# IAM Policies minifier
Optimize long AWS IAM policies by strategically using wildcards, reducing the number of characters, and maintaining the intended scope of permissions.
## Background
When crafting long and complex AWS IAM customer-managed policies, the 6,144 character limit imposed by AWS can become a problem. While one approach to address this limitation is to split a long policy into multiple customer-managed policies, this may not always be the ideal solution. In such scenarios, it's possible to reduce the length of a policy by strategically using wildcards where possible.
The `iam-minify`-er traverses through a list of IAM actions defined in a policy, identifies optimal locations for wildcards, and effectively reduces the character count while maintaining the intended permission scope.
## Instalation
```
python -m pip install iam-minify
```
## Usage & features
- `iam-minify example-policy.json`
The script will traverse though all policy statemends defined in the policy document, and optimise IAM actions within the same statement. It processes different policy statements in isolation in order to not grant unintended access to resources.
### Limitations
- Actions in the supplied IAM policy documents can contain **wildcards only at the end of the string**. Wildcards anywhere else than at the end of the string are currently not supported. E.g., `s3:Get*` will work while `s3:*Object` **will throw an error.**
### Example
Consider the following IAM policy:
```json
// ./example-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAccessPoints",
"s3:ListAccessPointsForObjectLambda",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListJobs",
"s3:ListMultipartUploadParts",
"s3:ListMultiRegionAccessPoints"
"s3:ListStorageLensConfigurations",
],
"Resource": "*"
}
]
}
```
Executing `iam-minify example-policy.json` will output the following result:
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAccessP*",
"s3:ListAl*",
"s3:ListB*",
"s3:ListJ*",
"s3:ListM*",
"s3:ListStorageLensC*"
],
"Resource": "*"
}
]
}
```
Raw data
{
"_id": null,
"home_page": "https://github.com/imduchy/iam-minify",
"name": "iam-minify",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "AWS IAM policy minify",
"author": "imduchy",
"author_email": "jakub@duchy.sk",
"download_url": "https://files.pythonhosted.org/packages/29/eb/d9feecc3f5528ba34312e8ba9fde3afb60e49379d0ff0626554f499099cb/iam-minify-0.0.4.tar.gz",
"platform": null,
"description": "# IAM Policies minifier\n\nOptimize long AWS IAM policies by strategically using wildcards, reducing the number of characters, and maintaining the intended scope of permissions.\n\n## Background\n\nWhen crafting long and complex AWS IAM customer-managed policies, the 6,144 character limit imposed by AWS can become a problem. While one approach to address this limitation is to split a long policy into multiple customer-managed policies, this may not always be the ideal solution. In such scenarios, it's possible to reduce the length of a policy by strategically using wildcards where possible.\n\nThe `iam-minify`-er traverses through a list of IAM actions defined in a policy, identifies optimal locations for wildcards, and effectively reduces the character count while maintaining the intended permission scope.\n\n## Instalation\n\n```\npython -m pip install iam-minify\n```\n\n## Usage & features\n\n- `iam-minify example-policy.json` \n\nThe script will traverse though all policy statemends defined in the policy document, and optimise IAM actions within the same statement. It processes different policy statements in isolation in order to not grant unintended access to resources.\n\n### Limitations\n- Actions in the supplied IAM policy documents can contain **wildcards only at the end of the string**. Wildcards anywhere else than at the end of the string are currently not supported. E.g., `s3:Get*` will work while `s3:*Object` **will throw an error.**\n\n### Example\n\nConsider the following IAM policy:\n\n```json\n// ./example-policy.json\n\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListAccessPoints\",\n \"s3:ListAccessPointsForObjectLambda\",\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:ListBucketVersions\",\n \"s3:ListJobs\",\n \"s3:ListMultipartUploadParts\",\n \"s3:ListMultiRegionAccessPoints\"\n \"s3:ListStorageLensConfigurations\",\n ],\n \"Resource\": \"*\"\n }\n ]\n}\n```\n\nExecuting `iam-minify example-policy.json` will output the following result:\n\n```json\n{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:ListAccessP*\",\n \"s3:ListAl*\",\n \"s3:ListB*\",\n \"s3:ListJ*\",\n \"s3:ListM*\",\n \"s3:ListStorageLensC*\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}\n```\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Minify IAM actions using wildcards to save up as many characters as possible without granting unintended permissions",
"version": "0.0.4",
"project_urls": {
"Homepage": "https://github.com/imduchy/iam-minify"
},
"split_keywords": [
"aws",
"iam",
"policy",
"minify"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "b90f7fc2c9d13e7f3d145cc165a7f33bcac8cc02b19dfc4b2e1f4b02a1663045",
"md5": "b5ec55c505bb02891d0baff850fd6248",
"sha256": "3c5e320735394b249ae22e7ed71c454336031b484aab53f1b28a8b8b0909a9cf"
},
"downloads": -1,
"filename": "iam_minify-0.0.4-py3-none-any.whl",
"has_sig": false,
"md5_digest": "b5ec55c505bb02891d0baff850fd6248",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 8057,
"upload_time": "2024-03-29T17:41:44",
"upload_time_iso_8601": "2024-03-29T17:41:44.725754Z",
"url": "https://files.pythonhosted.org/packages/b9/0f/7fc2c9d13e7f3d145cc165a7f33bcac8cc02b19dfc4b2e1f4b02a1663045/iam_minify-0.0.4-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "29ebd9feecc3f5528ba34312e8ba9fde3afb60e49379d0ff0626554f499099cb",
"md5": "4948cd3c93c682947f1a8dc7d5316f1a",
"sha256": "d383fc98fa6274575f8f52dec8647bb5a9ed4183c53c72898136edb1d51cc457"
},
"downloads": -1,
"filename": "iam-minify-0.0.4.tar.gz",
"has_sig": false,
"md5_digest": "4948cd3c93c682947f1a8dc7d5316f1a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 7170,
"upload_time": "2024-03-29T17:41:46",
"upload_time_iso_8601": "2024-03-29T17:41:46.177329Z",
"url": "https://files.pythonhosted.org/packages/29/eb/d9feecc3f5528ba34312e8ba9fde3afb60e49379d0ff0626554f499099cb/iam-minify-0.0.4.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-29 17:41:46",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "imduchy",
"github_project": "iam-minify",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "iam-minify"
}
JSON
