tf-policy-validator


Nametf-policy-validator JSON
Version 0.0.7 PyPI version JSON
download
home_pageNone
SummaryA command line tool that validates AWS IAM Policies in a Terraform template against AWS IAM best practices
upload_time2024-05-21 21:19:45
maintainerNone
docs_urlNone
authorPolicy Validator Maintainers
requires_python<4.0,>=3.8
licenseMIT-0
keywords amazon aws aws-samples eks kubernetes upgrade iam_check
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            ## IAM Policy Validator for Terraform
A command line tool that takes a Terraform template, parses IAM identity-based and resource-based policies, then runs them through [IAM Access Analyzer policy validation checks](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-policy-checks.html) and (optionally) through IAM Access Analyzer custom policy checks. Note that a charge is associated with each custom policy check. For more details about pricing, see [IAM Access Analyzer pricing](https://aws.amazon.com/iam/access-analyzer/pricing/).

## Table of Contents<!-- omit in toc -->

- [Pre-requisites](#pre-requisites)
- [Getting Started](#getting-started)
- [Limitations](#limitations)
- [Frequently Asked Questions](#frequently-asked-questions)
- [Contributors](#contributors)

## Pre-requisites
An analyzer needs to exist in the account. To create an analyzer with the account as the zone of trust, see AWS documentation [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#access-analyzer-enabling).

## Getting Started

### Installation
Python 3+ is supported.
```
$ pip install tf-policy-validator
$ tf-policy-validator -h
```
### Credentials
The tool should be run using credentials from the AWS account that you plan to deploy terraform template to. The tool uses boto3 to interact with your AWS account. You can use one of the following methods to specify credentials:

- Environment variables
- Shared credential file (~/.aws/credentials)
- AWS config file (~/.aws/config)
- Assume Role provider
- Instance metadata service on an Amazon EC2 instance that has an IAM role configured.

[Read more about these options](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html)

The principal used to execute the tool requires the following permissions.
```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AccessAnalyzerValidatePolicy",
            "Effect": "Allow",
            "Action": [
                "access-analyzer:ValidatePolicy",
                "access-analyzer:CheckNoNewAccess",
                "access-analyzer:CheckAccessNotGranted"
            ],
            "Resource": "*"
        }
    ]
}
```
| Action Name| Justificiation |
| ---------- | ------------- |
| access-analyzer:ValidatePolicy | Called for each policy to validate against IAM policy best practices. |
| access-analyzer:CheckNoNewAccess | Called for each policy to validate against a reference policy to compare permissions. |
| access-analyzer:CheckAccessNotGranted | Called for each policy to validate that it does not grant access to a list of IAM actions, considered as critical permissions, provided as input. |


### Basic usage
```
tf-policy-validator validate --config iam_check/config/default.yaml --template-path ./my-template.json --region us-east-1
```

### Commands
**validate**
```
tf-policy-validator validate --config iam_check/config/default.yaml --template-path ./my-template.json --region us-east-1
```
Parses IAM identity-based and resource-based policies from Terraform templates. Then runs the policies through IAM Access Analyzer for validation. Returns the findings from validation in JSON format. Exits with a non-zero error code if any findings categorized as blocking are found in your template. Exits with an error code of zero if all findings are non-blocking or there are no findings.

| Arguments | Required |  Options | Description |
| --------- | -------- | ---------| ----------- |
| --help  | | | show this help message and exit |
| --template-path | | FILE_NAME | The path to the Terraform plan file (JSON). |
| --region | Yes | REGION | The destination region the resources will be deployed to. |
| --profile | | PROFILE | The named profile to use for AWS API calls. |
| --enable-logging | | | Enables log output to stdout |
| --ignore-finding | | FINDING_CODE, RESOURCE_NAME, RESOURCE_NAME.FINDING_CODE | Allow validation failures to be ignored. Specify as a comma separated list of findings to be ignored. Can be individual finding codes (e.g. "PASS_ROLE_WITH_STAR_IN_RESOURCE"), a specific resource name (e.g. "MyResource"), or a combination of both separated by a period.(e.g. "MyResource.PASS_ROLE_WITH_STAR_IN_RESOURCE").  Names of finding codes may change in IAM Access Analyzer over time.
| --treat-finding-type-as-blocking | | ERROR, SECURITY_WARNING, WARNING, SUGGESTION, NONE | Specify which finding types should be treated as blocking. Other finding types are treated as nonblocking.  If the tool detects any blocking finding types, it will exit with a non-zero exit code.  If all findings are nonblocking or there are no findings, the tool exits with an exit code of 0.  Defaults to "ERROR" and "SECURITY_WARNING". Specify as a comma separated list of finding types that should be blocking. Pass "NONE" to ignore all findings. |
| --allow-external-principals | | ACCOUNT,ARN | A comma separated list of external principals that should be ignored.  Specify as a comma separated list of a 12 digit AWS account ID, a federated web identity user, a federated SAML user, or an ARN. Specify "*" to allow anonymous access. (e.g. 123456789123,arn:aws:iam::111111111111:role/MyOtherRole,graph.facebook.com) |
| --config |Yes | FILE_NAME1, FILE_NAME2, ... | A list of config files for running this script |
**check-no-new-access**
```
tf-policy-validator check-no-new-access --config iam_check/config/default.yaml --template-path iam_check/test/test_policy_accessanalyzer.json --region us-west-2 --reference-policy-type identity --reference-policy iam_check/test/test_policy.json
```
Parses IAM identity-based and resource-based policies from Terraform templates. Then runs the policies through IAM Access Analyzer for a custom check against a reference policy. Returns the findings from the custom check in JSON format. Exits with a non-zero error code if any findings categorized as blocking, based on new access, are found in your template. Exits with an error code of zero if all findings are non-blocking or there are no findings. You can find examples for reference policies and learn how to set up and run a custom policy check for new access in the [IAM Access Analyzer custom policy checks samples](https://github.com/aws-samples/iam-access-analyzer-custom-policy-check-samples) repository on GitHub.

| Arguments | Required |  Options | Description |
| --------- | -------- | ---------| ----------- |
| --help  | | | show this help message and exit |
| --template-path | | FILE_NAME | The path to the Terraform plan file (JSON). |
| --region | Yes | REGION | The destination region the resources will be deployed to. |
| --profile | | PROFILE | The named profile to use for AWS API calls. |
| --enable-logging | | | Enables log output to stdout |
| --ignore-finding | | FINDING_CODE, RESOURCE_NAME, RESOURCE_NAME.FINDING_CODE | Allow validation failures to be ignored. Specify as a comma separated list of findings to be ignored. Can be individual finding codes (e.g. "PASS_ROLE_WITH_STAR_IN_RESOURCE"), a specific resource name (e.g. "MyResource"), or a combination of both separated by a period.(e.g. "MyResource.PASS_ROLE_WITH_STAR_IN_RESOURCE").  Names of finding codes may change in IAM Access Analyzer over time. |
| --reference-policy | Yes | FILE_PATH.json | A JSON formatted file that specifies the path to the reference policy that is used for a permissions comparison.   |
| --reference-policy-type | Yes | IDENTITY or RESOURCE | The policy type associated with the IAM policy under analysis and the reference policy.  |
| --treat-findings-as-non-blocking | | | When not specified, the tool detects any findings, it will exit with a non-zero exit code. When specified, the tool exits with an exit code of 0. |
| --exclude-resource-types | | aws_resource_type, aws_resource_type | List of comma-separated resource types. Resource types should be the same as terraform template resource names such as aws_iam_group_policy, aws_iam_role |
| --config |Yes | FILE_NAME1, FILE_NAME2, ... | A list of config files for running this script |

**check-access-not-granted**
```
tf-policy-validator check-access-not-granted --config iam_check/config/default.yaml --template-path iam_check/test/test_policy_accessanalyzer.json --region us-west-2 --actions lambda:invokeFunction
```
Parses IAM identity-based and resource-based policies from Terraform templates. Then runs the policies through IAM Access Analyzer for a custom check against a list of IAM actions. Returns the findings from the custom check in JSON format. Exits with a non-zero error code if any findings categorized as blocking, based on access granted to at least one of the listed IAM actions, are found in your template. Exits with an error code of zero if all findings are non-blocking or there are no findings.

| Arguments | Required |  Options | Description |
| --------- | -------- | ---------| ----------- |
| --help  | | | show this help message and exit |
| --template-path | | FILE_NAME | The path to the Terraform plan file (JSON). |
| --region | Yes | REGION | The destination region the resources will be deployed to. |
| --profile | | PROFILE | The named profile to use for AWS API calls. |
| --enable-logging | | | Enables log output to stdout |
| --ignore-finding | | FINDING_CODE, RESOURCE_NAME, RESOURCE_NAME.FINDING_CODE | Allow validation failures to be ignored. Specify as a comma separated list of findings to be ignored. Can be individual finding codes (e.g. "PASS_ROLE_WITH_STAR_IN_RESOURCE"), a specific resource name (e.g. "MyResource"), or a combination of both separated by a period.(e.g. "MyResource.PASS_ROLE_WITH_STAR_IN_RESOURCE").  Names of finding codes may change in IAM Access Analyzer over time. |
| --actions | Yes | ACTION,ACTION,ACTION | List of comma-separated actions. |
| --treat-findings-as-non-blocking | | | When not specified, the tool detects any findings, it will exit with a non-zero exit code. When specified, the tool exits with an exit code of 0. |
| --exclude-resource-types | | aws_resource_type, aws_resource_type | List of comma-separated resource types. Resource types should be the same as terraform template resource names such as aws_iam_group_policy, aws_iam_role |
| --config |Yes | FILE_NAME1, FILE_NAME2, ... | A list of config files for running this script |

### Example to check Terraform template
```
$ cd iam_check/test/
$ terraform init
$ terraform plan -out tf.plan ## generate terraform plan file
$ terraform show -json -no-color tf.plan > tf.json ## convert plan files to machine-readable JSON files. For TF 0.12 and prior, use command `terraform show tf.plan > tf.out`
$ cd ../..
$ tf-policy-validator --config iam_check/config/default.yaml --template-path iam_check/test/tf.json --region us-east-1 --treat-finding-type-as-blocking ERROR # For TF 0.12 and prior, replace tf.json with tf.out
$ tf-policy-validator check-no-new-access --config iam_check/config/default.yaml --template-path iam_check/test/test_policy_accessanalyzer.json --region us-west-2 --reference-policy-type identity --reference-policy iam_check/test/test_policy.json
$ tf-policy-validator check-access-not-granted --config iam_check/config/default.yaml --template-path iam_check/test/test_policy_accessanalyzer.json --region us-west-2 --actions lambda:invokeFunction
```

_More examples can be found [here](iam_check/doc/)_.

## Limitations

1. Does not support Terraform [computed resources](https://www.terraform.io/plugin/sdkv2/schemas/schema-behaviors).
For example, the tool will report no IAM policy found for the following Terraform template. The policy json string is a computed resource. The plan output doesn't contain information of IAM policy document. 

```
resource "aws_s3_bucket" "b" {
  bucket = "my-tf-test-bucket"

  tags = {
    Name        = "My bucket"
    Environment = "Dev"
  }
}

resource "aws_iam_policy" "policy" {
  name        = "test-policy"
  description = "A test policy"

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = [
          "s3:GetObject",
        ]
        Effect   = "Allow"
        Resource = "${aws_s3_bucket.b.id}"
      }
    ]
  })
}
```

## Frequently Asked Questions
**How to run unit tests**
```
$ python3 -m pip install pipenv
$ pipenv install --dev
$ pipenv shell
$ cd iam_check
$ python3 -m pytest
```

## Contributors
[Contributors](CONTRIBUTORS)

            

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "tf-policy-validator",
    "maintainer": null,
    "docs_url": null,
    "requires_python": "<4.0,>=3.8",
    "maintainer_email": null,
    "keywords": "amazon, aws, aws-samples, eks, kubernetes, upgrade, iam_check",
    "author": "Policy Validator Maintainers",
    "author_email": "terraform-policy-validator@amazon.com",
    "download_url": "https://files.pythonhosted.org/packages/37/b4/b75c1f9dd23771cd8a2c5fafbe4a5875660d988d7ace2feef59c42e8f02a/tf_policy_validator-0.0.7.tar.gz",
    "platform": null,
    "description": "## IAM Policy Validator for Terraform\nA command line tool that takes a Terraform template, parses IAM identity-based and resource-based policies, then runs them through [IAM Access Analyzer policy validation checks](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-policy-checks.html) and (optionally) through IAM Access Analyzer custom policy checks. Note that a charge is associated with each custom policy check. For more details about pricing, see [IAM Access Analyzer pricing](https://aws.amazon.com/iam/access-analyzer/pricing/).\n\n## Table of Contents<!-- omit in toc -->\n\n- [Pre-requisites](#pre-requisites)\n- [Getting Started](#getting-started)\n- [Limitations](#limitations)\n- [Frequently Asked Questions](#frequently-asked-questions)\n- [Contributors](#contributors)\n\n## Pre-requisites\nAn analyzer needs to exist in the account. To create an analyzer with the account as the zone of trust, see AWS documentation [here](https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#access-analyzer-enabling).\n\n## Getting Started\n\n### Installation\nPython 3+ is supported.\n```\n$ pip install tf-policy-validator\n$ tf-policy-validator -h\n```\n### Credentials\nThe tool should be run using credentials from the AWS account that you plan to deploy terraform template to. The tool uses boto3 to interact with your AWS account. You can use one of the following methods to specify credentials:\n\n- Environment variables\n- Shared credential file (~/.aws/credentials)\n- AWS config file (~/.aws/config)\n- Assume Role provider\n- Instance metadata service on an Amazon EC2 instance that has an IAM role configured.\n\n[Read more about these options](https://boto3.amazonaws.com/v1/documentation/api/latest/guide/credentials.html)\n\nThe principal used to execute the tool requires the following permissions.\n```json\n{\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Sid\": \"AccessAnalyzerValidatePolicy\",\n            \"Effect\": \"Allow\",\n            \"Action\": [\n                \"access-analyzer:ValidatePolicy\",\n                \"access-analyzer:CheckNoNewAccess\",\n                \"access-analyzer:CheckAccessNotGranted\"\n            ],\n            \"Resource\": \"*\"\n        }\n    ]\n}\n```\n| Action Name| Justificiation |\n| ---------- | ------------- |\n| access-analyzer:ValidatePolicy | Called for each policy to validate against IAM policy best practices. |\n| access-analyzer:CheckNoNewAccess | Called for each policy to validate against a reference policy to compare permissions. |\n| access-analyzer:CheckAccessNotGranted | Called for each policy to validate that it does not grant access to a list of IAM actions, considered as critical permissions, provided as input. |\n\n\n### Basic usage\n```\ntf-policy-validator validate --config iam_check/config/default.yaml --template-path ./my-template.json --region us-east-1\n```\n\n### Commands\n**validate**\n```\ntf-policy-validator validate --config iam_check/config/default.yaml --template-path ./my-template.json --region us-east-1\n```\nParses IAM identity-based and resource-based policies from Terraform templates. Then runs the policies through IAM Access Analyzer for validation. Returns the findings from validation in JSON format. Exits with a non-zero error code if any findings categorized as blocking are found in your template. Exits with an error code of zero if all findings are non-blocking or there are no findings.\n\n| Arguments | Required |  Options | Description |\n| --------- | -------- | ---------| ----------- |\n| --help  | | | show this help message and exit |\n| --template-path | | FILE_NAME | The path to the Terraform plan file (JSON). |\n| --region | Yes | REGION | The destination region the resources will be deployed to. |\n| --profile | | PROFILE | The named profile to use for AWS API calls. |\n| --enable-logging | | | Enables log output to stdout |\n| --ignore-finding | | FINDING_CODE, RESOURCE_NAME, RESOURCE_NAME.FINDING_CODE | Allow validation failures to be ignored. Specify as a comma separated list of findings to be ignored. Can be individual finding codes (e.g. \"PASS_ROLE_WITH_STAR_IN_RESOURCE\"), a specific resource name (e.g. \"MyResource\"), or a combination of both separated by a period.(e.g. \"MyResource.PASS_ROLE_WITH_STAR_IN_RESOURCE\").  Names of finding codes may change in IAM Access Analyzer over time.\n| --treat-finding-type-as-blocking | | ERROR, SECURITY_WARNING, WARNING, SUGGESTION, NONE | Specify which finding types should be treated as blocking. Other finding types are treated as nonblocking.  If the tool detects any blocking finding types, it will exit with a non-zero exit code.  If all findings are nonblocking or there are no findings, the tool exits with an exit code of 0.  Defaults to \"ERROR\" and \"SECURITY_WARNING\". Specify as a comma separated list of finding types that should be blocking. Pass \"NONE\" to ignore all findings. |\n| --allow-external-principals | | ACCOUNT,ARN | A comma separated list of external principals that should be ignored.  Specify as a comma separated list of a 12 digit AWS account ID, a federated web identity user, a federated SAML user, or an ARN. Specify \"*\" to allow anonymous access. (e.g. 123456789123,arn:aws:iam::111111111111:role/MyOtherRole,graph.facebook.com) |\n| --config |Yes | FILE_NAME1, FILE_NAME2, ... | A list of config files for running this script |\n**check-no-new-access**\n```\ntf-policy-validator check-no-new-access --config iam_check/config/default.yaml --template-path iam_check/test/test_policy_accessanalyzer.json --region us-west-2 --reference-policy-type identity --reference-policy iam_check/test/test_policy.json\n```\nParses IAM identity-based and resource-based policies from Terraform templates. Then runs the policies through IAM Access Analyzer for a custom check against a reference policy. Returns the findings from the custom check in JSON format. Exits with a non-zero error code if any findings categorized as blocking, based on new access, are found in your template. Exits with an error code of zero if all findings are non-blocking or there are no findings. You can find examples for reference policies and learn how to set up and run a custom policy check for new access in the [IAM Access Analyzer custom policy checks samples](https://github.com/aws-samples/iam-access-analyzer-custom-policy-check-samples) repository on GitHub.\n\n| Arguments | Required |  Options | Description |\n| --------- | -------- | ---------| ----------- |\n| --help  | | | show this help message and exit |\n| --template-path | | FILE_NAME | The path to the Terraform plan file (JSON). |\n| --region | Yes | REGION | The destination region the resources will be deployed to. |\n| --profile | | PROFILE | The named profile to use for AWS API calls. |\n| --enable-logging | | | Enables log output to stdout |\n| --ignore-finding | | FINDING_CODE, RESOURCE_NAME, RESOURCE_NAME.FINDING_CODE | Allow validation failures to be ignored. Specify as a comma separated list of findings to be ignored. Can be individual finding codes (e.g. \"PASS_ROLE_WITH_STAR_IN_RESOURCE\"), a specific resource name (e.g. \"MyResource\"), or a combination of both separated by a period.(e.g. \"MyResource.PASS_ROLE_WITH_STAR_IN_RESOURCE\").  Names of finding codes may change in IAM Access Analyzer over time. |\n| --reference-policy | Yes | FILE_PATH.json | A JSON formatted file that specifies the path to the reference policy that is used for a permissions comparison.   |\n| --reference-policy-type | Yes | IDENTITY or RESOURCE | The policy type associated with the IAM policy under analysis and the reference policy.  |\n| --treat-findings-as-non-blocking | | | When not specified, the tool detects any findings, it will exit with a non-zero exit code. When specified, the tool exits with an exit code of 0. |\n| --exclude-resource-types | | aws_resource_type, aws_resource_type | List of comma-separated resource types. Resource types should be the same as terraform template resource names such as aws_iam_group_policy, aws_iam_role |\n| --config |Yes | FILE_NAME1, FILE_NAME2, ... | A list of config files for running this script |\n\n**check-access-not-granted**\n```\ntf-policy-validator check-access-not-granted --config iam_check/config/default.yaml --template-path iam_check/test/test_policy_accessanalyzer.json --region us-west-2 --actions lambda:invokeFunction\n```\nParses IAM identity-based and resource-based policies from Terraform templates. Then runs the policies through IAM Access Analyzer for a custom check against a list of IAM actions. Returns the findings from the custom check in JSON format. Exits with a non-zero error code if any findings categorized as blocking, based on access granted to at least one of the listed IAM actions, are found in your template. Exits with an error code of zero if all findings are non-blocking or there are no findings.\n\n| Arguments | Required |  Options | Description |\n| --------- | -------- | ---------| ----------- |\n| --help  | | | show this help message and exit |\n| --template-path | | FILE_NAME | The path to the Terraform plan file (JSON). |\n| --region | Yes | REGION | The destination region the resources will be deployed to. |\n| --profile | | PROFILE | The named profile to use for AWS API calls. |\n| --enable-logging | | | Enables log output to stdout |\n| --ignore-finding | | FINDING_CODE, RESOURCE_NAME, RESOURCE_NAME.FINDING_CODE | Allow validation failures to be ignored. Specify as a comma separated list of findings to be ignored. Can be individual finding codes (e.g. \"PASS_ROLE_WITH_STAR_IN_RESOURCE\"), a specific resource name (e.g. \"MyResource\"), or a combination of both separated by a period.(e.g. \"MyResource.PASS_ROLE_WITH_STAR_IN_RESOURCE\").  Names of finding codes may change in IAM Access Analyzer over time. |\n| --actions | Yes | ACTION,ACTION,ACTION | List of comma-separated actions. |\n| --treat-findings-as-non-blocking | | | When not specified, the tool detects any findings, it will exit with a non-zero exit code. When specified, the tool exits with an exit code of 0. |\n| --exclude-resource-types | | aws_resource_type, aws_resource_type | List of comma-separated resource types. Resource types should be the same as terraform template resource names such as aws_iam_group_policy, aws_iam_role |\n| --config |Yes | FILE_NAME1, FILE_NAME2, ... | A list of config files for running this script |\n\n### Example to check Terraform template\n```\n$ cd iam_check/test/\n$ terraform init\n$ terraform plan -out tf.plan ## generate terraform plan file\n$ terraform show -json -no-color tf.plan > tf.json ## convert plan files to machine-readable JSON files. For TF 0.12 and prior, use command `terraform show tf.plan > tf.out`\n$ cd ../..\n$ tf-policy-validator --config iam_check/config/default.yaml --template-path iam_check/test/tf.json --region us-east-1 --treat-finding-type-as-blocking ERROR # For TF 0.12 and prior, replace tf.json with tf.out\n$ tf-policy-validator check-no-new-access --config iam_check/config/default.yaml --template-path iam_check/test/test_policy_accessanalyzer.json --region us-west-2 --reference-policy-type identity --reference-policy iam_check/test/test_policy.json\n$ tf-policy-validator check-access-not-granted --config iam_check/config/default.yaml --template-path iam_check/test/test_policy_accessanalyzer.json --region us-west-2 --actions lambda:invokeFunction\n```\n\n_More examples can be found [here](iam_check/doc/)_.\n\n## Limitations\n\n1. Does not support Terraform [computed resources](https://www.terraform.io/plugin/sdkv2/schemas/schema-behaviors).\nFor example, the tool will report no IAM policy found for the following Terraform template. The policy json string is a computed resource. The plan output doesn't contain information of IAM policy document. \n\n```\nresource \"aws_s3_bucket\" \"b\" {\n  bucket = \"my-tf-test-bucket\"\n\n  tags = {\n    Name        = \"My bucket\"\n    Environment = \"Dev\"\n  }\n}\n\nresource \"aws_iam_policy\" \"policy\" {\n  name        = \"test-policy\"\n  description = \"A test policy\"\n\n  policy = jsonencode({\n    Version = \"2012-10-17\"\n    Statement = [\n      {\n        Action = [\n          \"s3:GetObject\",\n        ]\n        Effect   = \"Allow\"\n        Resource = \"${aws_s3_bucket.b.id}\"\n      }\n    ]\n  })\n}\n```\n\n## Frequently Asked Questions\n**How to run unit tests**\n```\n$ python3 -m pip install pipenv\n$ pipenv install --dev\n$ pipenv shell\n$ cd iam_check\n$ python3 -m pytest\n```\n\n## Contributors\n[Contributors](CONTRIBUTORS)\n",
    "bugtrack_url": null,
    "license": "MIT-0",
    "summary": "A command line tool that validates AWS IAM Policies in a Terraform template against AWS IAM best practices",
    "version": "0.0.7",
    "project_urls": null,
    "split_keywords": [
        "amazon",
        " aws",
        " aws-samples",
        " eks",
        " kubernetes",
        " upgrade",
        " iam_check"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "7d5ad810b892c697ecb13794e6be228f26054753d3827870dcd6538515ce75c4",
                "md5": "a3acb8d76bc3d2028b5804e53acc4666",
                "sha256": "d72e55a2a4329ad44d631114870fa49602ea0d1457aaf1222b247575c23c8179"
            },
            "downloads": -1,
            "filename": "tf_policy_validator-0.0.7-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "a3acb8d76bc3d2028b5804e53acc4666",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": "<4.0,>=3.8",
            "size": 55385,
            "upload_time": "2024-05-21T21:19:44",
            "upload_time_iso_8601": "2024-05-21T21:19:44.123943Z",
            "url": "https://files.pythonhosted.org/packages/7d/5a/d810b892c697ecb13794e6be228f26054753d3827870dcd6538515ce75c4/tf_policy_validator-0.0.7-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "37b4b75c1f9dd23771cd8a2c5fafbe4a5875660d988d7ace2feef59c42e8f02a",
                "md5": "ad4501d7118c68a082f84f519dcfc0b0",
                "sha256": "6382942c9a7740f27550deea5518dbf88ba128feac071bfc0d2002fefe4137ed"
            },
            "downloads": -1,
            "filename": "tf_policy_validator-0.0.7.tar.gz",
            "has_sig": false,
            "md5_digest": "ad4501d7118c68a082f84f519dcfc0b0",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": "<4.0,>=3.8",
            "size": 34529,
            "upload_time": "2024-05-21T21:19:45",
            "upload_time_iso_8601": "2024-05-21T21:19:45.787194Z",
            "url": "https://files.pythonhosted.org/packages/37/b4/b75c1f9dd23771cd8a2c5fafbe4a5875660d988d7ace2feef59c42e8f02a/tf_policy_validator-0.0.7.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-05-21 21:19:45",
    "github": false,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "lcname": "tf-policy-validator"
}
        
Elapsed time: 3.77613s