Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filter by different kinds of identity when generating policy #3

Open
1 of 5 tasks
flosell opened this issue Nov 26, 2017 · 4 comments
Open
1 of 5 tasks

Filter by different kinds of identity when generating policy #3

flosell opened this issue Nov 26, 2017 · 4 comments
Labels
enhancement select-feature Issues regarding the selection of relevant events
Projects
Tasks

Comments

@flosell
Copy link
Owner

flosell commented Nov 26, 2017
edited
Loading

AS A trailscraper user
I WANT to select only events for a particular role/user when generating a policy
SO THAT I can generate a more useful policy for this role/user

  • filter by assumed role
  • filter by IAM user?
  • invoking AWS service
  • root account
  • ...?
flosell added a commit that referenced this issue Nov 27, 2017
@flosell
Add basic filtering by role-arn (#3)
652687b
@flosell flosell added this to To Do in Tasks Dec 17, 2017
@flosell
Copy link
Owner Author

flosell commented Feb 4, 2018

Example of different ways to get identity from different types of events: https://github.com/wcurrie/aws-iam-permissions-by-role/blob/master/group_by_arn.py#L41

@flosell flosell added generate-feature Issues regarding the generation of IAM Policies from Events select-feature Issues regarding the selection of relevant events and removed generate-feature Issues regarding the generation of IAM Policies from Events labels Jul 27, 2019
@flosell flosell moved this from To Do to In progress in Tasks Jul 12, 2020
@flosell flosell changed the title Filter by identity when generating policy Filter by different kinds of identity when generating policy Jul 12, 2020
@flosell
Copy link
Owner Author

flosell commented Jul 12, 2020

Complete documentation: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html

@Almenon
Copy link

Almenon commented Oct 4, 2023

Being able to select cloudtrail events by user would be neat. For some reason the cloudtrail UI doesn't show requestParameters like the bucketName unless you drill down into it, it would be useful for a easy to way to see a list of actions with requestparameters by user.

@flosell
Copy link
Owner Author

flosell commented Oct 22, 2023

Hi @Almenon, thanks for the feedback!
Unfortunately, I'm not spending a lot of time on trailscraper these days so not promising to get to implementing this soon. However, I'm always happy to help with and accept PRs.

If you want to give it a try, maybe start by pulling the right data out of the raw events in cloudtrail.py.
This might already be enough to get things working, though you'd probably want to adapt the select command in cli.py to get things working or just make the parameter speak to what it actually does.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement select-feature Issues regarding the selection of relevant events
Projects
Tasks
  
In progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@flosell @Almenon