Discover Permissive Policies
Discover overly permissive IAM policies.
This action has two modes of operation:
Normal (default): permissive if any action contains * and resource is *
Strict: permissive if any action contains * or resource is *
This action does not evaluate inline policies. Use discover_permissive_inline_policies for that.
Usage
Input
| Parameter | Description | Type | Required | Default value |
|---|---|---|---|---|
strict | Determine mode of evaluation. If set, any permissive Action or Resource is a violation. Otherwise, any permissive Action and Resource is a violation. | bool | No | False |
region | Region for operation | string | No | Session default |
debug | Increase log verbosity | bool | No | False |
silent | Decrease log verbosity | bool | No | False |
output | Output format table | string | No | None |
session | Established session | object | No | None |
Output
Returns a list of discovered policy names:
['PolicyName1', 'PolicyName2']