npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@fluggo/aws-service-auth-reference

v1.0.164

Published

A JSON reference for AWS service authorization (IAM actions)

Downloads

653

Readme

AWS service authorization reference

This is a JSON-formatted scrape of the AWS Service Authorization Reference, along with a Golang program to update it. The package is updated weekly.

NPM package

If you're using the NPM package, you can use the service reference like this:

import { serviceAuth } from '@fluggo/aws-service-auth-reference';

for(const service of serviceAuth) {
  console.log(service.name);
}

Reference

The JSON file contains an array of service reference objects like this:

{
  // Name of the service as listed in the service authorization reference.
  "name": "AWS Security Token Service",

  // Prefix seen in IAM action statements for this service.
  "servicePrefix": "sts",

  // URL of the service authorization reference page for this service.
  "authReferenceHref": "https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecuritytokenservice.html",

  // URL of the API reference for this service, if any.
  "apiReferenceHref": "https://docs.aws.amazon.com/STS/latest/APIReference/",

  // List of actions that can be specified for this service in IAM action statements.
  "actions": [
    {
      // Action name as it appears in IAM policy statements.
      "name": "AssumeRole",

      // True if this action is not actually associated with an API call.
      "permissionOnly": false,

      // URL of the API or user guide reference for this action.
      "referenceHref": "https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html",

      // Description of the action.
      "description": "Returns a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to",

      // The access level classification for this action.
      // This can be List, Read, Write, Permissions management, or Tagging.
      // See https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html
      "accessLevel": "Write",

      // Resource types that can be specified for this action.
      //
      // If empty, you must specify all resources (`"*"`) in the policy when using this action.
      "resourceTypes": [
        {
          // A type of resource that can be used with this action.
          "resourceType": "role",

          // True if at least one resource of this type is required to execute the action.
          "required": true,

          // Condition keys that can be specified for this resource type.
          //
          // If a statement specifies a condition key not on this list,
          // and its scope includes a resource of this type, the statement will
          // have no effect.
          "conditionKeys": [],

          // Additional permissions you must have in order to use the action.
          "dependentActions": []
        }
      ],

      // Condition keys that can be specified for this action that do not depend on a resource type.
      "conditionKeys": []
    },
    // ...
  ],

  // Types of resources that can be specified for this service in IAM resource statements.
  //
  // These resources can come from other services; check the ARN to see the service type.
  "resourceTypes": [
    {
      // Name of the resource type.
      "name": "role",

      // URL of the API or user guide reference for this action.
      "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html",

      // Pattern for ARNs for this resource type with `${placeholder}` markers.
      "arnPattern": "arn:${Partition}:iam::${Account}:role/${RoleNameWithPath}",

      // List of condition keys that are valid for this resource type.
      "conditionKeys": [
        "aws:ResourceTag/${TagKey}"
      ]
    },
    // ...
  ],

  // Condition keys that can be specified for this service in IAM statements.
  "conditionKeys": [
    {
      // Name of the condition key, which may contain a template (`${param}`) element.
      "name": "sts:SourceIdentity",

      // Link to reference information about the condition key.
      "referenceHref": "https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#ck_sourceidentity",

      // A short description of the condition key.
      "description": "Filters actions based on the source identity that is passed in the request",

      // The type of the condition key.
      // This can be a primitive type such as String or a compound type such as ArrayOfString.
      "type": "String"
    },
    // ...
  ]
}

Using with curl and jq

You can use curl and jq in shell scripts to parse the service auth JSON file and query it. For example, to find all IAM actions ending in "Role":

curl --silent --show-error \
  --url 'https://raw.githubusercontent.com/fluggo/aws-service-auth-reference/master/service-auth.json' \
  > /tmp/auth.json

cat /tmp/auth.json | jq --raw-output '
  .[]
  | {service: .servicePrefix} + (.actions[] | {action: .name})
  | select(.service == "iam" and (.action | match("Role$")))
  | "\(.service):\(.action)"
'

Output:

iam:CreateRole
iam:CreateServiceLinkedRole
iam:DeleteRole
iam:DeleteServiceLinkedRole
iam:GetRole
iam:ListInstanceProfilesForRole
iam:PassRole
iam:TagRole
iam:UntagRole
iam:UpdateRole

Example provided by @iainelder.