Logging of API calls and impacted resources for generating IAM policy permissions #1768
Comments
|
Thanks for creating this issue @cristim. Is similar to #127 in the SDK's backlog? Or are you looking for an option to track the API calls that are made with the SDK? I think a feature similar to this can be enabled today with the SDK's request handlers. The The following example will add a logger of service api calls for all APIs made from a client created from a session. sess := session.Must(session.NewSession())
sess.Handlers.Complete.PushBack(func(r *request.Request) {
fmt.Printf("region:%s, service:%s, api:%s\n",
*r.Config.Region,
r.ClientInfo.ServiceName,
r.Operation.Name,
})
// make service api calls, |
|
@jasdel that issue seems to be about generating policy data structures that can accommodate and compare equally for different formatting of the JSON. This one is just a special kind of logging that would be allow users to generate policy documents for a given program using the SDK. Maybe that policy data structure could be used for collecting this logging information throughout the execution of the program and then dump it to a policy json/yaml file right before exiting. |
|
We have noticed this issue has not received attention in 1 year. We will close this issue for now. If you think this is in error, please feel free to comment and reopen the issue. |
This is a question/feature request.
Problem
I am sometimes spending a lot of time and effort creating fine-grained IAM policies for relatively large Terraform stacks.
Proposal
It would be nice to be able to generate the minimal IAM policies straight from the SDK, since it knows which calls it performs against which resources.
When a magic environment variable is set, all these API calls should be dumped to a file that is formatted as close as possible to the permissions part of a IAM policy, where it could be included with minimal if any changes.
The text was updated successfully, but these errors were encountered: