Discover Permissive Inline Policies
Discover overly permissive inline IAM policies.
This action has two modes of operation:
Normal (default): permissive if any action contains * and resource is *
Strict: permissive if any action contains * or resource is *
This action only evaluates inline policies. Use discover_permissive_policies for managed policies.
Usage
Input
| Parameter | Description | Type | Required | Default value |
|---|---|---|---|---|
focus | Resource types to focus on user, group, role | list(string) | No | All |
strict | Determine mode of evaluation If set, any permissive Action or Resource is a violation Otherwise, any permissive Action and Resource is a violation | bool | No | False |
region | Region for operation | string | No | Session default |
debug | Increase log verbosity | bool | No | False |
silent | Decrease log verbosity | bool | No | False |
output | Output format table | string | No | None |
session | Established session | object | No | None |
Output
Returns a list of dictionaries containing discovered policies:
[
{
"Type": "User",
"Entity": "some-username",
"Policy": "some-policy-name"
}
]