Skip to content

Latest commit

 

History

History
290 lines (276 loc) · 14.6 KB

README.md

File metadata and controls

290 lines (276 loc) · 14.6 KB

AWS IAM Tracker

This project collects IAM actions, AWS APIs and managed policies from various public sources.

You can explore the data collected using the static site.

Collected data is published to the policies and services folders in this repo.

Thank you to alanakirby/aktion for originally having this idea and being gracious about me shamelessly ripping it off.

Stats

  • Unique services: 236
  • Unique actions: 8879
  • Managed policies: 725

Most common managed policy name prefixes:

Policy ARN Count
arn:aws:iam::aws:policy/AWS* 208
arn:aws:iam::aws:policy/Amazon* 195
arn:aws:iam::aws:policy/aws-service-role/* 129
arn:aws:iam::aws:policy/service-role/* 113
arn:aws:iam::aws:policy/job-function/* 7
Other 73

The following table summarises the AWS APIs.

  • The first column is the name of the API as far as IAM policies are concerned.
  • The second column is IAM actions that exactly match the names of invokable APIs exposed by AWS.
  • The third column is invokable APIs that don't have a corresponding IAM action.
  • The fourth column is IAM actions that don't have a corresponding invokable API.
Service Action/API pairs APIs without actions Actions without APIs
ec2 414 6 0
sagemaker 142 15 2
iam 140 0 1
glue 124 11 1
rds 123 7 1
ssm 122 0 7
chime 119 0 50
mobiletargeting 107 5 0
ses 103 24 0
lightsail 101 26 0
cognito-idp 100 0 0
greengrass 90 2 1
gamelift 90 0 0
redshift 88 4 18
servicecatalog 83 1 0
waf-regional 81 0 0
config 79 0 0
a4b 77 16 3
codecommit 77 0 11
waf 77 0 0
devicefarm 77 0 0
opsworks 73 1 0
quicksight 71 28 13
storagegateway 71 10 0
elasticache 65 0 0
clouddirectory 62 4 0
cloudfront 59 16 0
s3 58 52 39
ds 57 0 6
robomaker 57 0 2
route53 57 0 0
autoscaling 57 0 0
directconnect 56 0 0
comprehend 56 0 0
guardduty 55 3 0
cloudformation 54 1 3
iotsitewise 54 1 0
elasticloadbalancing 54 0 1
organizations 51 0 0
macie2 50 1 3
medialive 49 6 0
workmail 49 0 51
ecs 49 0 2
backup 48 0 1
rekognition 48 0 0
lambda 47 2 3
connect 47 0 6
appstream 47 0 3
codedeploy 47 0 1
personalize 46 2 0
elasticbeanstalk 46 1 3
dms 45 8 0
kms 45 1 2
frauddetector 45 0 0
lex 44 0 0
codebuild 43 0 8
securityhub 43 0 0
dynamodb 42 3 6
imagebuilder 41 1 0
workdocs 41 0 10
wafv2 40 0 2
logs 39 3 5
mechanicalturk 39 0 0
appmesh 38 0 1
codepipeline 37 0 0
appsync 36 5 2
amplify 36 1 0
sms 35 0 2
iotthingsgraph 35 0 0
swf 34 3 12
iotanalytics 33 1 0
worklink 33 0 0
sns 33 0 0
glacier 33 0 0
appconfig 33 0 0
workspaces 32 18 0
elasticmapreduce 32 5 8
inspector 32 5 0
route53resolver 32 0 0
codeartifact 31 0 4
events 31 0 0
datasync 31 0 0
cloudhsm 31 0 0
schemas 30 1 0
forecast 30 0 0
cloudwatch 30 0 0
ce 29 0 10
ecr 29 0 0
es 28 9 9
cloudsearch 28 1 4
transcribe 28 0 3
athena 28 0 1
networkmanager 28 0 0
machinelearning 28 0 0
kinesis 28 0 0
sso 27 0 52
kinesisvideo 27 0 3
kafka 26 3 0
kinesisanalytics 26 0 1
mediastore 26 0 0
iot1click 26 0 0
fms 25 1 0
elasticfilesystem 25 0 5
mediaconvert 25 0 0
groundstation 25 0 0
globalaccelerator 25 0 0
discovery 25 0 0
ram 24 0 0
kendra 24 0 0
route53domains 23 5 0
xray 23 0 4
servicediscovery 23 0 0
codeguru-profiler 23 0 0
acm-pca 23 0 0
dataexchange 22 0 1
states 22 0 0
mq 22 0 0
ivs 22 0 0
dax 21 0 9
eks 21 0 0
cognito-identity 21 0 0
qldb 20 0 3
iotevents 20 0 1
sqs 20 0 0
managedblockchain 20 0 0
mgh 19 1 0
datapipeline 19 0 2
secretsmanager 19 0 0
batch 19 0 0
shield 18 5 0
transfer 18 2 0
opsworks-cm 18 1 0
access-analyzer 18 1 0
appflow 18 0 5
codestar 18 0 3
cloudtrail 18 0 0
applicationinsights 17 10 0
snowball 17 5 0
cognito-sync 17 0 2
elastictranscoder 17 0 0
timestream 16 1 3
servicequotas 16 0 0
license-manager 15 1 0
mediaconnect 14 13 0
mediapackage 14 5 0
support 14 0 8
serverlessrepo 14 0 1
fsx 14 0 0
cloud9 13 0 2
lakeformation 13 0 1
health 13 0 0
codestar-notifications 13 0 0
acm 13 0 0
mediapackage-vod 12 4 0
resource-groups 12 3 0
detective 12 0 5
signer 12 0 0
firehose 12 0 0
synthetics 11 2 0
aws-marketplace 11 0 39
codestar-connections 11 0 9
codeguru-reviewer 10 1 3
sdb 10 0 0
application-autoscaling 10 0 0
iot 9 0 212
translate 9 0 0
savingsplans 9 0 0
redshift-data 9 0 0
polly 9 0 0
compute-optimizer 9 0 0
budgets 8 14 2
mobilehub 8 1 15
sts 8 0 2
tag 8 0 0
sms-voice 8 0 0
dlm 8 0 0
mediatailor 7 0 0
macie 7 0 0
textract 6 0 0
rds-data 6 0 0
importexport 6 0 0
ebs 6 0 0
braket 6 0 0
autoscaling-plans 6 0 0
outposts 5 2 0
identitystore 4 0 0
cur 4 0 0
s3-outposts 3 0 29
pricing 3 0 0
comprehendmedical 2 19 0
honeycode 2 0 3
pi 2 0 0
mobileanalytics 1 0 2
workmailmessageflow 1 0 0
ec2-instance-connect 1 0 0
execute-api 0 220 3
apigateway 0 152 7
IoTSecuredTunneling 0 7 0
elastic-inference 0 6 1
awsssoportal 0 4 0
awsssooidc 0 3 0
marketplacecommerceanalytics 0 2 0
sso-directory 0 0 42
appmesh-preview 0 0 36
deepracer 0 0 26
deeplens 0 0 24
trustedadvisor 0 0 18
deepcomposer 0 0 18
chatbot 0 0 12
freertos 0 0 11
dbqms 0 0 9
launchwizard 0 0 8
cassandra 0 0 8
elemental-appliances-software 0 0 7
aws-portal 0 0 7
elemental-activations 0 0 6
ec2messages 0 0 6
wellarchitected 0 0 5
iot-device-tester 0 0 5
aws-marketplace-management 0 0 5
ssmmessages 0 0 4
groundtruthlabeling 0 0 4
artifact 0 0 4
resource-explorer 0 0 3
awsconnector 0 0 3
account 0 0 3
sumerian 0 0 2
purchase-orders 0 0 2
wam 0 0 1
rds-db 0 0 1
neptune-db 0 0 1
iq-permission 0 0 1
iq 0 0 1
codeguru 0 0 1
backup-storage 0 0 1
arsenal 0 0 1

Most common action prefixes:

Prefix Count
List 1241
Get 1166
Describe 1116
Delete 1039
Create 947
Update 726
Put 262
Start 159
Tag 127
Untag 126