repokid
repokid copied to clipboard
Netflix
AWS Least Privilege for Distributed, High-Velocity Deployment
I have configured the aardvark and repokid config accordingly. However once the role cache is updated, trying to remove permissions from a role leads to the below error. I have...
So we just tried to run aardvark and repokid on our roles but several of them had no suggested policies. After debugging repokid for a while it seems like role.policies...
Only inline policies are supported currently. - If a managed policy can be deleted, we detach it from the role. - If a managed policy can be minimized, we detach...
When I do repokid display_role_cache 1234567890 I have several roles but most are showing 0 permissions including AardvarkRepokid (two roles show some permissions one has 5 and another OrganizationAccountAccessRole has...
Athena can be used to query the S3 buckets where CloudTrail data is stored directly. This would be useful for organizations without some other storage (such as ElasticSearch) set up....
Repokid has been under heavy development the last several months and we should make sure the instructions are still clear. I'd like somebody unfamiliar with the project to run through...
The docstrings for functions may have drifted. Would be nice to read through all the function docstrings and make sure the arguments are correct and the descriptions are clear.
Similar to how we do when repoing, we should show which permissions got restored after a rollback.
It would be nice to have the ability to only restore some services, rather than the whole old policy. This should work by taking an optional list of services during...
We need to increase test coverage for the Dynamo module. I'm thinking either standing up a local dynamo server (in Travis CI) or using Moto.