14 Aug 2024 - rich
I was asked to compile a list of custom (non-AWS Managed) policies in our AWS account.
The idea is to collect a list of all the policies then analyze the permissions in order to determine what users have which permissions.
This was work performed as a precursor to several security audits we had to participate in.
First want to mention that there are policies associated with roles. At some point I will need to address this but this environment does not have m/any role based policies
Of interest to me now are
There are
are either AWS managed policies or customer managed policies
list_policies will list all managed policies that are available in your aws account including customer-defined managed policies and all AWS managed policies
You can filter the list of policies using the optional OnlyAttached scope and PathPrefix parameters. For my purposes I only want OnlyAttached
For inline policies you need to retrieve the different types separately…
So, for Users, you would use list_user_policies
And for Groups, you would use list_group_policies