Skip to content
/ trailpolicy Public

Derive an AWS IAM Policy Document from actions found within Cloudtrail logs

15 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rcaught/trailpolicy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

68 Commits
cmd/trailpolicy
cmd/trailpolicy
 
 
fixtures
fixtures
 
 
.travis.yml
.travis.yml
 
 
README.md
README.md
 
 
trailpolicy.go
trailpolicy.go
 
 
trailpolicy_test.go
trailpolicy_test.go
 
 

Repository files navigation

trailpolicy Build Status GoDoc

Derive an AWS IAM Policy Document from actions found within Cloudtrail logs.

Installation

Go
$ go get github.com/rcaught/trailpolicy/...
MacOS
$ curl -Ls https://github.com/rcaught/trailpolicy/releases/latest/download/macos.zip > /tmp/trailpolicy.zip
$ unzip /tmp/trailpolicy.zip -d /usr/local/bin
Linux
$ curl -Ls https://github.com/rcaught/trailpolicy/releases/latest/download/linux.zip > /tmp/trailpolicy.zip
$ unzip /tmp/trailpolicy.zip -d /usr/local/bin

Usage

$ cat cloudtrail.log | trailpolicy > policydocument.json

Example

$ cat cloudtrail.log
{
    "Records": [{
        "eventVersion": "1.0",
        "userIdentity": {
            "type": "IAMUser",
            "principalId": "EX_PRINCIPAL_ID",
            "arn": "arn:aws:iam::123456789012:user/Alice",
            "accountId": "123456789012",
            "accessKeyId": "EXAMPLE_KEY_ID",
            "userName": "Alice"
        },
        "eventTime": "2014-03-06T21:01:59Z",
        "eventSource": "ec2.amazonaws.com",
        "eventName": "StopInstances",
        "awsRegion": "us-west-2",
        "sourceIPAddress": "205.251.233.176",
        "userAgent": "ec2-api-tools 1.6.12.2",
        "requestParameters": {
            "instancesSet": {
                "items": [{
                    "instanceId": "i-ebeaf9e2"
                }]
            },
            "force": false
        },
        "responseElements": {
            "instancesSet": {
                "items": [{
                    "instanceId": "i-ebeaf9e2",
                    "currentState": {
                        "code": 64,
                        "name": "stopping"
                    },
                    "previousState": {
                        "code": 16,
                        "name": "running"
                    }
                }]
            }
        }
    }
  ]
}

$ cat cloudtrail.log | trailpolicy
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:StopInstances"
      ],
      "Resource": "*"
    }
  ]
}

About

Derive an AWS IAM Policy Document from actions found within Cloudtrail logs

Resources

Readme
Activity

Stars

15 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases 3

0.1.1 Latest
Mar 2, 2019
+ 2 releases

Packages

No packages published

Languages