iam-policy-validator 1.2.0__tar.gz → 1.5.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/DOCS.md +194 -27
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/Makefile +11 -5
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/PKG-INFO +171 -20
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/README.md +170 -19
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/action.yaml +11 -1
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/_manifest.json +1 -1
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/aps.json +237 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/bedrock.json +26 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cognito-idp.json +100 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/emr-containers.json +20 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iotmanagedintegrations.json +20 -0
- iam_policy_validator-1.5.0/docs/README.md +43 -0
- iam_policy_validator-1.5.0/docs/ROADMAP.md +307 -0
- iam_policy_validator-1.5.0/docs/aws-api-configuration.md +157 -0
- iam_policy_validator-1.5.0/docs/condition-requirements.md +182 -0
- iam_policy_validator-1.5.0/docs/configuration.md +574 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/docs/github-actions-workflows.md +35 -12
- iam_policy_validator-1.5.0/docs/modular-configuration.md +327 -0
- iam_policy_validator-1.5.0/docs/python-library-usage.md +987 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/configs/basic-config.yaml +1 -2
- iam_policy_validator-1.5.0/examples/configs/full-reference-config.yaml +661 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/configs/offline-validation.yaml +0 -1
- iam_policy_validator-1.5.0/examples/configs/principal-condition-enforcement.yaml +240 -0
- iam_policy_validator-1.5.0/examples/configs/principal-validation-public-with-conditions.yaml +33 -0
- iam_policy_validator-1.5.0/examples/configs/principal-validation-relaxed.yaml +32 -0
- iam_policy_validator-1.5.0/examples/configs/principal-validation-strict.yaml +36 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/configs/strict-security.yaml +29 -5
- iam_policy_validator-1.5.0/examples/custom_checks/README.md +623 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/github-actions/README.md +27 -7
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/github-actions/access-analyzer-only.yaml +3 -3
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/github-actions/basic-validation.yaml +5 -5
- iam_policy_validator-1.2.0/examples/github-actions/custom-policy-checks.yml → iam_policy_validator-1.5.0/examples/github-actions/custom-policy-checks.yaml +2 -2
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/github-actions/multi-region-validation.yaml +3 -3
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/github-actions/resource-policy-validation.yaml +4 -4
- iam_policy_validator-1.5.0/examples/github-actions/sarif-code-scanning.yaml +62 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/github-actions/sequential-validation.yaml +4 -4
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/github-actions/two-step-validation.yaml +3 -3
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/github-actions/validate-changed-files.yaml +4 -4
- iam_policy_validator-1.5.0/examples/iam-test-policies/README.md +159 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies/invalid-sid-special-chars.json +17 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies/invalid-sid-with-spaces.json +23 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies/valid-sid-formats.json +29 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies/wrong-s3-condition.json +28 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-control-policies/rcp-invalid-allow-effect.json +12 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-control-policies/rcp-invalid-not-action.json +12 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-control-policies/rcp-invalid-specific-principal.json +14 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-control-policies/rcp-invalid-unsupported-service.json +17 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-control-policies/rcp-invalid-wildcard-action.json +12 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-control-policies/rcp-valid-enforce-encryption.json +32 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/README.md +218 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/backup-vault-policy-org-access.json +34 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/ecr-repository-policy-org-restricted.json +25 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/ecr-repository-policy-public.json +16 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/efs-filesystem-policy-vpc-only.json +23 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/glacier-vault-policy-cross-account.json +23 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/kms-key-policy-cross-account.json +29 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/kms-key-policy-insecure.json +26 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/kms-key-policy-org-restricted.json +38 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/kms-key-policy-service-specific.json +53 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/lambda-permission-api-gateway.json +19 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/lambda-permission-cross-account-invoke.json +17 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/lambda-permission-eventbridge-multiple.json +23 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/lambda-permission-public-url.json +17 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/lambda-permission-s3-trigger.json +22 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/opensearch-domain-policy-ip-restricted.json +22 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/s3-bucket-policy-cloudfront.json +19 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/s3-bucket-policy-cross-account-org.json +25 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/s3-bucket-policy-insecure-transport.json +17 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/s3-bucket-policy-ip-restriction.json +36 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/s3-bucket-policy-public-with-conditions.json +20 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/s3-bucket-policy-public.json +12 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/s3-bucket-policy-specific-account.json +17 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/s3-bucket-policy-vpc-endpoint.json +20 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/s3-bucket-policy-wildcard-actions.json +21 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/secrets-manager-policy-cross-account.json +25 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account-mfa.json +25 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account.json +20 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/sns-topic-policy-eventbridge.json +18 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/sns-topic-policy-org-wide.json +23 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/sns-topic-policy-public-no-conditions.json +15 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/sqs-queue-policy-cross-account-role.json +26 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/sqs-queue-policy-iam-users-mfa.json +27 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/sqs-queue-policy-public.json +12 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/resource-policies/sqs-queue-policy-sns-subscription.json +18 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/service-control-policies/deny-root-account-usage.json +16 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/service-control-policies/require-mfa.json +24 -0
- iam_policy_validator-1.5.0/examples/iam-test-policies/service-control-policies/restrict-regions.json +20 -0
- iam_policy_validator-1.5.0/examples/library-usage/README.md +225 -0
- iam_policy_validator-1.5.0/examples/library-usage/example1_basic_usage.py +77 -0
- iam_policy_validator-1.5.0/examples/library-usage/example2_config_file.py +111 -0
- iam_policy_validator-1.5.0/examples/library-usage/example3_programmatic_config.py +158 -0
- iam_policy_validator-1.5.0/examples/library-usage/example4_custom_condition_requirements.py +347 -0
- iam_policy_validator-1.5.0/examples/library-usage/quick_reference.py +230 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/__version__.py +1 -1
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/checks/__init__.py +15 -3
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/checks/action_condition_enforcement.py +1 -6
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/checks/condition_key_validation.py +21 -1
- iam_policy_validator-1.5.0/iam_validator/checks/full_wildcard.py +67 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/checks/policy_size.py +1 -0
- iam_policy_validator-1.5.0/iam_validator/checks/policy_type_validation.py +299 -0
- iam_policy_validator-1.5.0/iam_validator/checks/principal_validation.py +776 -0
- iam_policy_validator-1.5.0/iam_validator/checks/sensitive_action.py +178 -0
- iam_policy_validator-1.5.0/iam_validator/checks/service_wildcard.py +105 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/checks/sid_uniqueness.py +45 -7
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/checks/utils/sensitive_action_matcher.py +39 -31
- iam_policy_validator-1.5.0/iam_validator/checks/wildcard_action.py +62 -0
- iam_policy_validator-1.5.0/iam_validator/checks/wildcard_resource.py +131 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/commands/__init__.py +10 -1
- iam_policy_validator-1.5.0/iam_validator/commands/download_services.py +255 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/commands/post_to_pr.py +7 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/commands/validate.py +204 -16
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/aws_fetcher.py +35 -8
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/check_registry.py +25 -21
- iam_policy_validator-1.5.0/iam_validator/core/config/__init__.py +83 -0
- iam_policy_validator-1.5.0/iam_validator/core/config/aws_api.py +35 -0
- iam_policy_validator-1.5.0/iam_validator/core/config/condition_requirements.py +535 -0
- iam_policy_validator-1.5.0/iam_validator/core/config/defaults.py +390 -0
- iam_policy_validator-1.5.0/iam_validator/core/config/principal_requirements.py +421 -0
- iam_policy_validator-1.5.0/iam_validator/core/config/sensitive_actions.py +133 -0
- iam_policy_validator-1.5.0/iam_validator/core/config/service_principals.py +95 -0
- iam_policy_validator-1.5.0/iam_validator/core/config/wildcards.py +124 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/config_loader.py +29 -9
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/formatters/enhanced.py +11 -5
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/formatters/sarif.py +78 -14
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/models.py +13 -3
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/policy_checks.py +39 -6
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/pr_commenter.py +30 -9
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/pyproject.toml +2 -2
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/scripts/download_aws_services.py +6 -4
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/scripts/sync_defaults_from_yaml.py +3 -3
- iam_policy_validator-1.5.0/tests/test_aws_api_config.py +10 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_condition_key_validation_check.py +98 -13
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_config_loader.py +1 -1
- iam_policy_validator-1.5.0/tests/test_full_wildcard_check.py +254 -0
- iam_policy_validator-1.5.0/tests/test_policy_type_validation.py +334 -0
- iam_policy_validator-1.5.0/tests/test_principal_validation_check.py +1084 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_sensitive_action_wildcard_expansion.py +38 -48
- iam_policy_validator-1.5.0/tests/test_service_wildcard_check.py +332 -0
- iam_policy_validator-1.5.0/tests/test_wildcard_action_check.py +297 -0
- iam_policy_validator-1.5.0/tests/test_wildcard_resource_check.py +349 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/uv.lock +1 -1
- iam_policy_validator-1.2.0/default-config.yaml +0 -876
- iam_policy_validator-1.2.0/docs/README.md +0 -41
- iam_policy_validator-1.2.0/docs/configuration.md +0 -220
- iam_policy_validator-1.2.0/examples/custom_checks/README.md +0 -550
- iam_policy_validator-1.2.0/iam_validator/checks/security_best_practices.py +0 -535
- iam_policy_validator-1.2.0/iam_validator/core/defaults.py +0 -366
- iam_policy_validator-1.2.0/tests/test_security_best_practices.py +0 -1363
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/.github/dependabot.yml +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/.github/workflows/ci.yml +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/.github/workflows/release.yml +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/.gitignore +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/.python-version +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/CONTRIBUTING.md +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/LICENSE +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/_services.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/a2c.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/a4b.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/access-analyzer.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/account.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/acm-pca.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/acm.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/action-recommendations.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/activate.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/aiops.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/airflow.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/amplify.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/amplifybackend.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/amplifyuibuilder.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/aoss.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/apigateway.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/app-integrations.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/appconfig.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/appfabric.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/appflow.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/application-autoscaling.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/application-signals.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/application-transformation.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/applicationinsights.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/appmesh-preview.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/appmesh.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/apprunner.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/appstream.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/appstudio.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/appsync.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/apptest.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/arc-region-switch.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/arc-zonal-shift.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/arsenal.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/artifact.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/athena.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/auditmanager.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/autoscaling-plans.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/autoscaling.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/aws-marketplace-management.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/aws-marketplace.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/aws-portal.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/awsconnector.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/b2bi.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/backup-gateway.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/backup-search.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/backup-storage.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/backup.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/batch.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/bcm-dashboards.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/bcm-data-exports.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/bcm-pricing-calculator.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/bcm-recommended-actions.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/bedrock-agentcore.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/billing.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/billingconductor.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/braket.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/budgets.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/bugbust.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cases.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cassandra.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ce.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/chatbot.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/chime.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cleanrooms-ml.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cleanrooms.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cloud9.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/clouddirectory.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cloudformation.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cloudfront-keyvaluestore.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cloudfront.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cloudhsm.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cloudsearch.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cloudshell.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cloudtrail-data.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cloudtrail.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cloudwatch.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codeartifact.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codebuild.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codecatalyst.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codecommit.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codeconnections.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codedeploy-commands-secure.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codedeploy.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codeguru-profiler.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codeguru-reviewer.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codeguru-security.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codeguru.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codepipeline.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codestar-connections.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codestar-notifications.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codestar.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/codewhisperer.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cognito-identity.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cognito-sync.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/comprehend.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/comprehendmedical.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/compute-optimizer.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/config.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/connect-campaigns.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/connect.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/consoleapp.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/consolidatedbilling.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/controlcatalog.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/controltower.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cost-optimization-hub.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/cur.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/customer-verification.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/databrew.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/dataexchange.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/datapipeline.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/datasync.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/datazone.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/dax.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/dbqms.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/deadline.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/deepcomposer.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/deepracer.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/detective.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/devicefarm.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/devops-guru.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/directconnect.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/discovery.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/dlm.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/dms.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/docdb-elastic.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/drs.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ds-data.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ds.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/dsql.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/dynamodb.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ebs.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ec2-instance-connect.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ec2.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ec2messages.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ecr-public.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ecr.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ecs.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/eks-auth.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/eks.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/elasticache.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/elasticbeanstalk.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/elasticfilesystem.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/elasticloadbalancing.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/elasticmapreduce.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/elastictranscoder.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/elemental-activations.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/elemental-appliances-software.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/elemental-support-cases.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/elemental-support-content.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/emr-serverless.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/entityresolution.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/es.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/events.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/evidently.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/evs.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/execute-api.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/finspace-api.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/finspace.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/firehose.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/fis.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/fms.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/forecast.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/frauddetector.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/freertos.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/freetier.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/fsx.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/gamelift.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/gameliftstreams.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/geo-maps.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/geo-places.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/geo-routes.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/geo.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/glacier.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/globalaccelerator.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/glue.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/grafana.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/greengrass.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/groundstation.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/groundtruthlabeling.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/guardduty.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/health.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/healthlake.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/honeycode.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iam.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/identity-sync.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/identitystore-auth.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/identitystore.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/imagebuilder.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/importexport.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/inspector-scan.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/inspector.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/inspector2.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/internetmonitor.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/invoicing.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iot-device-tester.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iot.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iotanalytics.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iotdeviceadvisor.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iotevents.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iotfleethub.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iotfleetwise.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iotjobsdata.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iotsitewise.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iottwinmaker.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iotwireless.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iq-permission.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/iq.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ivs.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ivschat.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/kafka-cluster.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/kafka.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/kafkaconnect.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/kendra-ranking.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/kendra.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/kinesis.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/kinesisanalytics.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/kinesisvideo.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/kms.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/lakeformation.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/lambda.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/launchwizard.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/lex.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/license-manager-linux-subscriptions.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/license-manager-user-subscriptions.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/license-manager.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/lightsail.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/logs.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/lookoutequipment.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/lookoutmetrics.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/lookoutvision.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/m2.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/machinelearning.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/macie2.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/managedblockchain-query.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/managedblockchain.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mapcredits.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/marketplacecommerceanalytics.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mechanicalturk.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mediaconnect.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mediaconvert.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mediaimport.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/medialive.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mediapackage-vod.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mediapackage.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mediapackagev2.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mediastore.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mediatailor.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/medical-imaging.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/memorydb.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mgh.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mgn.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/migrationhub-orchestrator.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/migrationhub-strategy.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mobileanalytics.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mobiletargeting.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/monitron.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mpa.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/mq.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/neptune-db.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/neptune-graph.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/network-firewall.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/network-security-director.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/networkflowmonitor.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/networkmanager-chat.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/networkmanager.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/networkmonitor.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/nimble.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/notifications-contacts.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/notifications.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/oam.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/observabilityadmin.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/odb.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/omics.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/one.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/opensearch.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/opsworks-cm.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/opsworks.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/organizations.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/osis.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/outposts.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/panorama.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/partnercentral-account-management.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/partnercentral.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/payment-cryptography.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/payments.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/pca-connector-ad.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/pca-connector-scep.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/pcs.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/personalize.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/pi.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/pipes.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/polly.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/pricing.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/private-networks.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/profile.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/proton.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/purchase-orders.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/q.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/qapps.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/qbusiness.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/qdeveloper.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/qldb.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/quicksight.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ram.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/rbin.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/rds-data.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/rds-db.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/rds.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/redshift-data.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/redshift-serverless.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/redshift.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/refactor-spaces.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/rekognition.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/repostspace.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/resiliencehub.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/resource-explorer-2.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/resource-explorer.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/resource-groups.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/rhelkb.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/robomaker.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/rolesanywhere.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/route53-recovery-cluster.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/route53-recovery-control-config.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/route53-recovery-readiness.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/route53.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/route53domains.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/route53profiles.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/route53resolver.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/rtbfabric.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/rum.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/s3-object-lambda.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/s3-outposts.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/s3.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/s3express.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/s3tables.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/s3vectors.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sagemaker-data-science-assistant.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sagemaker-geospatial.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sagemaker-mlflow.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sagemaker.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/savingsplans.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/scheduler.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/schemas.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/scn.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sdb.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/secretsmanager.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/security-ir.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/securityhub.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/securitylake.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/serverlessrepo.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/servicecatalog.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/servicediscovery.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/serviceextract.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/servicequotas.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ses.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/shield.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/signer.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/signin.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/simspaceweaver.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sms-voice.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sms.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/snow-device-management.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/snowball.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sns.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/social-messaging.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sqlworkbench.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sqs.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ssm-contacts.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ssm-guiconnect.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ssm-incidents.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ssm-quicksetup.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ssm-sap.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ssm.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ssmmessages.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sso-directory.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sso-oauth.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sso.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/states.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/storagegateway.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sts.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/support-console.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/support.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/supportapp.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/supportplans.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/sustainability.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/swf.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/synthetics.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/tag.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/tax.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/textract.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/thinclient.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/timestream-influxdb.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/timestream.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/tiros.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/tnb.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/transcribe.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/transfer.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/transform.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/translate.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/trustedadvisor.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/ts.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/user-subscriptions.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/uxc.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/vendor-insights.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/verified-access.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/verifiedpermissions.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/voiceid.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/vpc-lattice-svcs.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/vpc-lattice.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/vpce.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/waf-regional.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/waf.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/wafv2.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/wam.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/wellarchitected.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/wickr.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/wisdom.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/workdocs.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/worklink.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/workmail.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/workmailmessageflow.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/workspaces-instances.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/workspaces-web.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/workspaces.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/aws_services/xray.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/docs/aws-services-backup.md +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/docs/custom-checks.md +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/docs/development/PUBLISHING.md +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/docs/github-actions-examples.md +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/docs/privilege-escalation.md +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/docs/smart-filtering.md +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/README.md +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/access-analyzer/example1.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/access-analyzer/example2.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/custom_checks/advanced_multi_condition_validator.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/custom_checks/cross_account_external_id_check.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/custom_checks/domain_restriction_check.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/custom_checks/encryption_required_check.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/custom_checks/mfa_required_check.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/custom_checks/region_restriction_check.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/custom_checks/tag_enforcement_check.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/examples/custom_checks/time_based_access_check.py +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/allowed-wildcard-resource.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/api_gateway_management.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/athena_query_access.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/backup_vault_access.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/cloudformation_deployer.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/cloudwatch_monitoring.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/cognito_user_pool.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/dynamodb_table_access.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/ecs_task_execution.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/eventbridge_rules.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/glue_etl_jobs.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/insecure_policy.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/insecure_policy.yaml +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/invalid-resource-constraint.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/invalid_policy.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/kms_encryption_keys.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/lambda_developer.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/lambda_developer.yaml +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/maximum_size_policy.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/policy_missing_required_tags.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/policy_tag_enforcement_example.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/policy_with_wildcard_resources.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/privilege_escalation_scattered.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/rds_database_admin.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/s3_bucket_access.yaml +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/sample_policy.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/sample_policy.yaml +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/secrets_manager_access.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/sensitive-action-wildcards.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/sns_sqs_messaging.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/step_functions_workflow.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/test_none_of_valid.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/test_none_of_violations.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/wildcard_examples.json +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/wildcard_examples.yaml +0 -0
- {iam_policy_validator-1.2.0/examples/iam-test-policies → iam_policy_validator-1.5.0/examples/iam-test-policies/identity-policies}/wrong-condition-key.json +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/__init__.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/__main__.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/checks/action_resource_constraint.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/checks/action_validation.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/checks/resource_validation.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/checks/utils/__init__.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/checks/utils/policy_level_checks.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/checks/utils/wildcard_expansion.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/commands/analyze.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/commands/base.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/commands/cache.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/__init__.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/access_analyzer.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/access_analyzer_report.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/aws_global_conditions.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/cli.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/formatters/__init__.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/formatters/base.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/formatters/console.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/formatters/csv.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/formatters/html.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/formatters/json.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/formatters/markdown.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/policy_loader.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/core/report.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/integrations/__init__.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/integrations/github_integration.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/iam_validator/integrations/ms_teams.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/README.md +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/__init__.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_action_condition_enforcement.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_action_resource_constraint.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_action_validation_check.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_aws_fetcher_wildcards.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_aws_global_conditions.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_check_registry.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_comment_truncation.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_custom_policy_checks.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_models.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_multipart_comments.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_policy_loader.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_policy_size_check.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_resource_validation_check.py +0 -0
- {iam_policy_validator-1.2.0 → iam_policy_validator-1.5.0}/tests/test_sid_uniqueness_check.py +0 -0
|
@@ -521,8 +521,12 @@ Options:
|
|
|
521
521
|
--batch-size BATCH_SIZE Number of policies to process per batch (default: 10, only with --stream)
|
|
522
522
|
--no-recursive Don't recursively search directories
|
|
523
523
|
--fail-on-warnings Fail validation if warnings are found (default: only fail on errors)
|
|
524
|
-
--
|
|
525
|
-
|
|
524
|
+
--policy-type, -t {IDENTITY_POLICY,RESOURCE_POLICY,SERVICE_CONTROL_POLICY}
|
|
525
|
+
Type of IAM policy being validated (default: IDENTITY_POLICY)
|
|
526
|
+
Enables policy-type-specific validation (e.g., requiring Principal for resource policies)
|
|
527
|
+
--github-comment Post summary comment to PR conversation
|
|
528
|
+
--github-review Create line-specific review comments on PR files
|
|
529
|
+
--github-summary Write summary to GitHub Actions job summary (visible in Actions tab)
|
|
526
530
|
--config CONFIG, -c CONFIG Path to configuration file (default: auto-discover iam-validator.yaml)
|
|
527
531
|
--custom-checks-dir DIR Path to directory containing custom checks for auto-discovery
|
|
528
532
|
--no-registry Use legacy validation (disable check registry system)
|
|
@@ -544,8 +548,52 @@ iam-validator validate --path ./policies/ --format enhanced
|
|
|
544
548
|
# Streaming mode for large policy sets
|
|
545
549
|
iam-validator validate --path ./policies/ --stream
|
|
546
550
|
|
|
547
|
-
# GitHub PR
|
|
548
|
-
iam-validator validate --path ./policies/ --github-comment --github-review
|
|
551
|
+
# GitHub integration - all options (PR comment + review comments + job summary)
|
|
552
|
+
iam-validator validate --path ./policies/ --github-comment --github-review --github-summary
|
|
553
|
+
|
|
554
|
+
# Only line-specific review comments (clean, minimal)
|
|
555
|
+
iam-validator validate --path ./policies/ --github-review
|
|
556
|
+
|
|
557
|
+
# Only PR summary comment
|
|
558
|
+
iam-validator validate --path ./policies/ --github-comment
|
|
559
|
+
|
|
560
|
+
# Only GitHub Actions job summary
|
|
561
|
+
iam-validator validate --path ./policies/ --github-summary
|
|
562
|
+
|
|
563
|
+
# Validate resource policies (e.g., S3 bucket policies, SNS topics)
|
|
564
|
+
iam-validator validate --path ./bucket-policies/ --policy-type RESOURCE_POLICY
|
|
565
|
+
```
|
|
566
|
+
|
|
567
|
+
### Policy Type Validation
|
|
568
|
+
|
|
569
|
+
The `--policy-type` flag enables policy-type-specific validation:
|
|
570
|
+
|
|
571
|
+
**IDENTITY_POLICY** (default):
|
|
572
|
+
- Policies attached to IAM users, groups, or roles
|
|
573
|
+
- Should NOT contain Principal element
|
|
574
|
+
- Tool warns if Principal is present
|
|
575
|
+
|
|
576
|
+
**RESOURCE_POLICY**:
|
|
577
|
+
- Policies attached to AWS resources (S3 buckets, SNS topics, etc.)
|
|
578
|
+
- MUST contain Principal element in all statements
|
|
579
|
+
- Tool errors if Principal is missing
|
|
580
|
+
|
|
581
|
+
**SERVICE_CONTROL_POLICY**:
|
|
582
|
+
- AWS Organizations SCPs
|
|
583
|
+
- MUST NOT contain Principal element
|
|
584
|
+
- Tool errors if Principal is present
|
|
585
|
+
|
|
586
|
+
**Examples:**
|
|
587
|
+
|
|
588
|
+
```bash
|
|
589
|
+
# Validate S3 bucket policy (resource policy)
|
|
590
|
+
iam-validator validate --path bucket-policy.json --policy-type RESOURCE_POLICY
|
|
591
|
+
|
|
592
|
+
# Validate IAM role policy (identity policy - default)
|
|
593
|
+
iam-validator validate --path role-policy.json --policy-type IDENTITY_POLICY
|
|
594
|
+
|
|
595
|
+
# Validate AWS Organizations SCP
|
|
596
|
+
iam-validator validate --path scp.json --policy-type SERVICE_CONTROL_POLICY
|
|
549
597
|
```
|
|
550
598
|
|
|
551
599
|
### `analyze` Command
|
|
@@ -566,8 +614,9 @@ Options:
|
|
|
566
614
|
--output OUTPUT, -o OUTPUT Output file path (only for json/markdown formats)
|
|
567
615
|
--no-recursive Don't recursively search directories
|
|
568
616
|
--fail-on-warnings Fail validation if warnings are found (default: only fail on errors)
|
|
569
|
-
--github-comment Post
|
|
570
|
-
--github-review Create line-specific review comments on PR
|
|
617
|
+
--github-comment Post summary comment to PR conversation
|
|
618
|
+
--github-review Create line-specific review comments on PR files
|
|
619
|
+
--github-summary Write summary to GitHub Actions job summary (visible in Actions tab)
|
|
571
620
|
--run-all-checks Run full validation checks if Access Analyzer passes
|
|
572
621
|
--verbose, -v Enable verbose logging
|
|
573
622
|
|
|
@@ -617,6 +666,7 @@ Options:
|
|
|
617
666
|
--no-review Don't create line-specific review comments
|
|
618
667
|
--add-summary Add summary comment (default: True)
|
|
619
668
|
--no-summary Don't add summary comment
|
|
669
|
+
--config, -c CONFIG Path to configuration file (for fail_on_severity setting)
|
|
620
670
|
```
|
|
621
671
|
|
|
622
672
|
**Examples:**
|
|
@@ -672,9 +722,115 @@ iam-validator cache location
|
|
|
672
722
|
|
|
673
723
|
---
|
|
674
724
|
|
|
725
|
+
## GitHub Integration
|
|
726
|
+
|
|
727
|
+
The IAM Policy Validator provides flexible GitHub integration with **three independent options** for displaying validation results:
|
|
728
|
+
|
|
729
|
+
### 1. PR Summary Comment (`--github-comment`)
|
|
730
|
+
|
|
731
|
+
Posts a high-level summary to the PR conversation:
|
|
732
|
+
- Overall metrics (total policies, issues, severities)
|
|
733
|
+
- Grouped findings by file
|
|
734
|
+
- Detailed issue descriptions with suggestions and examples
|
|
735
|
+
- Updated on subsequent runs (no duplicates)
|
|
736
|
+
|
|
737
|
+
**Example:**
|
|
738
|
+
```bash
|
|
739
|
+
iam-validator validate --path ./policies/ --github-comment
|
|
740
|
+
```
|
|
741
|
+
|
|
742
|
+
### 2. Line-Specific Review Comments (`--github-review`)
|
|
743
|
+
|
|
744
|
+
Creates inline review comments on the "Files changed" tab:
|
|
745
|
+
- Comments appear directly on problematic lines in the diff
|
|
746
|
+
- Includes rich context (examples, suggestions from config)
|
|
747
|
+
- Automatically cleaned up on subsequent runs
|
|
748
|
+
- Review status (REQUEST_CHANGES or COMMENT) based on `fail_on_severity` config
|
|
749
|
+
- Works independently of `--github-comment`
|
|
750
|
+
|
|
751
|
+
**Example:**
|
|
752
|
+
```bash
|
|
753
|
+
iam-validator validate --path ./policies/ --github-review
|
|
754
|
+
```
|
|
755
|
+
|
|
756
|
+
**Review Status Logic:**
|
|
757
|
+
- If any issues match severities in `fail_on_severity` config → REQUEST_CHANGES
|
|
758
|
+
- Otherwise → COMMENT
|
|
759
|
+
- Default: REQUEST_CHANGES for `error` and `critical` severities
|
|
760
|
+
|
|
761
|
+
### 3. GitHub Actions Job Summary (`--github-summary`)
|
|
762
|
+
|
|
763
|
+
Writes a high-level overview to the Actions tab:
|
|
764
|
+
- Visible in workflow run summary (not in PR conversation)
|
|
765
|
+
- Shows key metrics and severity breakdown
|
|
766
|
+
- Clean dashboard view without overwhelming details
|
|
767
|
+
- Perfect for quick status checks
|
|
768
|
+
|
|
769
|
+
**Example:**
|
|
770
|
+
```bash
|
|
771
|
+
iam-validator validate --path ./policies/ --github-summary
|
|
772
|
+
```
|
|
773
|
+
|
|
774
|
+
### Mix and Match Options
|
|
775
|
+
|
|
776
|
+
All three options are **independent** and can be used in any combination:
|
|
777
|
+
|
|
778
|
+
```bash
|
|
779
|
+
# All three for maximum visibility
|
|
780
|
+
iam-validator validate --path ./policies/ \
|
|
781
|
+
--github-comment \
|
|
782
|
+
--github-review \
|
|
783
|
+
--github-summary
|
|
784
|
+
|
|
785
|
+
# Only line-specific review comments (clean, minimal)
|
|
786
|
+
iam-validator validate --path ./policies/ --github-review
|
|
787
|
+
|
|
788
|
+
# Only PR summary + Actions summary (no inline comments)
|
|
789
|
+
iam-validator validate --path ./policies/ --github-comment --github-summary
|
|
790
|
+
|
|
791
|
+
# Only Actions summary (no PR interaction)
|
|
792
|
+
iam-validator validate --path ./policies/ --github-summary
|
|
793
|
+
```
|
|
794
|
+
|
|
795
|
+
### Comment Management
|
|
796
|
+
|
|
797
|
+
**Automatic Cleanup:**
|
|
798
|
+
- Old review comments are automatically deleted before new runs
|
|
799
|
+
- Summary comments are updated (not duplicated)
|
|
800
|
+
- All bot comments use HTML identifiers (invisible to users)
|
|
801
|
+
|
|
802
|
+
**Streaming Mode:**
|
|
803
|
+
- In CI environments, streaming is auto-enabled
|
|
804
|
+
- Review comments appear progressively as files are validated
|
|
805
|
+
- Provides immediate feedback during long validation runs
|
|
806
|
+
|
|
807
|
+
### Required Environment Variables
|
|
808
|
+
|
|
809
|
+
```yaml
|
|
810
|
+
env:
|
|
811
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
812
|
+
GITHUB_REPOSITORY: ${{ github.repository }}
|
|
813
|
+
GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }}
|
|
814
|
+
```
|
|
815
|
+
|
|
816
|
+
For `--github-summary`, also requires:
|
|
817
|
+
- `GITHUB_STEP_SUMMARY` (automatically provided by GitHub Actions)
|
|
818
|
+
|
|
819
|
+
### Permissions
|
|
820
|
+
|
|
821
|
+
Ensure your workflow has the required permissions:
|
|
822
|
+
|
|
823
|
+
```yaml
|
|
824
|
+
permissions:
|
|
825
|
+
contents: read
|
|
826
|
+
pull-requests: write # Required for --github-comment and --github-review
|
|
827
|
+
```
|
|
828
|
+
|
|
829
|
+
---
|
|
830
|
+
|
|
675
831
|
## Configuration
|
|
676
832
|
|
|
677
|
-
> **📢 Configuration Change (v1.1.0+):** The `allowed_wildcards` configuration has moved from `
|
|
833
|
+
> **📢 Configuration Change (v1.1.0+):** The `allowed_wildcards` configuration has moved from `action_validation` to `security_best_practices` for cleaner separation of concerns. If you have a custom config file, update it accordingly. See [Migration Note](#configuration-migration) below.
|
|
678
834
|
|
|
679
835
|
### Configuration File
|
|
680
836
|
|
|
@@ -715,29 +871,29 @@ settings:
|
|
|
715
871
|
# ============================================================================
|
|
716
872
|
|
|
717
873
|
# Validate Statement ID (Sid) uniqueness
|
|
718
|
-
|
|
874
|
+
sid_uniqueness:
|
|
719
875
|
enabled: true
|
|
720
876
|
severity: error
|
|
721
877
|
|
|
722
878
|
# Validate IAM actions against AWS service definitions
|
|
723
|
-
|
|
879
|
+
action_validation:
|
|
724
880
|
enabled: true
|
|
725
881
|
severity: error
|
|
726
882
|
description: "Validates that actions exist in AWS services"
|
|
727
|
-
# Note: Wildcard security checks are handled by
|
|
883
|
+
# Note: Wildcard security checks are handled by security_best_practices
|
|
728
884
|
|
|
729
885
|
# Validate condition keys
|
|
730
|
-
|
|
886
|
+
condition_key_validation:
|
|
731
887
|
enabled: true
|
|
732
888
|
severity: error
|
|
733
889
|
|
|
734
890
|
# Validate resource ARN format
|
|
735
|
-
|
|
891
|
+
resource_validation:
|
|
736
892
|
enabled: true
|
|
737
893
|
severity: error
|
|
738
894
|
|
|
739
895
|
# Security best practices
|
|
740
|
-
|
|
896
|
+
security_best_practices:
|
|
741
897
|
enabled: true
|
|
742
898
|
# Define allowed wildcard patterns for safe read-only operations
|
|
743
899
|
allowed_wildcards:
|
|
@@ -767,7 +923,7 @@ security_best_practices_check:
|
|
|
767
923
|
severity: medium
|
|
768
924
|
|
|
769
925
|
# Action condition enforcement (MFA, IP restrictions, tags, etc.)
|
|
770
|
-
|
|
926
|
+
action_condition_enforcement:
|
|
771
927
|
enabled: true
|
|
772
928
|
severity: high
|
|
773
929
|
```
|
|
@@ -793,14 +949,15 @@ By default, validation fails on `error` and `critical` severities. Use `--fail-o
|
|
|
793
949
|
|
|
794
950
|
### Example Configurations
|
|
795
951
|
|
|
796
|
-
See [examples/configs/](examples/configs/) directory for
|
|
952
|
+
See [examples/configs/](examples/configs/) directory for configurations:
|
|
797
953
|
- `basic-config.yaml` - Minimal configuration with defaults
|
|
954
|
+
- `full-reference-config.yaml` - Complete reference with all options
|
|
798
955
|
- `offline-validation.yaml` - For environments without internet access
|
|
799
956
|
- `strict-security.yaml` - Enterprise-grade security enforcement
|
|
800
|
-
|
|
801
|
-
|
|
802
|
-
- `
|
|
803
|
-
- `
|
|
957
|
+
- `principal-validation-strict.yaml` - Block all public access
|
|
958
|
+
- `principal-validation-relaxed.yaml` - Allow public access with conditions
|
|
959
|
+
- `principal-validation-public-with-conditions.yaml` - Conditional public access
|
|
960
|
+
- `principal-condition-enforcement.yaml` - Advanced principal requirements
|
|
804
961
|
|
|
805
962
|
---
|
|
806
963
|
|
|
@@ -829,7 +986,7 @@ Verifies IAM actions exist in AWS service definitions. This check focuses **sole
|
|
|
829
986
|
```json
|
|
830
987
|
{
|
|
831
988
|
"Effect": "Allow",
|
|
832
|
-
"Action": "s3:List*", // ✅ Valid - wildcards skipped (checked by
|
|
989
|
+
"Action": "s3:List*", // ✅ Valid - wildcards skipped (checked by security_best_practices)
|
|
833
990
|
"Resource": "*"
|
|
834
991
|
}
|
|
835
992
|
```
|
|
@@ -886,10 +1043,10 @@ Ensures Statement IDs are unique within a policy:
|
|
|
886
1043
|
|
|
887
1044
|
### 6. Wildcard Action Validation
|
|
888
1045
|
|
|
889
|
-
The `
|
|
1046
|
+
The `security_best_practices` handles all wildcard security validation with customizable allowlists:
|
|
890
1047
|
|
|
891
1048
|
```yaml
|
|
892
|
-
|
|
1049
|
+
security_best_practices:
|
|
893
1050
|
enabled: true
|
|
894
1051
|
|
|
895
1052
|
# Define allowed wildcard patterns (e.g., safe read-only operations)
|
|
@@ -922,7 +1079,7 @@ security_best_practices_check:
|
|
|
922
1079
|
- "cloudwatch"
|
|
923
1080
|
```
|
|
924
1081
|
|
|
925
|
-
**Note:** The `
|
|
1082
|
+
**Note:** The `action_validation` now focuses solely on validating that actions exist in AWS service definitions. All wildcard security concerns are handled by `security_best_practices`.
|
|
926
1083
|
|
|
927
1084
|
### Configuration Migration
|
|
928
1085
|
|
|
@@ -930,7 +1087,7 @@ If you have a custom configuration file from before v1.1.0, update it as follows
|
|
|
930
1087
|
|
|
931
1088
|
**Before (v1.0.x):**
|
|
932
1089
|
```yaml
|
|
933
|
-
|
|
1090
|
+
action_validation:
|
|
934
1091
|
enabled: true
|
|
935
1092
|
severity: error
|
|
936
1093
|
allowed_wildcards:
|
|
@@ -941,13 +1098,13 @@ action_validation_check:
|
|
|
941
1098
|
|
|
942
1099
|
**After (v1.1.0+):**
|
|
943
1100
|
```yaml
|
|
944
|
-
|
|
1101
|
+
action_validation:
|
|
945
1102
|
enabled: true
|
|
946
1103
|
severity: error
|
|
947
|
-
# allowed_wildcards removed - moved to
|
|
1104
|
+
# allowed_wildcards removed - moved to security_best_practices
|
|
948
1105
|
# disable_wildcard_warnings removed - no longer needed
|
|
949
1106
|
|
|
950
|
-
|
|
1107
|
+
security_best_practices:
|
|
951
1108
|
enabled: true
|
|
952
1109
|
# Move allowed_wildcards here
|
|
953
1110
|
allowed_wildcards:
|
|
@@ -1249,8 +1406,18 @@ iam-validator validate --path policy.json --format json --output debug.json
|
|
|
1249
1406
|
|
|
1250
1407
|
MIT License - see [LICENSE](LICENSE) file for details.
|
|
1251
1408
|
|
|
1409
|
+
## Future Improvements
|
|
1410
|
+
|
|
1411
|
+
See [docs/ROADMAP.md](docs/ROADMAP.md) for planned features and enhancements, including:
|
|
1412
|
+
- NotResource support
|
|
1413
|
+
- NotAction support
|
|
1414
|
+
- Enhanced deny statement validation
|
|
1415
|
+
- Policy simulation integration
|
|
1416
|
+
- Cross-policy analysis
|
|
1417
|
+
|
|
1252
1418
|
## Support
|
|
1253
1419
|
|
|
1254
1420
|
- **Documentation**: This file and `examples/` directory
|
|
1421
|
+
- **Roadmap**: [Planned features and improvements](docs/ROADMAP.md)
|
|
1255
1422
|
- **Issues**: [GitHub Issues](https://github.com/boogy/iam-policy-auditor/issues)
|
|
1256
1423
|
- **Discussions**: [GitHub Discussions](https://github.com/boogy/iam-policy-auditor/discussions)
|
|
@@ -8,7 +8,7 @@ help:
|
|
|
8
8
|
@echo " make install Install production dependencies"
|
|
9
9
|
@echo " make dev Install development dependencies"
|
|
10
10
|
@echo " make clean Clean build artifacts and cache"
|
|
11
|
-
@echo " make sync-defaults
|
|
11
|
+
@echo " make sync-defaults [DEPRECATED] Defaults are now in Python modules"
|
|
12
12
|
@echo ""
|
|
13
13
|
@echo "Quality:"
|
|
14
14
|
@echo " make test Run tests"
|
|
@@ -36,10 +36,16 @@ install:
|
|
|
36
36
|
dev:
|
|
37
37
|
uv sync
|
|
38
38
|
|
|
39
|
-
# Sync defaults.py from YAML config
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
39
|
+
# Sync defaults.py from YAML config [DEPRECATED]
|
|
40
|
+
# Defaults are now defined in Python modules at iam_validator/core/data/
|
|
41
|
+
# This target is kept for backward compatibility but is no longer needed
|
|
42
|
+
sync-defaults:
|
|
43
|
+
@echo "⚠️ DEPRECATED: Defaults are now defined in Python modules"
|
|
44
|
+
@echo " Location: iam_validator/core/data/"
|
|
45
|
+
@echo " See: docs/modular-configuration.md"
|
|
46
|
+
@echo ""
|
|
47
|
+
@echo " Running legacy sync script for reference..."
|
|
48
|
+
@uv run python scripts/sync_defaults_from_yaml.py || echo " (Script may fail - this is expected)"
|
|
43
49
|
|
|
44
50
|
# Clean
|
|
45
51
|
clean:
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: iam-policy-validator
|
|
3
|
-
Version: 1.
|
|
3
|
+
Version: 1.5.0
|
|
4
4
|
Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
|
|
5
5
|
Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
|
|
6
6
|
Project-URL: Documentation, https://github.com/boogy/iam-policy-validator/tree/main/docs
|
|
@@ -448,13 +448,11 @@ settings:
|
|
|
448
448
|
enable_builtin_checks: true
|
|
449
449
|
|
|
450
450
|
# Custom check configurations
|
|
451
|
-
|
|
451
|
+
wildcard_action:
|
|
452
452
|
enabled: true
|
|
453
|
-
|
|
454
|
-
enabled: true
|
|
455
|
-
severity: high
|
|
453
|
+
severity: high
|
|
456
454
|
|
|
457
|
-
|
|
455
|
+
action_condition_enforcement:
|
|
458
456
|
enabled: true
|
|
459
457
|
severity: critical
|
|
460
458
|
action_condition_requirements:
|
|
@@ -465,7 +463,7 @@ action_condition_enforcement_check:
|
|
|
465
463
|
- condition_key: "iam:PassedToService"
|
|
466
464
|
```
|
|
467
465
|
|
|
468
|
-
See [
|
|
466
|
+
See [examples/configs/full-reference-config.yaml](examples/configs/full-reference-config.yaml) for a complete configuration reference with all available options.
|
|
469
467
|
|
|
470
468
|
### GitHub Action Inputs
|
|
471
469
|
|
|
@@ -478,10 +476,11 @@ See [default-config.yaml](default-config.yaml) for a complete configuration exam
|
|
|
478
476
|
| `recursive` | Recursively search directories for policy files | No | `true` |
|
|
479
477
|
|
|
480
478
|
#### GitHub Integration
|
|
481
|
-
| Input
|
|
482
|
-
|
|
|
483
|
-
| `post-comment`
|
|
484
|
-
| `create-review`
|
|
479
|
+
| Input | Description | Required | Default |
|
|
480
|
+
| ---------------- | --------------------------------------------------------- | -------- | ------- |
|
|
481
|
+
| `post-comment` | Post validation summary as PR conversation comment | No | `true` |
|
|
482
|
+
| `create-review` | Create line-specific review comments on PR files | No | `true` |
|
|
483
|
+
| `github-summary` | Write summary to GitHub Actions job summary (Actions tab) | No | `false` |
|
|
485
484
|
|
|
486
485
|
#### Output Options
|
|
487
486
|
| Input | Description | Required | Default |
|
|
@@ -490,12 +489,12 @@ See [default-config.yaml](default-config.yaml) for a complete configuration exam
|
|
|
490
489
|
| `output-file` | Path to save output file (for non-console formats) | No | `""` |
|
|
491
490
|
|
|
492
491
|
#### AWS Access Analyzer
|
|
493
|
-
| Input | Description
|
|
494
|
-
| ------------------------ |
|
|
495
|
-
| `use-access-analyzer` | Use AWS IAM Access Analyzer for validation
|
|
496
|
-
| `access-analyzer-region` | AWS region for Access Analyzer
|
|
497
|
-
| `policy-type` | Policy type: `IDENTITY_POLICY`, `RESOURCE_POLICY`, `SERVICE_CONTROL_POLICY` | No | `IDENTITY_POLICY` |
|
|
498
|
-
| `run-all-checks` | Run custom checks after Access Analyzer (sequential mode)
|
|
492
|
+
| Input | Description | Required | Default |
|
|
493
|
+
| ------------------------ | ------------------------------------------------------------------------------------------------------ | -------- | ----------------- |
|
|
494
|
+
| `use-access-analyzer` | Use AWS IAM Access Analyzer for validation | No | `false` |
|
|
495
|
+
| `access-analyzer-region` | AWS region for Access Analyzer | No | `us-east-1` |
|
|
496
|
+
| `policy-type` | Policy type: `IDENTITY_POLICY`, `RESOURCE_POLICY`, `SERVICE_CONTROL_POLICY`, `RESOURCE_CONTROL_POLICY` | No | `IDENTITY_POLICY` |
|
|
497
|
+
| `run-all-checks` | Run custom checks after Access Analyzer (sequential mode) | No | `false` |
|
|
499
498
|
|
|
500
499
|
#### Custom Policy Checks (Access Analyzer)
|
|
501
500
|
| Input | Description | Required | Default |
|
|
@@ -518,7 +517,7 @@ See [default-config.yaml](default-config.yaml) for a complete configuration exam
|
|
|
518
517
|
- Configure `aws-services-dir` in your config file for offline validation
|
|
519
518
|
- The action automatically filters IAM policies from mixed JSON/YAML files
|
|
520
519
|
|
|
521
|
-
See [examples/github-actions/](examples/github-actions/) for
|
|
520
|
+
See [examples/github-actions/](examples/github-actions/) for 9 ready-to-use workflow examples.
|
|
522
521
|
|
|
523
522
|
### As a CLI Tool
|
|
524
523
|
|
|
@@ -540,6 +539,12 @@ iam-validator validate --path ./policies/
|
|
|
540
539
|
# Validate multiple paths
|
|
541
540
|
iam-validator validate --path policy1.json --path ./policies/ --path ./more-policies/
|
|
542
541
|
|
|
542
|
+
# Validate resource policies (S3 bucket policies, SNS topics, etc.)
|
|
543
|
+
iam-validator validate --path ./bucket-policies/ --policy-type RESOURCE_POLICY
|
|
544
|
+
|
|
545
|
+
# Validate AWS Organizations Resource Control Policies (RCPs)
|
|
546
|
+
iam-validator validate --path ./rcps/ --policy-type RESOURCE_CONTROL_POLICY
|
|
547
|
+
|
|
543
548
|
# Generate JSON output
|
|
544
549
|
iam-validator validate --path ./policies/ --format json --output report.json
|
|
545
550
|
|
|
@@ -557,6 +562,106 @@ iam-validator analyze \
|
|
|
557
562
|
--github-review
|
|
558
563
|
```
|
|
559
564
|
|
|
565
|
+
### Policy Type Validation
|
|
566
|
+
|
|
567
|
+
The validator supports four AWS policy types, each with specific validation rules:
|
|
568
|
+
|
|
569
|
+
#### 🔷 IDENTITY_POLICY (Default)
|
|
570
|
+
Standard IAM policies attached to users, groups, or roles.
|
|
571
|
+
|
|
572
|
+
**Requirements:**
|
|
573
|
+
- Should NOT have `Principal` element (implicit - the attached entity)
|
|
574
|
+
- Must have `Action` and `Resource` elements
|
|
575
|
+
|
|
576
|
+
**Example:**
|
|
577
|
+
```bash
|
|
578
|
+
iam-validator validate --path ./user-policies/ --policy-type IDENTITY_POLICY
|
|
579
|
+
```
|
|
580
|
+
|
|
581
|
+
#### 🔶 RESOURCE_POLICY
|
|
582
|
+
Policies attached to AWS resources (S3 buckets, SNS topics, KMS keys, etc.).
|
|
583
|
+
|
|
584
|
+
**Requirements:**
|
|
585
|
+
- MUST have `Principal` element (who can access)
|
|
586
|
+
- Must have `Action`, `Effect`, and `Resource` elements
|
|
587
|
+
- Can use configurable security checks for principal validation
|
|
588
|
+
|
|
589
|
+
**Example:**
|
|
590
|
+
```bash
|
|
591
|
+
iam-validator validate --path ./bucket-policies/ --policy-type RESOURCE_POLICY
|
|
592
|
+
```
|
|
593
|
+
|
|
594
|
+
**Advanced Principal Validation:**
|
|
595
|
+
```yaml
|
|
596
|
+
# config.yaml
|
|
597
|
+
principal_validation:
|
|
598
|
+
enabled: true
|
|
599
|
+
severity: high
|
|
600
|
+
# Block public access
|
|
601
|
+
blocked_principals: ["*"]
|
|
602
|
+
# Or require specific conditions for public access
|
|
603
|
+
require_conditions_for:
|
|
604
|
+
"*":
|
|
605
|
+
- "aws:SourceArn"
|
|
606
|
+
- "aws:SourceAccount"
|
|
607
|
+
```
|
|
608
|
+
|
|
609
|
+
#### 🔷 SERVICE_CONTROL_POLICY
|
|
610
|
+
AWS Organizations SCPs that set permission guardrails.
|
|
611
|
+
|
|
612
|
+
**Requirements:**
|
|
613
|
+
- Must NOT have `Principal` element (applies to all principals in OU)
|
|
614
|
+
- Typically uses `Deny` effect for guardrails
|
|
615
|
+
- Must have `Action` and `Resource` elements
|
|
616
|
+
|
|
617
|
+
**Example:**
|
|
618
|
+
```bash
|
|
619
|
+
iam-validator validate --path ./scps/ --policy-type SERVICE_CONTROL_POLICY
|
|
620
|
+
```
|
|
621
|
+
|
|
622
|
+
#### 🆕 RESOURCE_CONTROL_POLICY
|
|
623
|
+
AWS Organizations RCPs for resource-level access control (released 2024).
|
|
624
|
+
|
|
625
|
+
**Strict Requirements:**
|
|
626
|
+
- `Effect` MUST be `Deny` (only AWS-managed `RCPFullAWSAccess` can use `Allow`)
|
|
627
|
+
- `Principal` MUST be exactly `"*"` (use `Condition` to restrict)
|
|
628
|
+
- `Action` cannot use `"*"` alone (must be service-specific like `"s3:*"`)
|
|
629
|
+
- Only **5 supported services**: `s3`, `sts`, `sqs`, `secretsmanager`, `kms`
|
|
630
|
+
- `NotAction` and `NotPrincipal` are NOT supported
|
|
631
|
+
- Must have `Resource` or `NotResource` element
|
|
632
|
+
|
|
633
|
+
**Example:**
|
|
634
|
+
```bash
|
|
635
|
+
iam-validator validate --path ./rcps/ --policy-type RESOURCE_CONTROL_POLICY
|
|
636
|
+
```
|
|
637
|
+
|
|
638
|
+
**Valid RCP:**
|
|
639
|
+
```json
|
|
640
|
+
{
|
|
641
|
+
"Version": "2012-10-17",
|
|
642
|
+
"Statement": [{
|
|
643
|
+
"Sid": "EnforceEncryptionInTransit",
|
|
644
|
+
"Effect": "Deny",
|
|
645
|
+
"Principal": "*",
|
|
646
|
+
"Action": ["s3:*", "sqs:*"],
|
|
647
|
+
"Resource": "*",
|
|
648
|
+
"Condition": {
|
|
649
|
+
"BoolIfExists": {
|
|
650
|
+
"aws:SecureTransport": "false"
|
|
651
|
+
}
|
|
652
|
+
}
|
|
653
|
+
}]
|
|
654
|
+
}
|
|
655
|
+
```
|
|
656
|
+
|
|
657
|
+
**What the validator catches:**
|
|
658
|
+
```
|
|
659
|
+
✓ Effect is "Deny" (required for RCPs)
|
|
660
|
+
✓ Principal is "*" (required - restrictions via Condition)
|
|
661
|
+
✓ Actions from supported services (s3, sqs)
|
|
662
|
+
✓ Uses Condition to scope the deny
|
|
663
|
+
```
|
|
664
|
+
|
|
560
665
|
### Custom Policy Checks
|
|
561
666
|
|
|
562
667
|
AWS IAM Access Analyzer provides specialized checks to validate policies against specific security requirements:
|
|
@@ -651,7 +756,9 @@ Use as a library in your Python applications:
|
|
|
651
756
|
|
|
652
757
|
```python
|
|
653
758
|
import asyncio
|
|
654
|
-
from iam_validator.core import PolicyLoader
|
|
759
|
+
from iam_validator.core.policy_loader import PolicyLoader
|
|
760
|
+
from iam_validator.core.policy_checks import validate_policies
|
|
761
|
+
from iam_validator.core.report import ReportGenerator
|
|
655
762
|
|
|
656
763
|
async def main():
|
|
657
764
|
# Load policies
|
|
@@ -669,6 +776,10 @@ async def main():
|
|
|
669
776
|
asyncio.run(main())
|
|
670
777
|
```
|
|
671
778
|
|
|
779
|
+
**📚 For comprehensive Python library documentation, see:**
|
|
780
|
+
- **[Python Library Usage Guide](docs/python-library-usage.md)** - Complete guide with examples
|
|
781
|
+
- **[Library Examples](examples/library-usage/)** - Runnable code examples
|
|
782
|
+
|
|
672
783
|
## Validation Checks
|
|
673
784
|
|
|
674
785
|
### 1. Action Validation
|
|
@@ -738,6 +849,44 @@ Identifies potential security risks:
|
|
|
738
849
|
|
|
739
850
|
## GitHub Integration Features
|
|
740
851
|
|
|
852
|
+
### Flexible Comment Options
|
|
853
|
+
|
|
854
|
+
The validator provides **three independent ways** to display validation results in GitHub:
|
|
855
|
+
|
|
856
|
+
#### 1. **PR Summary Comment** (`--github-comment`)
|
|
857
|
+
Posts a high-level summary to the PR conversation with:
|
|
858
|
+
- Overall metrics (total policies, issues, severities)
|
|
859
|
+
- Grouped findings by file
|
|
860
|
+
- Detailed issue descriptions with suggestions
|
|
861
|
+
|
|
862
|
+
#### 2. **Line-Specific Review Comments** (`--github-review`)
|
|
863
|
+
Creates inline review comments on the "Files changed" tab:
|
|
864
|
+
- Comments appear directly on problematic lines
|
|
865
|
+
- Includes rich context (examples, suggestions)
|
|
866
|
+
- Automatically cleaned up on subsequent runs
|
|
867
|
+
- Review status (REQUEST_CHANGES or COMMENT) based on `fail_on_severity` config
|
|
868
|
+
|
|
869
|
+
#### 3. **GitHub Actions Job Summary** (`--github-summary`)
|
|
870
|
+
Writes a high-level overview to the Actions tab:
|
|
871
|
+
- Visible in workflow run summary
|
|
872
|
+
- Shows key metrics and severity breakdown
|
|
873
|
+
- Clean dashboard view without overwhelming details
|
|
874
|
+
|
|
875
|
+
**Mix and Match:** Use any combination of these options:
|
|
876
|
+
```bash
|
|
877
|
+
# All three for maximum visibility
|
|
878
|
+
--github-comment --github-review --github-summary
|
|
879
|
+
|
|
880
|
+
# Only line-specific review comments (clean, minimal)
|
|
881
|
+
--github-review
|
|
882
|
+
|
|
883
|
+
# Only PR summary comment
|
|
884
|
+
--github-comment
|
|
885
|
+
|
|
886
|
+
# Only Actions job summary
|
|
887
|
+
--github-summary
|
|
888
|
+
```
|
|
889
|
+
|
|
741
890
|
### Smart PR Comment Management
|
|
742
891
|
|
|
743
892
|
The validator intelligently manages PR comments to keep your PRs clean:
|
|
@@ -751,8 +900,9 @@ The validator intelligently manages PR comments to keep your PRs clean:
|
|
|
751
900
|
**Behavior:**
|
|
752
901
|
- ✅ **No Duplicates**: Summary comments are updated, not duplicated
|
|
753
902
|
- ✅ **Clean PR**: Old review comments automatically deleted before new validation
|
|
754
|
-
- ✅ **Identifiable**: All bot comments
|
|
903
|
+
- ✅ **Identifiable**: All bot comments use HTML identifiers (invisible to users)
|
|
755
904
|
- ✅ **Progressive**: In streaming mode, comments appear file-by-file
|
|
905
|
+
- ✅ **Smart Review Status**: Uses `fail_on_severity` config to determine REQUEST_CHANGES vs COMMENT
|
|
756
906
|
|
|
757
907
|
**Example:**
|
|
758
908
|
```
|
|
@@ -824,6 +974,7 @@ The comprehensive [DOCS.md](DOCS.md) file contains everything you need:
|
|
|
824
974
|
- [Custom Checks](examples/custom_checks/)
|
|
825
975
|
- [Configuration Files](examples/configs/)
|
|
826
976
|
- [Test IAM Policies](examples/iam-test-policies/)
|
|
977
|
+
- **[Roadmap](docs/ROADMAP.md)** - Planned features and improvements
|
|
827
978
|
- **[AWS Services Backup Guide](docs/aws-services-backup.md)** - Offline validation
|
|
828
979
|
- **[Contributing Guide](CONTRIBUTING.md)** - Contribution guidelines
|
|
829
980
|
- **[Publishing Guide](docs/development/PUBLISHING.md)** - Release process
|