agent: |
gK9VsxxFLxIQQKswKWwDFor each IAM policy, retrieve and analyze the policy statements to identify any statement with 'Effect': 'Allow', 'Action': '*', and 'Resource': '*'.
For each IAM policy, retrieve and analyze the policy statements to identify any statement with 'Effect': 'Allow', 'Action': '*', and 'Resource': '*'.
There was a problem that the LLM was not able to address. Please rephrase your prompt and try again.
The script retrieves and analyzes IAM policy statements to identify non-compliant policies with 'Effect': 'Allow', 'Action': '*', and 'Resource': '*'.
inputs
outputs
import boto3
import json
# Initialize IAM client with credentials
iam_client = boto3.client(
'iam',
region_name='us-east-2',
aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'),
aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY')
)
# List all customer managed policies
response = iam_client.list_policies(Scope='Local')
# Initialize compliance results dictionary
compliance_results = {}
# Iterate over each policy
for policy in response['Policies']:
policy_arn = policy['Arn']
policy_name = policy['PolicyName']
# Get policy version
policy_version = iam_client.get_policy(PolicyArn=policy_arn)['Policy']['DefaultVersionId']
# Get policy document
policy_document = iam_client.get_policy_version(PolicyArn=policy_arn, VersionId=policy_version)['PolicyVersion']['Document']
# Check each statement in the policy
is_compliant = True
for statement in policy_document.get('Statement', []):
if (statement.get('Effect') == 'Allow' and
statement.get('Action') == '*' and
statement.get('Resource') == '*'):
is_compliant = False
break
# Record compliance status
compliance_results[policy_name] = 'NON_COMPLIANT' if not is_compliant else 'COMPLIANT'
# Print the compliance results
print(json.dumps(compliance_results, indent=4))
copied