies
 
 
services
services
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

AWS IAM Tracker

This project collects IAM actions, AWS APIs and managed policies from various public sources.

You can explore the data collected using the static site.

Collected data is published to the policies and services folders in this repo.

Thank you to alanakirby/aktion for originally having this idea and being gracious about me shamelessly ripping it off.

Stats

  • Unique services: 205
  • Unique actions: 7487
  • Managed policies: 604

Most common managed policy name prefixes:

Policy ARN Count
arn:aws:iam::aws:policy/AWS* 173
arn:aws:iam::aws:policy/Amazon* 156
arn:aws:iam::aws:policy/aws-service-role/* 110
arn:aws:iam::aws:policy/service-role/* 96
arn:aws:iam::aws:policy/job-function/* 7
Other 62

The following table summarises the AWS APIs.

  • The first column is the name of the API as far as IAM policies are concerned.
  • The second column is IAM actions that exactly match the names of invokable APIs exposed by AWS.
  • The third column is invokable APIs that don't have a corresponding IAM action.
  • The fourth column is IAM actions that don't have a corresponding invokable API.
Service Action/API pairs APIs without actions Actions without APIs
ec2 361 6 0
iam 140 0 1
glue 123 0 1
ssm 121 0 7
rds 111 6 1
ses 103 8 0
lightsail 101 4 0
cognito-idp 100 0 0
chime 91 0 49
greengrass 90 0 0
redshift 86 0 18
mobiletargeting 83 22 0
servicecatalog 83 0 0
waf-regional 80 0 0
a4b 77 16 3
waf 76 0 0
sagemaker 76 0 0
codecommit 75 0 11
opsworks 73 1 0
gamelift 73 0 0
storagegateway 71 4 0
devicefarm 67 0 0
clouddirectory 62 4 0
config 59 19 2
route53 56 0 0
elasticloadbalancing 54 0 1
autoscaling 54 0 0
directconnect 53 0 0
comprehend 51 0 0
ds 49 8 6
guardduty 49 1 0
appstream 47 0 3
organizations 47 0 0
codedeploy 46 0 0
s3 45 48 39
cloudformation 45 10 3
dms 45 2 0
kms 45 1 2
cloudfront 45 0 0
ecs 44 1 2
elasticbeanstalk 43 1 2
backup 43 0 0
elasticache 42 6 0
dynamodb 42 3 6
workdocs 41 0 10
imagebuilder 40 2 0
personalize 39 3 0
logs 39 0 5
mechanicalturk 39 0 0
securityhub 38 0 0
lambda 37 7 2
medialive 37 6 0
appsync 36 5 1
robomaker 36 0 0
codepipeline 36 0 0
lex 35 6 0
iotthingsgraph 35 0 0
swf 34 3 12
rekognition 34 0 0
iotanalytics 33 1 0
workmail 33 0 53
sns 33 0 0
glacier 33 0 0
workspaces 32 8 0
inspector 32 5 0
amplify 32 5 0
events 31 0 0
worklink 30 0 0
codebuild 29 0 7
ecr 29 0 0
cloudwatch 29 0 0
cloudhsm 28 3 0
connect 28 1 6
cloudsearch 28 1 4
sms 28 0 2
appmesh 28 0 1
machinelearning 28 0 0
elasticmapreduce 27 3 8
schemas 27 2 0
forecast 27 0 0
datasync 27 0 0
kinesis 26 2 0
iot1click 26 0 0
mediaconvert 25 0 0
groundstation 25 0 0
discovery 25 0 0
kinesisanalytics 24 2 1
route53domains 23 1 0
states 22 0 0
route53resolver 22 0 0
mq 22 0 0
dataexchange 22 0 0
es 21 2 5
dax 21 0 9
cognito-identity 21 0 0
mediastore 20 3 0
iotevents 20 0 1
xray 20 0 0
sqs 20 0 0
servicediscovery 20 0 0
acm-pca 20 0 0
athena 19 0 11
datapipeline 19 0 2
mgh 19 0 0
ce 19 0 0
codestar 18 0 3
transfer 18 0 0
secretsmanager 18 0 0
managedblockchain 18 0 0
cloudtrail 18 0 0
access-analyzer 18 0 0
applicationinsights 17 9 0
ram 17 6 0
snowball 17 2 0
kafka 17 2 0
shield 17 1 0
eks 17 0 4
cognito-sync 17 0 2
globalaccelerator 17 0 0
elastictranscoder 17 0 0
quicksight 16 49 8
qldb 16 0 3
servicequotas 16 0 0
batch 16 0 0
opsworks-cm 15 1 0
license-manager 15 1 0
kinesisvideo 15 0 1
mediapackage 14 4 0
mediaconnect 14 3 0
support 14 0 8
elasticfilesystem 14 0 2
fms 14 0 0
serverlessrepo 13 0 1
lakeformation 13 0 1
codestar-notifications 13 0 0
acm 13 0 0
signer 12 0 0
resource-groups 12 0 0
mediapackage-vod 12 0 0
firehose 12 0 0
aws-marketplace 11 0 31
fsx 11 0 0
sdb 10 0 0
cloud9 10 0 0
application-autoscaling 10 0 0
transcribe 9 0 1
polly 9 0 0
mobilehub 8 1 15
iot 8 0 175
sts 8 0 1
tag 8 0 0
sms-voice 8 0 0
savingsplans 8 0 0
dlm 8 0 0
mediatailor 7 0 0
macie 7 0 0
textract 6 0 0
rds-data 6 0 0
importexport 6 0 0
health 6 0 0
autoscaling-plans 6 0 0
translate 5 0 0
cur 4 0 0
pricing 3 0 0
comprehendmedical 2 9 0
pi 2 0 0
mobileanalytics 1 0 2
workmailmessageflow 1 0 0
ec2-instance-connect 1 0 0
execute-api 0 209 3
apigateway 0 144 7
wafv2 0 36 0
appconfig 0 29 0
budgets 0 14 2
IoTSecuredTunneling 0 7 0
awsssoportal 0 4 0
elastic-inference 0 3 1
awsssooidc 0 3 0
marketplacecommerceanalytics 0 2 0
iotsitewise 0 0 77
sso 0 0 53
sso-directory 0 0 37
deepracer 0 0 26
appmesh-preview 0 0 26
deeplens 0 0 24
trustedadvisor 0 0 12
chatbot 0 0 12
freertos 0 0 11
synthetics 0 0 9
dbqms 0 0 9
launchwizard 0 0 8
aws-portal 0 0 7
ec2messages 0 0 6
compute-optimizer 0 0 6
aws-marketplace-management 0 0 5
wellarchitected 0 0 4
ssmmessages 0 0 4
groundtruthlabeling 0 0 4
artifact 0 0 4
account 0 0 3
sumerian 0 0 2
wam 0 0 1
rds-db 0 0 1
neptune-db 0 0 1
backup-storage 0 0 1

Most common action prefixes:

Prefix Count
List 1019
Get 1003
Describe 948
Delete 882
Create 804
Update 614
Put 207
Start 127
Modify 100
Tag 93

About

glassechidna.github.io/trackiam/

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 100.0%