For each IAM policy, retrieve and analyze the policy statements to identify any statement with 'Effect': 'Allow', 'Action': '*', and 'Resource': '*'.

import boto3 import json # Initialize IAM client with credentials iam_client = boto3.client( 'iam', region_name='us-east-2', aws_access_key_id=getEnvVar('AWS_ACCESS_KEY_ID'), aws_secret_access_key=getEnvVar('AWS_SECRET_ACCESS_KEY') ) # List all customer managed policies response = iam_client.list_policies(Scope='Local') # Initialize compliance results dictionary compliance_results = {} # Iterate over each policy for policy in response['Policies']: policy_arn = policy['Arn'] policy_name = policy['PolicyName'] # Get policy version policy_version = iam_client.get_policy(PolicyArn=policy_arn)['Policy']['DefaultVersionId'] # Get policy document policy_document = iam_client.get_policy_version(PolicyArn=policy_arn, VersionId=policy_version)['PolicyVersion']['Document'] # Check each statement in the policy is_compliant = True for statement in policy_document.get('Statement', []): if (statement.get('Effect') == 'Allow' and statement.get('Action') == '*' and statement.get('Resource') == '*'): is_compliant = False break # Record compliance status compliance_results[policy_name] = 'NON_COMPLIANT' if not is_compliant else 'COMPLIANT' # Print the compliance results print(json.dumps(compliance_results, indent=4))