小贝子编程

AWS IAM Metadata API?



我正在寻找是否有官方 API 用于检索与 IAM 权限、服务等相关的信息的元数据。

策略模拟器控制台几乎拥有我需要的一切。查看发出的HTTP请求,有些请求返回了一个定义良好的JSON对象。

例如,要检索所有可用的服务,它调用:

https://policysim.aws.amazon.com/home/data/resource

和返回(为简洁起见,缩写):

[
{
"name": "Amazon EC2",
"actionPrefix": "ec2",
"hasResource": true,
"arnFormat": "arn:aws:ec2:<region>:<account>:<resourceType>/<resourcePath>"
},
{
"name": "Amazon Sumerian",
"actionPrefix": "sumerian",
"hasResource": false,
"arnFormat": "arn:aws:sumerian:<region>:<account-id>:<resource-type>/<resource_name>"
},
{
"name": "Amazon Comprehend",
"actionPrefix": "comprehend",
"hasResource": false,
"arnFormat": "arn:${Partition}:comprehend:${Region}:${AccountId}:${ResourceType}/${ResourceName}"
},
...
{
"name": "AWS Elemental MediaStore",
"actionPrefix": "mediastore",
"hasResource": true,
"arnFormat": "arn:aws:mediastore:<Region>:<Account>:<Resource>"
}
]

然后例如,API 网关,调用

https://policysim.aws.amazon.com/home/data/action?serviceName=Amazon+API+Gateway&servicePrefix=execute-api

返回:

[
{
"name": "InvalidateCache",
"evaluated": false,
"allowed": false,
"prefix": "execute-api",
"service": "Amazon API Gateway",
"serviceAware": true,
"resourceEnabled": true,
"deniedByOrganization": false,
"requiredResourceNames": [
"execute-api-general"
],
"supportedResources": [
{
"Name": "execute-api-general",
"ARN": "arn:aws:execute-api:${Region}:${Account}:${ApiId}/${Stage}/${Method}/${ApiSpecificResourcePath}",
"RegEx": "^arn:aws:execute-api:.+",
"isRequired": true
}
],
"scenarios": [],
"contextKeys": []
},
{
"name": "Invoke",
"evaluated": false,
"allowed": false,
"prefix": "execute-api",
"service": "Amazon API Gateway",
"serviceAware": true,
"resourceEnabled": true,
"deniedByOrganization": false,
"requiredResourceNames": [
"execute-api-general"
],
"supportedResources": [
{
"Name": "execute-api-general",
"ARN": "arn:aws:execute-api:${Region}:${Account}:${ApiId}/${Stage}/${Method}/${ApiSpecificResourcePath}",
"RegEx": "^arn:aws:execute-api:.+",
"isRequired": true
}
],
"scenarios": [],
"contextKeys": []
}
]

这就是我所追求的所有信息。服务名称列表,然后是每个服务的操作,以及其他一些元数据。

显然,我想使用支持 IAM 凭证和策略的官方 API,但无法找到支持的基本 SimulatePolicy 和上下文相关 API 端点之外的任何内容。

谢谢!

粉红色

根据AWS支持,如果有人正在寻找同样的东西,目前没有官方或受支持的API来检索此信息。

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium