Downloading Policies

Usage: policy_sentry download-policies [OPTIONS]

  Download remote IAM policies to a directory for use in the analyze-iam-
  policies command.

Options:
  --profile TEXT        To authenticate to AWS and analyze *all* existing IAM policies.
  --aws-managed         Use flag if you want to download AWS Managed policies too.
  --include-unattached  Download policies that are unattached too. Defaults to false.
  --help                Show this message and exit.

• Make sure you are authenticated to AWS.

Customer-managed policies

• Run this command:

policy_sentry download-policies --profile dev

• It will download the policies to $HOME/.policy_sentry/policy-analysis/account-number/customer-managed.
• You can then run analysis on the entire directory:

policy_sentry analyze-iam-policy --policy $HOME/.policy_sentry/policy-analysis/0123456789012/customer-managed --from-access-level permissions-management

Then it will print out the IAM policies that contain actions with “Permissions management” access levels.

AWS Managed policies

• Run this command:

policy_sentry download-policies --profile dev --aws-managed

• It will download the policies to $HOME/.policy_sentry/policy-analysis/account-number/aws-managed.
• You can then run analysis on the entire directory:

analyze-iam-policy --policy $HOME/.policy_sentry/policy-analysis/0123456789012/customer-managed --from-access-level permissions-management

Then it will print out the AWS Managed IAM policies that contain actions with “Permissions management” access levels.