Skip to content

Latest commit

 

History

History
466 lines (452 loc) · 25.4 KB

README.md

File metadata and controls

466 lines (452 loc) · 25.4 KB

AWS IAM Tracker

This project collects IAM actions, AWS APIs and managed policies from various public sources.

You can explore the data collected using the static site.

Collected data is published to the policies and services folders in this repo.

Thank you to alanakirby/aktion for originally having this idea and being gracious about me shamelessly ripping it off.

Stats

  • Unique services: 412
  • Unique actions: 18102
  • Managed policies: 1285

Most common managed policy name prefixes:

Policy ARN Count
arn:aws:iam::aws:policy/AWS* 356
arn:aws:iam::aws:policy/Amazon* 324
arn:aws:iam::aws:policy/aws-service-role/* 288
arn:aws:iam::aws:policy/service-role/* 194
arn:aws:iam::aws:policy/job-function/* 7
Other 116

The following table summarises the AWS APIs.

  • The first column is the name of the API as far as IAM policies are concerned.
  • The second column is IAM actions that exactly match the names of invokable APIs exposed by AWS.
  • The third column is invokable APIs that don't have a corresponding IAM action.
  • The fourth column is IAM actions that don't have a corresponding invokable API.
Service Action/API pairs APIs without actions Actions without APIs
ec2 625 0 28
sagemaker 351 0 22
iot 262 3 22
chime 259 0 50
connect 256 0 19
glue 214 4 72
ses 193 0 0
quicksight 174 3 33
rds 162 0 6
lightsail 161 0 0
iam 159 0 17
ssm 140 0 14
lex 137 4 8
redshift 133 0 28
datazone 123 0 61
mobiletargeting 122 0 1
servicecatalog 114 0 3
s3 113 60 47
iotwireless 112 0 1
greengrass 111 0 1
cloudfront 110 1 19
gamelift 108 0 9
dms 106 0 28
cognito-idp 103 0 4
deadline 102 0 3
bedrock 97 2 39
medialive 92 0 24
config 92 0 0
backup 91 0 5
storagegateway 90 0 1
workspaces 88 0 1
proton 87 0 24
es 87 0 18
sms-voice 87 0 8
networkmanager 85 0 0
comprehend 85 0 0
workmail 84 0 42
iotsitewise 84 0 8
cloudformation 82 0 11
omics 82 0 9
waf-regional 81 0 0
macie2 81 0 0
codecommit 79 0 11
securityhub 79 0 10
personalize 78 0 5
waf 77 0 0
devicefarm 77 0 0
cleanrooms 76 0 4
appstream 75 0 5
elasticache 75 0 2
rekognition 75 0 1
logs 74 0 21
guardduty 74 0 1
opsworks 74 0 0
sso 73 0 53
frauddetector 73 0 1
imagebuilder 73 0 0
wellarchitected 72 0 1
mgn 70 0 34
route53 70 0 0
athena 68 0 11
route53resolver 68 0 0
ds 67 0 14
elasticloadbalancing 66 0 5
kendra 66 0 0
clouddirectory 66 0 0
forecast 65 0 5
autoscaling 65 0 0
appsync 64 0 19
lambda 63 3 7
ivs 63 0 5
directconnect 63 0 0
auditmanager 62 0 0
transfer 60 0 1
geo 60 0 0
datasync 60 0 0
inspector2 59 0 0
workspaces-web 58 0 3
robomaker 57 0 2
events 57 0 2
dynamodb 56 5 15
elasticmapreduce 56 0 26
ecs 56 0 5
eks 56 0 1
globalaccelerator 56 0 0
qbusiness 55 0 13
resiliencehub 55 0 8
redshift-serverless 55 0 1
organizations 55 0 0
wafv2 54 0 2
lakeformation 52 3 1
kms 52 1 3
profile 52 0 15
iotfleetwise 52 0 6
kafka 52 0 0
vpc-lattice 51 1 0
mediaconnect 51 0 4
drs 50 0 40
finspace 50 0 9
codebuild 50 0 8
license-manager 50 0 0
nimble 49 0 2
lookoutequipment 49 0 0
cloudtrail 48 1 14
codeartifact 48 0 3
wisdom 47 0 45
ecr 47 0 4
elasticbeanstalk 47 0 3
codedeploy 47 0 1
transcribe 46 0 3
fsx 45 0 8
appconfig 45 0 2
workdocs 44 0 17
mediatailor 44 0 0
databrew 44 0 0
codepipeline 43 0 0
fms 42 0 0
sns 41 1 0
ce 41 0 12
kinesisvideo 40 0 4
iottwinmaker 40 0 0
swf 39 0 12
ssm-contacts 39 0 1
mechanicalturk 39 0 0
cloudwatch 38 0 16
appmesh 38 0 4
memorydb 38 0 1
iotevents 38 0 1
evidently 38 0 0
apprunner 37 0 5
states 37 0 2
aoss 37 0 2
inspector 37 0 0
amplify 37 0 0
entityresolution 36 0 3
shield 36 0 0
network-firewall 36 0 0
sms 35 0 2
panorama 34 0 2
cases 34 0 1
route53domains 34 0 0
ram 34 0 0
m2 34 0 0
iotanalytics 34 0 0
access-analyzer 33 2 2
worklink 33 0 1
kinesisanalytics 33 0 1
applicationinsights 33 0 1
tnb 33 0 0
groundstation 33 0 0
glacier 33 0 0
route53-recovery-readiness 32 0 0
kinesis 32 0 0
billingconductor 32 0 0
elasticfilesystem 31 0 7
outposts 31 0 4
migrationhub-orchestrator 31 0 3
payment-cryptography 31 0 1
ssm-incidents 31 0 0
securitylake 31 0 0
schemas 31 0 0
devops-guru 31 0 0
amplifybackend 31 0 0
xray 30 0 13
dataexchange 30 0 10
rolesanywhere 30 0 0
lookoutmetrics 30 0 0
timestream 29 1 8
voiceid 29 0 2
mediaconvert 29 0 1
detective 28 1 8
cloudsearch 28 1 4
discovery 28 0 1
amplifyuibuilder 28 0 1
machinelearning 28 0 0
codestar-connections 27 0 11
codeconnections 27 0 11
managedblockchain 27 0 7
b2bi 27 0 3
snowball 27 0 0
servicediscovery 27 0 0
aps 26 0 17
chatbot 26 0 13
compute-optimizer 26 0 2
private-networks 26 0 0
mediastore 26 0 0
iot1click 26 0 0
appfabric 26 0 0
comprehendmedical 25 1 0
cleanrooms-ml 25 0 33
appflow 25 0 6
backup-gateway 25 0 2
textract 25 0 0
pca-connector-ad 25 0 0
grafana 25 0 0
batch 25 0 0
verifiedpermissions 24 2 0
mediapackagev2 24 0 8
fis 24 0 5
route53-recovery-control-config 24 0 1
refactor-spaces 24 0 0
apptest 24 0 0
controltower 23 0 42
qapps 23 0 19
cognito-identity 23 0 3
mq 23 0 1
secretsmanager 23 0 0
emr-containers 23 0 0
ecr-public 23 0 0
codeguru-profiler 23 0 0
acm-pca 23 0 0
connect-campaigns 22 0 13
migrationhub-strategy 22 0 9
lookoutvision 22 0 3
aws-marketplace 21 1 36
qldb 21 0 14
dax 21 0 9
app-integrations 21 0 7
resource-explorer-2 21 0 6
ssm-sap 21 0 3
synthetics 21 0 0
mgh 21 0 0
sqs 20 3 0
datapipeline 19 0 2
translate 19 0 0
signer 19 0 0
servicequotas 19 0 0
sagemaker-geospatial 19 0 0
opsworks-cm 19 0 0
mediapackage 19 0 0
identitystore 19 0 0
cloudhsm 18 18 0
resource-groups 18 0 11
codestar 18 0 4
medical-imaging 18 0 3
cognito-sync 17 0 2
rum 17 0 0
mediapackage-vod 17 0 0
ivschat 17 0 0
elastictranscoder 17 0 0
neptune-db 16 24 17
support 16 0 9
docdb-elastic 16 0 3
thinclient 16 0 2
route53profiles 16 0 2
emr-serverless 16 0 2
internetmonitor 16 0 1
simspaceweaver 16 0 0
kafkaconnect 16 0 0
application-signals 15 0 1
oam 15 0 0
acm 15 0 0
codeguru-reviewer 14 0 3
serverlessrepo 14 0 1
osis 14 0 1
iotdeviceadvisor 14 0 0
health 14 0 0
cloud9 13 0 17
healthlake 13 0 11
braket 13 0 4
codeguru-security 13 0 2
application-autoscaling 13 0 1
snow-device-management 13 0 0
pi 13 0 0
codestar-notifications 13 0 0
arc-zonal-shift 13 0 0
launchwizard 12 0 25
account 12 0 4
scheduler 12 0 0
pca-connector-scep 12 0 0
networkmonitor 12 0 0
firehose 12 0 0
bcm-data-exports 12 0 0
budgets 11 15 2
trustedadvisor 11 0 41
license-manager-user-subscriptions 11 0 6
repostspace 11 0 2
airflow 11 0 1
timestream-influxdb 11 0 0
license-manager-linux-subscriptions 11 0 0
supportapp 10 0 3
sdb 10 0 0
savingsplans 10 0 0
redshift-data 10 0 0
rbin 10 0 0
pipes 10 0 0
polly 9 0 0
managedblockchain-query 9 0 0
kendra-ranking 9 0 0
sts 8 0 5
tag 8 0 0
iotfleethub 8 0 0
dlm 8 0 0
tax 7 0 10
cur 7 0 5
cost-optimization-hub 7 0 0
artifact 6 0 4
elastic-inference 6 0 1
rds-data 6 0 0
importexport 6 0 0
ebs 6 0 0
autoscaling-plans 6 0 0
application-cost-profiler 6 0 0
s3-outposts 5 0 43
pricing 5 0 0
route53-recovery-cluster 4 0 0
scn 3 0 24
controlcatalog 3 0 2
cassandra 2 12 15
ec2-instance-connect 2 0 1
workmailmessageflow 2 0 0
marketplacecommerceanalytics 2 0 0
finspace-api 1 30 0
sso-oauth 1 3 0
mobileanalytics 1 0 2
freetier 1 0 2
eks-auth 1 0 0
cloudtrail-data 1 0 0
apigateway 0 152 9
iotthingsgraph 0 35 0
execute-api 0 12 3
cloudcontrolapi 0 8 0
IoTSecuredTunneling 0 8 0
awsssoportal 0 4 0
a4b 0 0 96
sqlworkbench 0 0 79
iq 0 0 63
sso-directory 0 0 56
deepracer 0 0 53
sagemaker-mlflow 0 0 52
appmesh-preview 0 0 39
neptune-graph 0 0 32
honeycode 0 0 30
codecatalyst 0 0 30
one 0 0 27
s3-object-lambda 0 0 26
vendor-insights 0 0 24
payments 0 0 24
deeplens 0 0 24
q 0 0 22
notifications 0 0 21
freertos 0 0 20
pcs 0 0 19
kafka-cluster 0 0 19
monitron 0 0 18
deepcomposer 0 0 18
codewhisperer 0 0 18
ds-data 0 0 17
bugbust 0 0 17
partnercentral 0 0 16
groundtruthlabeling 0 0 16
backup-storage 0 0 15
purchase-orders 0 0 14
elemental-appliances-software 0 0 14
application-transformation 0 0 14
social-messaging 0 0 13
identity-sync 0 0 13
elemental-activations 0 0 13
dbqms 0 0 13
billing 0 0 13
aws-marketplace-management 0 0 13
ssm-quicksetup 0 0 12
sagemaker-groundtruth-synthetic 0 0 12
s3express 0 0 11
cloudshell 0 0 10
ts 0 0 9
notifications-contacts 0 0 9
iq-permission 0 0 9
aws-portal 0 0 9
wickr 0 0 8
activate 0 0 8
networkmanager-chat 0 0 7
geo-places 0 0 7
user-subscriptions 0 0 6
ec2messages 0 0 6
cloudfront-keyvaluestore 0 0 6
tiros 0 0 5
supportplans 0 0 5
iot-device-tester 0 0 5
geo-routes 0 0 5
elemental-support-cases 0 0 5
customer-verification 0 0 5
appstudio 0 0 5
ssmmessages 0 0 4
ssm-guiconnect 0 0 4
iotjobsdata 0 0 4
invoicing 0 0 4
codedeploy-commands-secure 0 0 4
a2c 0 0 4
resource-explorer 0 0 3
partnercentral-account-management 0 0 3
mapcredits 0 0 3
identitystore-auth 0 0 3
awsconnector 0 0 3
vpc-lattice-svcs 0 0 2
supportrecommendations 0 0 2
signin 0 0 2
geo-maps 0 0 2
consolidatedbilling 0 0 2
consoleapp 0 0 2
wam 0 0 1
verified-access 0 0 1
sustainability 0 0 1
serviceextract 0 0 1
rhelkb 0 0 1
rds-db 0 0 1
opensearch 0 0 1
mediaimport 0 0 1
inspector-scan 0 0 1
elemental-support-content 0 0 1
codeguru 0 0 1
arsenal 0 0 1

Most common action prefixes:

Prefix Count
List 2924
Get 2664
Delete 2085
Create 1942
Describe 1750
Update 1665
Put 499
Start 417
Tag 279
Untag 275