Skip to content

A consolidated series of structured data for cloud identity and access management systems, including datasets for AWS, Azure, and Google Cloud

License

Notifications You must be signed in to change notification settings

iann0036/iam-dataset

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

IAM Dataset

A consolidated series of structured data for cloud identity and access management systems, including datasets for AWS, Azure, and Google Cloud.

It is currently being used to support:

Tooling which assists in the generation of some datasources is located in the util/ directory.

AWS

For Amazon Web Services IAM, the primary datasources are map.json and iam_definition.json.

In order to assist with the creation of the map.json file, a custom mapping tool may be used to accelerate the process. The mapping tool is currently hosted at: https://iann0036.github.io/iam-dataset/util/index.html#

map.json

A comprehensive mapping from SDK calls to IAM actions, typically created with the assistance of the mapping tool.

map.json Template Syntax

${PropertyName} - Variable substitution for the PropertyName property

. - A property within an object/map

[] - For each value within the array

%%urlencode%${PropertyName}%% - Performs a URL-encoding on the PropertyName property

%%many%${PropertyName}%${PropertyName2}%${PropertyName3}%% - For each of the PropertyName, PropertyName2 & PropertyName3 properties (any length)

%%iftemplatematch%${ArnProperty}%% - Only valid if the template matches the resource type's template

%%iftruthy%${PropertyName}%ValueIfTrue%ValueIfFalse%% - Truthy test

%%regex%${PropertyName}%/(.+)/g%% - Returns first capture group of Regex

iam_definition.json

A scraping of the AWS Service Authorization Reference, the AWS-provided reference of known IAM actions. It is generated using work from Parliament.

The file does have some post-crawl patching actions.

managedpolicies/name.json

The details of all AWS Managed Policies, including flags for whether the managed policy contains high sensitivity actions.

Azure

For Azure, the primary datasource is built-in-roles.json.

provider-operations.json

The direct output of the command az provider operation list which retrieves all operations from all providers.

built-in-roles-raw.json

The output of the command az role definition list with a query for all built-in roles.

built-in-roles.json

The aggregation of thr built-in roles and provider operations permitted by those built-in roles.

Google Cloud

For Google Cloud, the primary datasources are methods.json, permissions.json and role_permissions.json.

predefined_roles.json

The result of the command gcloud iam roles list, including deleted roles, showing all predefined roles.

map.json

A map of IAM permissions required for each method. [WORK IN PROGRESS]

methods.json

The combination of the methods extracted from the Google Cloud Go SDK.

methods_ext.json

Same as methods.json, but with parameter information.

permissions.json

IAM Permissions as defined by the online IAM permissions reference.

role_permissions.json

A mapping of each permission and the roles which the permission has, including whether the containment is undocumented per the IAM permission reference.

roles/name.json

The result of the command gcloud iam roles describe "$name" for all built-in roles.

About

A consolidated series of structured data for cloud identity and access management systems, including datasets for AWS, Azure, and Google Cloud

Topics

Resources

License

Stars

Watchers

Forks

Sponsor this project