Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redo IAM <-> API translation #21

Open
0xdabbad00 opened this issue Jul 13, 2018 · 2 comments
Open

Redo IAM <-> API translation #21

0xdabbad00 opened this issue Jul 13, 2018 · 2 comments

Comments

@0xdabbad00
Copy link
Collaborator

I've learned a lot more about IAM vs API naming since the initial development of CloudTracker and recorded those here: https://summitroute.com/blog/2018/06/28/aws_iam_vs_api_vs_cloudtrail/

I should download the list of IAM privileges from the Policy Generator and the list of API calls and make a giant dictionary. Additionally Will Bengtson has mentioned to me he has a way of generating the CloudTrail logs for all of the calls to ensure the naming is accurate between all 3 places. This should probably just look like:

{
  api: '',
  cloudtrail: '',
  iam: '',
  data = False
}

Where data would mean whether or not you need data level logging turned on.
@0xdabbad00
Copy link
Collaborator Author

This issue is mostly dependent on willbengtson/trailblazer-aws#2

@0xdabbad00
Copy link
Collaborator Author

Some of this is also currently broken, for example for S3 if a user has s3:* and has not called ListBuckets, you end up with: ? s3:listallmybuckets, which is wrong as that action is recorded, so it should be - s3:listallmybuckets. If they have used that call, then the results show up correctly as s3:listallmybuckets

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@0xdabbad00