From ec1bd9d1721b5ed76cba7cfbd6b587c8da1b5f2d Mon Sep 17 00:00:00 2001
From: Fotis Papadamis <fpapadamis@convertgroup.com>
Date: Fri, 24 Mar 2023 18:24:02 +0200
Subject: [PATCH] Added support for AWS IAM Policies

---
 providers/aws/aws.go          |  1 +
 providers/aws/iam/policies.go | 82 +++++++++++++++++++++++++++++++++++
 2 files changed, 83 insertions(+)
 create mode 100644 providers/aws/iam/policies.go

diff --git a/providers/aws/aws.go b/providers/aws/aws.go
index 644c98599..93500f9a8 100644
--- a/providers/aws/aws.go
+++ b/providers/aws/aws.go
@@ -41,6 +41,7 @@ func listOfSupportedServices() []providers.FetchDataFunction {
 		iam.InstanceProfiles,
 		iam.OIDCProviders,
 		iam.Groups,
+		iam.Policies,
 		sqs.Queues,
 		s3.Buckets,
 		ec2.Instances,
diff --git a/providers/aws/iam/policies.go b/providers/aws/iam/policies.go
new file mode 100644
index 000000000..9add650e9
--- /dev/null
+++ b/providers/aws/iam/policies.go
@@ -0,0 +1,82 @@
+package iam
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	log "github.com/sirupsen/logrus"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/iam"
+	. "github.com/tailwarden/komiser/models"
+	. "github.com/tailwarden/komiser/providers"
+)
+
+func Policies(ctx context.Context, client ProviderClient) ([]Resource, error) {
+	resources := make([]Resource, 0)
+	var configPolicies iam.ListPoliciesInput
+	var configTags iam.ListPolicyTagsInput
+	iamClient := iam.NewFromConfig(*client.AWSClient)
+
+	for {
+		outputPolicies, err := iamClient.ListPolicies(ctx, &configPolicies)
+		if err != nil {
+			return resources, err
+		}
+
+		for _, policy := range outputPolicies.Policies {
+			tags := make([]Tag, 0)
+			for {
+				configTags.PolicyArn = policy.Arn
+				outputPolicyTags, err := iamClient.ListPolicyTags(ctx, &configTags)
+				if err != nil {
+					return resources, err
+				}
+
+				for _, t := range outputPolicyTags.Tags {
+					tags = append(tags, Tag{
+						Key:   *t.Key,
+						Value: *t.Value,
+					})
+				}
+
+				if aws.ToString(outputPolicyTags.Marker) == "" {
+					break
+				}
+
+				configTags.Marker = outputPolicyTags.Marker
+			}
+
+			resources = append(resources, Resource{
+				Provider:   "AWS",
+				Account:    client.Name,
+				Service:    "IAM Policy",
+				ResourceId: *policy.Arn,
+				Region:     client.AWSClient.Region,
+				Name:       *policy.PolicyName,
+				Cost:       0,
+				CreatedAt:  *policy.CreateDate,
+				Tags:       tags,
+				FetchedAt:  time.Now(),
+				Link:       fmt.Sprintf("https://%s.console.aws.amazon.com/iam/home#/policies/%s", client.AWSClient.Region, *policy.Arn),
+			})
+		}
+
+		if aws.ToString(outputPolicies.Marker) == "" {
+			break
+		}
+
+		configPolicies.Marker = outputPolicies.Marker
+	}
+
+	log.WithFields(log.Fields{
+		"provider":  "AWS",
+		"account":   client.Name,
+		"region":    client.AWSClient.Region,
+		"service":   "IAM Policy",
+		"resources": len(resources),
+	}).Info("Fetched resources")
+
+	return resources, nil
+}