A cli tool to check which policy allowed actions for AWS IAM entities.
CLI tool to check which policy allowed actions for AWS IAM entities.
Use it inside an environment where the cli can retrieve IAM credentials,
which has IAMReadOnly or above permissions.
Usage: which-allowed --entity-type <ENTITY_TYPE> --entity-name <ENTITY_NAME> --action-name <ACTION_NAME>
Options:
--entity-type <ENTITY_TYPE> The type of IAM Entity [possible values: user, role]
--entity-name <ENTITY_NAME> The name of IAM Entity
--action-name <ACTION_NAME> The name of action IAM entity performed
-h, --help Print help
You can also use interactive mode by just using which-allowed.
You can download the pre-built binaries from the Releases page on GitHub.
Choose the appropriate binary for your operating system (Linux, macOS, Windows) and download it.
If you would like to build the project manually, you need to have Rust installed.
Follow the instructions below to build the project:
git clone https://github.com/runjivu/which-allowed.git
cd which-allowed
cargo build --release
./target/release/which-allowed --entity-type <ENTITY_TYPE> --entity-name <ENTITY_NAME> --action-name <ACTION_NAME>