AWS IAM Roles : How to identify specific permission for each AWS service

1
votes

We have started initially by defining roles with admin access policy attached. But now we want them to have policy with only specific permissions that are minimum and does not create any issues for using these roles.

Looking at "Access Advisor" tab on each role under AWS IAM console, it gives good amount of information that exactly which AWS services getting used and permission level information only for EC2, IAM, Lambda, and S3 management actions services. But for rest of other AWS services, missing that what specific permission for that particular service is required.

Also not having AWS Organizations master account access as mentioned in this tutorial: Viewing last accessed information for Organizations.

So is there a way I can get the permissions level info for services other than EC2, IAM, Lambda, and S3 management actions?

Thanks.

1
amazon-web-servicesamazon-iam
How about policy simulator? docs.aws.amazon.com/IAM/latest/UserGuide/…shimo
How did it go? Still unclear what you can do?Marcin

1 Answers

1
votes

So is there a way I can get the permissions level info for services other than EC2, IAM, Lambda, and S3 management actions?

Sadly, there is no such way provided by AWS. So basically its try-and-see approach to get what you want. You can try some third party tools, which may be helpful, such as zero-iam, but ultimately, you will need custom solution to match your requirements.

There is also IAM Access Analyzer which is different then Access Advisor. But its also limited to some services only.