Metadata-Version: 2.1
Name: aws-access-advisor
Version: 2022.10.1.3
Summary: Generate IAM actions list from AWS Access Advisor reports.
Home-page: https://github.com/fer1035/pypi-aws_access_advisor
License: GPL-2.0-only
Keywords: AWS,Access,Advisor
Author: Ahmad Ferdaus Abd Razak
Author-email: ahmad.ferdaus.abd.razak@ni.com
Requires-Python: >=3.6,<4.0
Classifier: License :: OSI Approved :: GNU General Public License v2 (GPLv2)
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Requires-Dist: aws-ssooidc (>=2021.1.1.1,<2022.0.0.0)
Requires-Dist: boto3 (>=1.17.78,<2.0.0)
Project-URL: Repository, https://github.com/fer1035/pypi-aws_access_advisor
Description-Content-Type: text/x-rst

======================
**aws-access-advisor**
======================

Overview
--------

Generate IAM actions list from AWS Access Advisor reports.

Prerequisites
-------------

- *Python >= 3.6*
- *[aws-ssooidc](https://pypi.org/project/aws-ssooidc/) >= 2021.1.1.1*
- *[boto3](https://pypi.org/project/boto3/) >= 1.17.78*

Required Arguments
------------------

- AWS account ID
- AWS entity ARN (role, user, etc. to use for report generation)
- AWS SSO Permission Set (admin role) name for login purposes
- AWS SSO login URL

Usage
-----

Installation:

.. code-block:: BASH

   pip3 install aws-access-advisor
   # or
   python3 -m pip install aws-access-advisor

In Python3:

.. code-block:: BASH

   import aws_access_advisor as access

   auth = access.login("<account_id>", "<sso_url>", "<admin_role_name>")
   report = access.get_report(
      "<entity_role_arn>",
      auth["roleCredentials"]["accessKeyId"],
      auth["roleCredentials"]["secretAccessKey"],
      auth["roleCredentials"]["sessionToken"]
   )
   print(
      f'Job status: {report["JobStatus"]} after {report["processing_time"]} second(s).'
   )
   print('\n'.join(access.parse(report)))

In BASH:

.. code-block:: BASH

   python [/path/to/module/]__init__.py \
   -a <account_id> \
   -e <entity_role_arn> \
   -r <admin_role_name> \  # [OPTIONAL]
   -u <sso_url> \  # [OPTIONAL]
   > <output_path>

