glassechidna/trackiam glassechidna/trackiam

  • Stars
    star
    278
  • Rank 143,863 (Top 3 %)
  • Language
    Go
  • Created over 4 years ago
  • Updated 23 days ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
glassechidna/trackiam
github

glassechidna

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A project to collate IAM actions, AWS APIs and managed policies from various public sources.

AWS IAM Tracker

This project collects IAM actions, AWS APIs and managed policies from various public sources.

You can explore the data collected using the static site.

Collected data is published to the policies and services folders in this repo.

Thank you to alanakirby/aktion for originally having this idea and being gracious about me shamelessly ripping it off.

Stats

  • Unique services: 370
  • Unique actions: 15242
  • Managed policies: 1106

Most common managed policy name prefixes:

Policy ARN Count
arn:aws:iam::aws:policy/AWS* 300
arn:aws:iam::aws:policy/Amazon* 287
arn:aws:iam::aws:policy/aws-service-role/* 245
arn:aws:iam::aws:policy/service-role/* 174
arn:aws:iam::aws:policy/job-function/* 7
Other 93

The following table summarises the AWS APIs.

  • The first column is the name of the API as far as IAM policies are concerned.
  • The second column is IAM actions that exactly match the names of invokable APIs exposed by AWS.
  • The third column is invokable APIs that don't have a corresponding IAM action.
  • The fourth column is IAM actions that don't have a corresponding invokable API.
Service Action/API pairs APIs without actions Actions without APIs
ec2 594 0 15
sagemaker 317 0 12
iot 257 3 9
chime 253 0 50
glue 198 4 13
connect 197 0 8
iam 159 0 12
lightsail 159 0 0
quicksight 155 3 28
ses 144 0 0
rds 141 0 5
ssm 138 0 10
redshift 123 0 18
lex 122 2 8
mobiletargeting 122 0 1
servicecatalog 114 0 0
greengrass 111 0 1
iotwireless 109 0 1
cloudfront 104 2 7
gamelift 104 0 0
cognito-idp 101 0 4
a4b 93 0 3
config 92 0 0
storagegateway 90 0 1
s3 85 58 45
networkmanager 85 0 0
proton 84 3 24
comprehend 84 0 0
waf-regional 81 0 0
workmail 80 0 51
macie2 79 0 0
dms 78 0 55
es 78 0 10
codecommit 77 0 11
waf 77 0 0
devicefarm 77 0 0
appstream 75 0 1
opsworks 74 0 0
iotsitewise 73 0 1
frauddetector 73 0 1
backup 72 0 2
rekognition 72 0 1
omics 72 0 0
personalize 71 1 0
route53 70 0 0
cloudformation 69 0 12
guardduty 68 0 1
athena 68 0 1
securityhub 67 0 10
ds 67 0 6
kendra 66 0 0
clouddirectory 66 0 0
mgn 65 0 34
forecast 65 0 5
workspaces 65 0 1
elasticache 65 0 1
autoscaling 65 0 0
lambda 63 3 5
route53resolver 63 0 0
directconnect 63 0 0
auditmanager 62 0 0
appsync 60 0 6
medialive 59 3 0
workspaces-web 58 0 0
transfer 58 0 0
geo 58 0 0
robomaker 57 0 2
datasync 57 0 0
ecs 56 0 2
events 56 0 1
wellarchitected 56 0 0
imagebuilder 56 0 0
organizations 55 0 0
elasticmapreduce 54 0 26
elasticloadbalancing 54 0 1
wafv2 53 0 2
dynamodb 52 5 13
resiliencehub 52 0 0
vpc-lattice 51 1 0
logs 51 0 9
mediaconnect 50 0 3
license-manager 50 0 0
iotfleetwise 50 0 0
kms 49 1 3
nimble 49 0 2
profile 49 0 0
globalaccelerator 49 0 0
sms-voice 48 0 0
drs 47 0 40
elasticbeanstalk 47 0 3
codedeploy 47 0 1
cloudtrail 46 0 5
codebuild 45 0 8
kafka 45 0 0
inspector2 45 0 0
appconfig 45 0 0
lakeformation 44 3 1
workdocs 44 0 14
mediatailor 44 0 0
databrew 44 0 0
transcribe 42 0 3
fms 42 0 0
sns 41 1 0
fsx 41 0 5
ecr 41 0 2
ivs 40 2 0
kinesisvideo 40 0 3
redshift-serverless 40 0 0
ssm-contacts 39 0 1
mechanicalturk 39 0 0
codepipeline 39 0 0
codeartifact 38 0 3
memorydb 38 0 1
iotevents 38 0 1
cloudwatch 38 0 1
appmesh 38 0 1
evidently 38 0 0
sso 37 0 55
swf 37 0 12
ce 37 0 12
inspector 37 0 0
cleanrooms 37 0 0
amplify 37 0 0
shield 36 0 0
network-firewall 36 0 0
apprunner 35 0 5
sms 35 0 2
eks 35 0 1
finspace 34 0 9
panorama 34 0 2
states 34 0 0
route53domains 34 0 0
ram 34 0 0
iottwinmaker 34 0 0
iotanalytics 34 0 0
worklink 33 0 1
gamesparks 33 0 1
tnb 33 0 0
lookoutequipment 33 0 0
groundstation 33 0 0
glacier 33 0 0
cloudhsm 33 0 0
route53-recovery-readiness 32 0 0
m2 32 0 0
aoss 31 0 2
kinesisanalytics 31 0 1
wisdom 31 0 0
schemas 31 0 0
payment-cryptography 31 0 0
devops-guru 31 0 0
billingconductor 31 0 0
amplifybackend 31 0 0
elasticfilesystem 30 0 5
xray 30 0 3
lookoutmetrics 30 0 0
cases 30 0 0
voiceid 29 0 2
dataexchange 29 0 2
ssm-incidents 29 0 0
kinesis 29 0 0
cloudsearch 28 1 4
migrationhub-orchestrator 28 0 3
securitylake 28 0 0
rolesanywhere 28 0 0
mediaconvert 28 0 0
machinelearning 28 0 0
access-analyzer 28 0 0
timestream 27 1 8
managedblockchain 27 0 3
applicationinsights 27 0 1
outposts 26 0 2
snowball 26 0 0
servicediscovery 26 0 0
private-networks 26 0 0
mediastore 26 0 0
iot1click 26 0 0
appfabric 26 0 0
comprehendmedical 25 1 0
appflow 25 0 6
backup-gateway 25 0 2
discovery 25 0 1
mediapackagev2 24 0 3
verifiedpermissions 24 0 0
refactor-spaces 24 0 0
batch 24 0 0
detective 23 1 7
route53-recovery-control-config 23 0 1
ecr-public 23 0 0
cognito-identity 23 0 0
codeguru-profiler 23 0 0
acm-pca 23 0 0
mq 22 1 1
lookoutvision 22 0 3
secretsmanager 22 0 0
connect-campaigns 22 0 0
aps 21 0 16
qldb 21 0 14
dax 21 0 9
migrationhub-strategy 21 0 7
synthetics 21 0 0
compute-optimizer 21 0 0
amplifyuibuilder 20 5 1
sqs 20 3 0
mgh 20 0 0
iotroborunner 20 0 0
emr-containers 20 0 0
datapipeline 19 0 2
translate 19 0 0
signer 19 0 0
servicequotas 19 0 0
sagemaker-geospatial 19 0 0
resource-explorer-2 19 0 0
opsworks-cm 19 0 0
mediapackage 19 0 0
identitystore 19 0 0
codestar 18 0 4
resource-groups 18 0 1
grafana 18 0 0
aws-marketplace 17 0 34
ssm-sap 17 0 3
cognito-sync 17 0 2
rum 17 0 0
mediapackage-vod 17 0 0
ivschat 17 0 0
elastictranscoder 17 0 0
support 16 0 8
fis 16 0 3
simspaceweaver 16 0 0
honeycode 15 0 15
app-integrations 15 0 4
oam 15 0 0
emr-serverless 15 0 0
acm 15 0 0
codeguru-reviewer 14 0 3
serverlessrepo 14 0 1
osis 14 0 1
iotdeviceadvisor 14 0 0
cloud9 13 0 17
healthlake 13 0 7
codeguru-security 13 0 2
textract 13 0 0
snow-device-management 13 0 0
health 13 0 0
docdb-elastic 13 0 0
codestar-notifications 13 0 0
braket 13 0 0
application-autoscaling 13 0 0
codestar-connections 12 0 9
scheduler 12 0 0
kafkaconnect 12 0 0
firehose 12 0 0
license-manager-user-subscriptions 11 0 0
airflow 11 0 0
supportapp 10 0 3
sdb 10 0 0
redshift-data 10 0 0
rbin 10 0 0
pipes 10 0 0
internetmonitor 10 0 0
account 9 0 4
savingsplans 9 0 0
polly 9 0 0
kendra-ranking 9 0 0
budgets 8 15 2
mobilehub 8 1 15
backup-storage 8 1 7
sts 8 0 3
tag 8 0 0
iotfleethub 8 0 0
dlm 8 0 0
elastic-inference 6 0 1
rds-data 6 0 0
pi 6 0 0
importexport 6 0 0
ebs 6 0 0
autoscaling-plans 6 0 0
arc-zonal-shift 6 0 0
application-cost-profiler 6 0 0
s3-outposts 5 0 43
pricing 5 0 0
controltower 4 0 38
cur 4 0 5
route53-recovery-cluster 4 0 0
license-manager-linux-subscriptions 4 0 0
cassandra 2 11 15
ec2-instance-connect 2 0 1
workmailmessageflow 2 0 0
marketplacecommerceanalytics 2 0 0
finspace-api 1 30 0
mobileanalytics 1 0 2
cloudtrail-data 1 0 0
apigateway 0 152 9
iotthingsgraph 0 35 0
execute-api 0 11 3
cloudcontrolapi 0 8 0
IoTSecuredTunneling 0 8 0
macie 0 7 0
awsssoportal 0 4 0
awsssooidc 0 3 0
sqlworkbench 0 0 68
iq 0 0 63
sso-directory 0 0 52
deepracer 0 0 50
trustedadvisor 0 0 40
appmesh-preview 0 0 36
neptune-db 0 0 33
datazonecontrol 0 0 29
chatbot 0 0 28
s3-object-lambda 0 0 26
deeplens 0 0 24
vendor-insights 0 0 23
notifications 0 0 21
launchwizard 0 0 20
freertos 0 0 20
kafka-cluster 0 0 19
deepcomposer 0 0 18
elemental-appliances-software 0 0 17
bugbust 0 0 17
bedrock 0 0 17
purchase-orders 0 0 14
codecatalyst 0 0 14
scn 0 0 13
dbqms 0 0 13
billing 0 0 13
aws-marketplace-management 0 0 13
tax 0 0 12
sagemaker-groundtruth-synthetic 0 0 12
monitron 0 0 12
identity-sync 0 0 12
elemental-activations 0 0 10
notifications-contacts 0 0 9
cloudshell 0 0 9
aws-portal 0 0 9
iq-permission 0 0 8
codewhisperer 0 0 8
artifact 0 0 8
activate 0 0 8
wickr 0 0 7
payments 0 0 7
ec2messages 0 0 6
tiros 0 0 5
iot-device-tester 0 0 5
groundtruthlabeling 0 0 5
elemental-support-cases 0 0 5
datazone 0 0 5
supportplans 0 0 4
ssmmessages 0 0 4
iotjobsdata 0 0 4
invoicing 0 0 4
customer-verification 0 0 4
codedeploy-commands-secure 0 0 4
a2c 0 0 4
ssm-guiconnect 0 0 3
resource-explorer 0 0 3
identitystore-auth 0 0 3
freetier 0 0 3
awsconnector 0 0 3
consolidatedbilling 0 0 2
consoleapp 0 0 2
wam 0 0 1
vpc-lattice-svcs 0 0 1
verified-access 0 0 1
sustainability 0 0 1
serviceextract 0 0 1
rhelkb 0 0 1
rds-db 0 0 1
mediaimport 0 0 1
elemental-support-content 0 0 1
codeguru 0 0 1
arsenal 0 0 1

Most common action prefixes:

Prefix Count
List 2380
Get 2150
Delete 1733
Create 1623
Describe 1621
Update 1378
Put 428
Start 334
Tag 242
Untag 239

More Repositories

1

zxing-cpp

ZXing C++ Library
C++
587
star
2

serverlessish

Run the same Docker images in AWS Lambda and AWS ECS
Go
187
star
3

actions2aws

Assume AWS IAM roles from GitHub Actions workflows with no stored secrets
174
star
4

ec2connect

Go
59
star
5

ssmcfn

SSM Parameter Store custom resource for CloudFormation templates
52
star
6

zxing_cpp.rb

ZXing Ruby bindings for the ZXing C++ library.
Ruby
49
star
7

lastkeypair

A serverless SSH certificate authority to control access to machines using IAM and Lambda
Go
48
star
8

efsu

efsu is for accessing AWS EFS from your machine without a VPN
Go
42
star
9

ghaoidc

Assumes roles in AWS that have useful role session tags
Go
41
star
10

pstore

Environment variable-based AWS Parameter Store command shim
Go
38
star
11

lambdalite3

Go
36
star
12

stackit

Cross-platform CloudFormation CLI tool for easy synchronous and idempotent stack updates
Go
36
star
13

dokku-graduate

A simple environment life-cycle management plugin for Dokku.
Shell
30
star
14

go-kms-signer

A KMS-powered ssh-agent (and its underlying Golang package)
Go
27
star
15

lambdaeip

Internet connectivity for your VPC-attached Lambda functions without a NAT Gateway
Go
26
star
16

sam-alb

Support for Application Load Balancers in the AWS SAM framework
Go
18
star
17

cbactions

Run your GitHub Actions in AWS CodeBuild
Go
17
star
18

resharper-action

JetBrains ReSharper action for GitHub Actions
Go
15
star
19

awsweb

Go
14
star
20

kms-host-key

An easy way to give all your EC2 instances SSH host certificates
Go
14
star
21

practical-react-ssr

A React SSR template designed for real-world use.
JavaScript
12
star
22

gossm

Cross-platform CLI tool to make remote command execution in AWS a breeze
Go
12
star
23

dynamo

Dead-simple AWS DynamoDB CLI
Go
10
star
24

config2jsonlines

Transform AWS Config snapshots to a more AWS Athena-friendly format.
Go
10
star
25

whodunnit

Useful AWS access key attribution tool
Go
9
star
26

ecs-run-task

Go
9
star
27

stackprofiler

Web UI for Ruby sampling profiler
Ruby
7
star
28

awsiot

Go
7
star
29

fwdform2

A simple server for forwarding web forms to email addresses.
Python
6
star
30

codebuild

A completely unofficial source of CodeBuild Docker images
6
star
31

dynamosize

AWS DynamoDB table sizes aren't reported to CloudWatch. This fixes that.
5
star
32

iconical-templates

Templates for iconicalapp.com
Smarty
4
star
33

imdsblock

Block containers' access to EC2 instance profile credentials while maintaining access to other metadata endpoints
Go
4
star
34

pry-stackprofiler

Ruby
4
star
35

awshoney

AWS fields for your Honeycomb.io traces
Go
4
star
36

awscertmagic

Go
3
star
37

lambdahttp

Run your Docker images in AWS Lambda the same as you do in AWS ECS
Go
3
star
38

artifact-cleaner

GitHub Action that can clean up old artifacts on a regular schedule
Go
3
star
39

step-everywhere

Run a Lambda function in every account and region across your AWS organisation
Go
3
star
40

stackprofiler-middleware

Ruby
3
star
41

wireshark-debug-adapter-protocol

Debug Adapter Protocol dissector for Wireshark.
Lua
3
star
42

awsctx

A context-first wrapper around aws-sdk-go
Go
3
star
43

panorama-to-skybox

A simple web app for converting panoramas to skyboxes
Python
2
star
44

HttpClientMiddleware

Middleware facilitation for outbound HttpClient requests that is a mirror image of the functionality provided by ASP.Net Core (and OWIN) inbound request middleware.
2
star
45

ghkv

Use the GitHub API as a ghetto key-value store
Ruby
1
star
46

codedeployhook

Safe AWS Serverless website deployments made easy
Go
1
star
47

github-deployments

Go
1
star
48

simpledeb

Go
1
star
49

cloudformation-townclock

A helper to ensure that CloudFormation stacks can be keep "fresh" with a minimum of fuss
1
star
50

go-emf

Go
1
star
51

stackprofiler-sidekiq

Ruby
1
star
52

gameplay-ios

C++
1
star
53

s3httpfile

Golang http.File implementation backed by AWS S3 buckets
Go
1
star
54

imageconfig

Go
1
star