New features:
- Analyze functionality now creates a comprehensive report (CSV and raw JSON, and optionally markdown) of IAM actions allowed per policy across multiple risk categories
- Analyze functionality can recursively analyze hundreds of downloaded IAM policies for allowed actions and include that in the report
- Report functionality supports custom report configuration, exclusion of roles to filter out false positives.
- HTML docs refresh for newer AWS services.
- download-policies now has the option to recursively download all IAM policies from accounts listed in your AWS credentials file. You can authenticate to all your accounts using a tool like Gossamer, then use this new feature to download all of the policies automagically for local analysis.
Breaking changes:
- Analysis folder is changed to ~/.policy_sentry/analysis (instead of ~/.policy_sentry/policy-analysis)
analyze-iam-policy
is nowanalyze