-
Notifications
You must be signed in to change notification settings - Fork 3
/
main.py
26 lines (24 loc) · 1.1 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
import json5
import json
import sys
import os
args = sys.argv[1:]
files = os.listdir("aws-iam-policies/docs")
for file in files:
print(file)
myfile = 'aws-iam-policies/docs/' + file
with open(myfile, "r+") as resultsFile:
jsonData = json5.load(resultsFile)
writeRestrictedfile = 'aws-iam-policies/generated/' + file.replace('-doc', '')
with open(writeRestrictedfile, 'w+') as f:
json.dump(jsonData, f, indent=4)
writeRestrictedManagedArnfile = 'aws-iam-policies/generated/' + file.replace('-doc', '-managedARN')
with open(writeRestrictedManagedArnfile, 'w+') as managedArn:
for sid in jsonData['Statement']:
actionsList = sid['Action']
if 'iam:PutRolePolicy' in actionsList:
actionsList.remove('iam:PutRolePolicy')
if 'iam:AttachRolePolicy' in actionsList:
conditionPolicyArnList = sid["Condition"]["ForAnyValue:ArnEqualsIfExists"]["iam:PolicyARN"]
conditionPolicyArnList.append("arn:aws:iam::${AWS_ACCOUNT}:policy/${NODEROLE_INLINE_POLICY}")
json.dump(jsonData, managedArn, indent=4)