Comments (9)
Hey @apeshimam !
This is the traceback, but it seems the actual error is missing. Is it KeyError
?
from airiam.
yes sorry it is a KeyError.
from airiam.
-> % airiam recommend_groups
____ __ _____ ____ __ __
/ __ \ |__| _ ____|_ _| / __ \ | \ / |
/ / \ \ __ | |/ ___| | | / / \ \ | |\ \ / /| |
/ /____\ \ | | | / | | / /____\ \ | | \ \/ / | |
/ ______ \_| |_| | _| |_ / ______ \ | \ / | |
/_/ \_\_____|__| |_____|/_/ \_\_| \/ |_|
v0.1.57
AirIAM - Least privilege AWS IAM Terraformer
To continuously scan configurations, try the Bridgecrew free community plan.
https://www.bridgecrew.io
INFO:botocore.credentials:Found credentials in shared credentials file: ~/.aws/credentials
IAM FILE NAME ./aircache/829297642418/iam_data.json
Data account id 829297642418
Reusing local data
INFO:root:Analyzing data for account 829297642418
INFO:root:Using the default UserOrganizer
Traceback (most recent call last):
File "/usr/local/bin/airiam", line 5, in <module>
run()
File "/usr/local/lib/python3.9/site-packages/airiam/main.py", line 36, in run
report_with_recommendations = recommend_groups(logger, runtime_results, args.last_used_threshold)
File "/usr/local/lib/python3.9/site-packages/airiam/recommend_groups/recommend_groups.py", line 19, in recommend_groups
runtime_iam_report.set_reorg(organizer.get_user_clusters(runtime_iam_report))
File "/usr/local/lib/python3.9/site-packages/airiam/recommend_groups/recommend_groups.py", line 38, in get_user_clusters
simple_user_clusters = self._create_simple_user_clusters(human_users, iam_data['AccountGroups'], iam_data['AccountPolicies'])
File "/usr/local/lib/python3.9/site-packages/airiam/recommend_groups/recommend_groups.py", line 84, in _create_simple_user_clusters
if PolicyAnalyzer.policy_is_write_access(policy_document):
File "/usr/local/lib/python3.9/site-packages/airiam/find_unused/PolicyAnalyzer.py", line 49, in policy_is_write_access
actions = PolicyAnalyzer._get_policy_actions(policy_document)
File "/usr/local/lib/python3.9/site-packages/airiam/find_unused/PolicyAnalyzer.py", line 25, in _get_policy_actions
actions_list.extend(PolicyAnalyzer.convert_to_list(statement['Action']))
KeyError: 'Action'
from airiam.
Hey @apeshimam !
This means the action is not part of this doc:
https://raw.githubusercontent.com/salesforce/policy_sentry/master/policy_sentry/shared/data/iam-definition.json
I wonder which action is it... Are you up for debugging?
from airiam.
sorry i just saw this. yeah up for it.
from airiam.
LMK how I can do this?
from airiam.
Hey @nimrodkor happy to help. what do you need from me.
from airiam.
@nimrodkor just wanted to checkin and see if I could help push this along. Thanks.
from airiam.
Hey @apeshimam , I looked into it and it seems this is an unexpected configuration - an Allow
statement with no Action
attribute - possibly this statement has a NotAction
attribute, which is not a good practice.
It is not a good practice to have Allow
with NotAction
because it might lead to implicitly giving permissions.
Added a warning log, let me know if it solved your issue!
from airiam.
Related Issues (20)
- 🐛 Bug Report: AttributeError: type object 'datetime.datetime' has no attribute 'fromisoformat'
- 🐛 Bug Report: Broken homebrew package
- 🐛 Bug Report: AttributeError: 'list' object has no attribute 'items' (both for recommend_groups and terraform ) HOT 1
- Enhancement : Optional offline mode HOT 1
- Bug : `terraform` command ignores -l flag HOT 1
- Create file with report printed to stdout on find_unused HOT 2
- Policies used only as boundary flagged as redundant HOT 1
- Permissions boundary removed from role in Terraform output HOT 2
- Enhancement: Terraform backend "import" performed without calling AWS HOT 1
- Error running "airiam find_unused" HOT 3
- Just fails on credentials = next( without explanation HOT 2
- Error with recommend_groups HOT 1
- [Bug] Script stops execution on an explicit deny - OrganizationAccountAccessRole HOT 1
- Enhancement: Auto-remediate HOT 3
- AirIAM issue while running any command HOT 1
- Add issue templates
- airiam recommend_groups error KeyError: 'airflow' HOT 3
- AirIAM adding functionality to scan more than one account HOT 2
- TypeError: 'NoneType' object is not iterable
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from airiam.