Skip to content

Scanning a single AWS account

Scanning the Authorization Details file

Now that we've downloaded the account authorization file, we can scan all of the AWS IAM policies with cloudsplaining.

Run the following command:

cloudsplaining scan --exclusions-file exclusions.yml --input-file examples/files/example.json --output examples/files/

It will create an HTML report like this:

It will also create a raw JSON data file:

  • default-iam-results.json: This contains the raw JSON output of the report. You can use this data file for operating on the scan results for various purposes. For example, you could write a Python script that parses this data and opens up automated JIRA issues or Salesforce Work Items. An example entry is shown below. The full example can be viewed at examples/output/example-authz-details-results.json
{
    "example-authz-details": [
        {
            "AccountID": "012345678901",
            "ManagedBy": "Customer",
            "PolicyName": "InsecureUserPolicy",
            "Arn": "arn:aws:iam::012345678901:user/userwithlotsofpermissions",
            "ActionsCount": 2,
            "ServicesCount": 1,
            "Actions": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Services": [
                "s3"
            ]
        }
    ]
}