Comments (5)
I hadn't noticed this API before. It definitely would knock out a bunch of the work that goes into the graphing portion. The only concern I have is scaling, but the API hints that pagination is available.
from pmapper.
Yeah, I had just been using the CLI before. Trying it with the API it really was 13 pages. Still not bad for 600 roles and associated policies.
Not the most elegant, but easy to reason about. All these accumulate independently over the pages.
def do_pull():
# temporary accumulator variables
UserDetailList = []
GroupDetailList = []
RoleDetailList = []
Policies = []
for res in iam.get_paginator('get_account_authorization_details').paginate():
UserDetailList.extend(res['UserDetailList'])
GroupDetailList.extend(res['GroupDetailList'])
RoleDetailList.extend(res['RoleDetailList'])
Policies.extend(res['Policies'])
return {
'UserDetailList': UserDetailList,
'GroupDetailList': GroupDetailList,
'RoleDetailList': RoleDetailList,
'Policies': Policies,
}
from pmapper.
Aiming to fix this with #36 and deploy the change in the next micro version.
from pmapper.
Looping back around here, I think I'm gonna aim to implement this now in v1.1.0 to address #41 since the iam:ListUsers
API ain't gonna return it.
from pmapper.
Completed in 5828a87 for eventual release of v1.1.0.
from pmapper.
Related Issues (20)
- PMapper 1.1.5 builds edges that include role/AWSServiceRoleForSupport when performing authorization checks HOT 10
- Terraform Plans HOT 2
- Graph Deletion HOT 1
- Local user who can assume an admin role not in graph HOT 6
- Stuck at Generating Edges based on lambda data HOT 1
- MFA requirements in roles can lead to misleading results
- can_privesc() method only returns one edge_list ?
- Traceback when doing connected query for role that does not exist
- FileNotFoundError in graph_cli
- Exception When Policy is Only Used as Permission Boundary HOT 1
- Permission boundaries not considered when querying
- Python 3.10 fails to run HOT 1
- Does not run in 3.11 due to mapping import error HOT 1
- iam:ListAccessKeys denied exception in gathering.py
- Stack trace on incorrect PMAPPER_STORAGE environment variable
- Stack trace on missing credentials
- Crash while scanning principals that use deprecated permission policies HOT 3
- Performance issues scanning large accounts HOT 8
- AWS Policy with minimal permissions
- Collections Module issue in Python 3.10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pmapper.