Minify IAM actions using wildcards to save up as many characters as possible without granting unintended permissions
Optimize long AWS IAM policies by strategically using wildcards, reducing the number of characters, and maintaining the intended scope of permissions.
When crafting long and complex AWS IAM customer-managed policies, the 6,144 character limit imposed by AWS can become a problem. While one approach to address this limitation is to split a long policy into multiple customer-managed policies, this may not always be the ideal solution. In such scenarios, it's possible to reduce the length of a policy by strategically using wildcards where possible.
The iam-minify-er traverses through a list of IAM actions defined in a policy, identifies optimal locations for wildcards, and effectively reduces the character count while maintaining the intended permission scope.
python -m pip install iam-minify
iam-minify example-policy.jsonThe script will traverse though all policy statemends defined in the policy document, and optimise IAM actions within the same statement. It processes different policy statements in isolation in order to not grant unintended access to resources.
s3:Get* will work while s3:*Object will throw an error.Consider the following IAM policy:
// ./example-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAccessPoints",
"s3:ListAccessPointsForObjectLambda",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListBucketVersions",
"s3:ListJobs",
"s3:ListMultipartUploadParts",
"s3:ListMultiRegionAccessPoints"
"s3:ListStorageLensConfigurations",
],
"Resource": "*"
}
]
}
Executing iam-minify example-policy.json will output the following result:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAccessP*",
"s3:ListAl*",
"s3:ListB*",
"s3:ListJ*",
"s3:ListM*",
"s3:ListStorageLensC*"
],
"Resource": "*"
}
]
}
FAQs
Minify IAM actions using wildcards to save up as many characters as possible without granting unintended permissions
We found that iam-minify demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
Security News
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.