awspolicy

1.1.2 • Public • Published

awspolicy

awspolicy is a command-line tool for generating custom AWS IAM policies with ease. Specify services, resources, and permissions through simple commands to create tailored security policies for your AWS projects.

Disclaimer: Not affiliated with AWS and is not an official AWS product. It is a personal project created to simplify the process of generating IAM policies for AWS services with a command-line interface. For a more user-friendly policy generator, consider using the Policy Generator of AWS.

Installation

$ npm install awspolicy -g

Features

  • Generate IAM policies for AWS services with ease
  • Specify services, resources, and permissions through simple commands
  • Create tailored security policies for your AWS projects

Currently Supported Services

IAM Policies

  • S3
  • ECR

Usage

Options:
  -v, --version                 output the version number
  -s, --service <type>          AWS service (e.g., s3, ecr)
  -b, --bucket <name>           S3 bucket name (required for S3)
  -rp, --repositories <name>    Comma-separated list of ECR repository names (required for ECR)
  -rg, --region <region>        AWS region (e.g., ap-southeast-2)
  -a, --account-id <accountId>  AWS account ID (e.g., 021704626424)
  -p, --permission <levels>     Permissions for the selected service.
                                For S3: binary format (e.g., 111).
                                For ECR: comma-separated list of actions (e.g., ListImages,PutImage)
  -t, --template <name>         Template for predefined permissions (e.g., generic for ECR)
  -h, --help                    display help for command

Examples

S3

$ awspolicy -s s3 -b my-bucket -p 111

ECR

We have a predefined template called generic which provides the following permissions,

  • BatchCheckLayerAvailability
  • InitiateLayerUpload
  • UploadLayerPart
  • CompleteLayerUpload
  • PutImage
  • BatchGetImage
  • GetDownloadUrlForLayer

GetAuthorizationToken is added separately to the policy to allow the user to authenticate, no need to specify it.

$ awspolicy -s ecr -rg ap-southeast-2 -a 12345678 -rp my-repo -t generic

Permissions can be manually specified as well

$ awspolicy -s ecr -rg ap-southeast-2 -a 12345678 -rp my-repo -p BatchCheckLayerAvailability,InitiateLayerUpload,UploadLayerPart,CompleteLayerUpload,PutImage,BatchGetImage,GetDownloadUrlForLayer

Contributing

Feel free to open an issue or submit a pull request. Adding other AWS services such as EC2, SES etc is highly encouraged.

Package Sidebar

Install

npm i awspolicy

Weekly Downloads

0

Version

1.1.2

License

MIT

Unpacked Size

21.1 kB

Total Files

16

Last publish

Collaborators

  • iamlizu