PyPI - iam-policy-validator - Versions diffs - 1.3.0__tar.gz → 1.3.1__tar.gz - Mend

iam-policy-validator 1.3.0tar.gz → 1.3.1tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of iam-policy-validator might be problematic. Click here for more details.

Files changed (594) hide show

{iam_policy_validator-1.3.0 → iam_policy_validator-1.3.1}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: iam-policy-validator
-Version: 1.3.0
+Version: 1.3.1
 Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
 Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
 Project-URL: Documentation, https://github.com/boogy/iam-policy-validator/tree/main/docs
@@ -651,7 +651,9 @@ Use as a library in your Python applications:
 ```python
 import asyncio
-from iam_validator.core import PolicyLoader, validate_policies, ReportGenerator
+from iam_validator.core.policy_loader import PolicyLoader
+from iam_validator.core.policy_checks import validate_policies
+from iam_validator.core.report import ReportGenerator
 async def main():
     # Load policies
@@ -669,6 +671,10 @@ async def main():
 asyncio.run(main())
 ```
+**📚 For comprehensive Python library documentation, see:**
+- **[Python Library Usage Guide](docs/python-library-usage.md)** - Complete guide with examples
+- **[Library Examples](examples/library-usage/)** - Runnable code examples
 ## Validation Checks
 ### 1. Action Validation

{iam_policy_validator-1.3.0 → iam_policy_validator-1.3.1}/README.md RENAMED Viewed

@@ -609,7 +609,9 @@ Use as a library in your Python applications:
 ```python
 import asyncio
-from iam_validator.core import PolicyLoader, validate_policies, ReportGenerator
+from iam_validator.core.policy_loader import PolicyLoader
+from iam_validator.core.policy_checks import validate_policies
+from iam_validator.core.report import ReportGenerator
 async def main():
     # Load policies
@@ -627,6 +629,10 @@ async def main():
 asyncio.run(main())
 ```
+**📚 For comprehensive Python library documentation, see:**
+- **[Python Library Usage Guide](docs/python-library-usage.md)** - Complete guide with examples
+- **[Library Examples](examples/library-usage/)** - Runnable code examples
 ## Validation Checks
 ### 1. Action Validation

{iam_policy_validator-1.3.0 → iam_policy_validator-1.3.1}/aws_services/_manifest.json RENAMED Viewed

@@ -1,5 +1,5 @@
 {
-  "download_date": "2025-10-29T23:23:11.519006+00:00",
+  "download_date": "2025-10-31T23:41:25.480606+00:00",
   "total_services": 430,
   "successful_downloads": 430,
   "failed_downloads": 0,

{iam_policy_validator-1.3.0 → iam_policy_validator-1.3.1}/aws_services/aps.json RENAMED Viewed

@@ -47,6 +47,30 @@
         "IAM Action Last Accessed": true
       }
     },
+    {
+      "Name": "CreateAnomalyDetector",
+      "ActionConditionKeys": [
+        "aws:RequestTag/${TagKey}",
+        "aws:TagKeys"
+      ],
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": true
+        }
+      },
+      "Resources": [
+        {
+          "Name": "workspace"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "CreateLoggingConfiguration",
       "ActionConditionKeys": [
@@ -210,6 +234,32 @@
         "IAM Action Last Accessed": false
       }
     },
+    {
+      "Name": "DeleteAnomalyDetector",
+      "ActionConditionKeys": [
+        "aws:ResourceTag/${TagKey}"
+      ],
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": true
+        }
+      },
+      "Resources": [
+        {
+          "Name": "anomalydetector"
+        },
+        {
+          "Name": "workspace"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "DeleteLoggingConfiguration",
       "ActionConditionKeys": [
@@ -325,6 +375,29 @@
         "IAM Action Last Accessed": true
       }
     },
+    {
+      "Name": "DeleteScraperLoggingConfiguration",
+      "ActionConditionKeys": [
+        "aws:ResourceTag/${TagKey}"
+      ],
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": true
+        }
+      },
+      "Resources": [
+        {
+          "Name": "scraper"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "DeleteWorkspace",
       "ActionConditionKeys": [
@@ -371,6 +444,32 @@
         "IAM Action Last Accessed": true
       }
     },
+    {
+      "Name": "DescribeAnomalyDetector",
+      "ActionConditionKeys": [
+        "aws:ResourceTag/${TagKey}"
+      ],
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": false
+        }
+      },
+      "Resources": [
+        {
+          "Name": "anomalydetector"
+        },
+        {
+          "Name": "workspace"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "DescribeLoggingConfiguration",
       "ActionConditionKeys": [
@@ -486,6 +585,29 @@
         "IAM Action Last Accessed": true
       }
     },
+    {
+      "Name": "DescribeScraperLoggingConfiguration",
+      "ActionConditionKeys": [
+        "aws:ResourceTag/${TagKey}"
+      ],
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": false
+        }
+      },
+      "Resources": [
+        {
+          "Name": "scraper"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "DescribeWorkspace",
       "ActionConditionKeys": [
@@ -777,6 +899,29 @@
         "IAM Action Last Accessed": false
       }
     },
+    {
+      "Name": "ListAnomalyDetectors",
+      "ActionConditionKeys": [
+        "aws:ResourceTag/${TagKey}"
+      ],
+      "Annotations": {
+        "Properties": {
+          "IsList": true,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": false
+        }
+      },
+      "Resources": [
+        {
+          "Name": "workspace"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "ListRuleGroupsNamespaces",
       "ActionConditionKeys": [
@@ -853,6 +998,9 @@
         }
       },
       "Resources": [
+        {
+          "Name": "anomalydetector"
+        },
         {
           "Name": "rulegroupsnamespace"
         },
@@ -883,6 +1031,29 @@
         "IAM Action Last Accessed": true
       }
     },
+    {
+      "Name": "PreviewAnomalyDetector",
+      "ActionConditionKeys": [
+        "aws:ResourceTag/${TagKey}"
+      ],
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": false
+        }
+      },
+      "Resources": [
+        {
+          "Name": "workspace"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "PutAlertManagerDefinition",
       "ActionConditionKeys": [
@@ -929,6 +1100,32 @@
         "IAM Action Last Accessed": false
       }
     },
+    {
+      "Name": "PutAnomalyDetector",
+      "ActionConditionKeys": [
+        "aws:ResourceTag/${TagKey}"
+      ],
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": true
+        }
+      },
+      "Resources": [
+        {
+          "Name": "anomalydetector"
+        },
+        {
+          "Name": "workspace"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "PutResourcePolicy",
       "ActionConditionKeys": [
@@ -1036,6 +1233,9 @@
         }
       },
       "Resources": [
+        {
+          "Name": "anomalydetector"
+        },
         {
           "Name": "rulegroupsnamespace"
         },
@@ -1065,6 +1265,9 @@
         }
       },
       "Resources": [
+        {
+          "Name": "anomalydetector"
+        },
         {
           "Name": "rulegroupsnamespace"
         },
@@ -1152,6 +1355,29 @@
         "IAM Action Last Accessed": true
       }
     },
+    {
+      "Name": "UpdateScraperLoggingConfiguration",
+      "ActionConditionKeys": [
+        "aws:ResourceTag/${TagKey}"
+      ],
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": true
+        }
+      },
+      "Resources": [
+        {
+          "Name": "scraper"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "UpdateWorkspaceAlias",
       "ActionConditionKeys": [
@@ -1220,6 +1446,17 @@
     }
   ],
   "Resources": [
+    {
+      "Name": "anomalydetector",
+      "ARNFormats": [
+        "arn:${Partition}:aps:${Region}:${Account}:anomalydetector/${WorkspaceId}/${AnomalyDetectorId}"
+      ],
+      "ConditionKeys": [
+        "aws:RequestTag/${TagKey}",
+        "aws:ResourceTag/${TagKey}",
+        "aws:TagKeys"
+      ]
+    },
     {
       "Name": "cluster",
       "ARNFormats": [

{iam_policy_validator-1.3.0 → iam_policy_validator-1.3.1}/aws_services/bedrock.json RENAMED Viewed

@@ -2950,6 +2950,26 @@
         "IAM Action Last Accessed": false
       }
     },
+    {
+      "Name": "InvokeTool",
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": false
+        }
+      },
+      "Resources": [
+        {
+          "Name": "system-tool"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "ListAgentActionGroups",
       "Annotations": {
@@ -5183,6 +5203,12 @@
       "ConditionKeys": [
         "aws:ResourceTag/${TagKey}"
       ]
+    },
+    {
+      "Name": "system-tool",
+      "ARNFormats": [
+        "arn:${Partition}:bedrock::${Account}:system-tool/${ResourceId}"
+      ]
     }
   ],
   "Version": "v1.3"

{iam_policy_validator-1.3.0 → iam_policy_validator-1.3.1}/aws_services/cognito-idp.json RENAMED Viewed

@@ -719,6 +719,26 @@
         "IAM Action Last Accessed": true
       }
     },
+    {
+      "Name": "CreateTerms",
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": true
+        }
+      },
+      "Resources": [
+        {
+          "Name": "userpool"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "CreateUserImportJob",
       "Annotations": {
@@ -879,6 +899,26 @@
         "IAM Action Last Accessed": true
       }
     },
+    {
+      "Name": "DeleteTerms",
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": true
+        }
+      },
+      "Resources": [
+        {
+          "Name": "userpool"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "DeleteUser",
       "Annotations": {
@@ -1069,6 +1109,26 @@
         "IAM Action Last Accessed": true
       }
     },
+    {
+      "Name": "DescribeTerms",
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": false
+        }
+      },
+      "Resources": [
+        {
+          "Name": "userpool"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "DescribeUserImportJob",
       "Annotations": {
@@ -1559,6 +1619,26 @@
         "IAM Action Last Accessed": false
       }
     },
+    {
+      "Name": "ListTerms",
+      "Annotations": {
+        "Properties": {
+          "IsList": true,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": false
+        }
+      },
+      "Resources": [
+        {
+          "Name": "userpool"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "ListUserImportJobs",
       "Annotations": {
@@ -2026,6 +2106,26 @@
         "IAM Action Last Accessed": true
       }
     },
+    {
+      "Name": "UpdateTerms",
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": true
+        }
+      },
+      "Resources": [
+        {
+          "Name": "userpool"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "UpdateUserAttributes",
       "Annotations": {

{iam_policy_validator-1.3.0 → iam_policy_validator-1.3.1}/aws_services/emr-containers.json RENAMED Viewed

@@ -158,6 +158,26 @@
         "IAM Action Last Accessed": true
       }
     },
+    {
+      "Name": "DeleteSecurityConfiguration",
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": true
+        }
+      },
+      "Resources": [
+        {
+          "Name": "securityConfiguration"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "DeleteVirtualCluster",
       "Annotations": {

{iam_policy_validator-1.3.0 → iam_policy_validator-1.3.1}/aws_services/iotmanagedintegrations.json RENAMED Viewed

@@ -611,6 +611,26 @@
         "IAM Action Last Accessed": false
       }
     },
+    {
+      "Name": "GetManagedThingCertificate",
+      "Annotations": {
+        "Properties": {
+          "IsList": false,
+          "IsPermissionManagement": false,
+          "IsTaggingOnly": false,
+          "IsWrite": false
+        }
+      },
+      "Resources": [
+        {
+          "Name": "managed-thing"
+        }
+      ],
+      "SupportedBy": {
+        "IAM Access Analyzer Policy Generation": false,
+        "IAM Action Last Accessed": false
+      }
+    },
     {
       "Name": "GetManagedThingConnectivityData",
       "Annotations": {

{iam_policy_validator-1.3.0 → iam_policy_validator-1.3.1}/default-config.yaml RENAMED Viewed

@@ -687,8 +687,6 @@ action_condition_enforcement_check:
     # Prevents cross-organization writes for data exfiltration (when used with AWS Organizations)
     - actions:
         - "s3:PutObject"
-        - "s3:DeleteObject"
-        - "s3:CreateBucket"
       # - action_patterns:
       #     - "^s3:Put.*$"
       #     - "^s3:Delete.*$"

{iam_policy_validator-1.3.0 → iam_policy_validator-1.3.1}/docs/README.md RENAMED Viewed

@@ -11,11 +11,12 @@ This directory contains comprehensive documentation for the IAM Policy Validator
 ## Documentation Index
 ### User Guides
+- **[Python Library Usage](python-library-usage.md)** ⭐ - Using IAM Policy Validator as a Python library
 - **[AWS Services Backup](aws-services-backup.md)** - Download AWS services for offline validation
 - **[Configuration Reference](configuration.md)** - YAML configuration options and examples
 - **[Custom Checks Guide](custom-checks.md)** - Creating custom validation rules
 - **[Privilege Escalation Detection](privilege-escalation.md)** - Policy-level privilege escalation patterns
-- **[Smart Filtering](smart-filtering.md)** ⭐ - Automatic IAM policy detection and filtering
+- **[Smart Filtering](smart-filtering.md)** - Automatic IAM policy detection and filtering
 ### Integration Guides
 - **[GitHub Actions Workflows](github-actions-workflows.md)** - Complete workflow setup guide with OIDC

iam-policy-validator 1.3.0__tar.gz → 1.3.1__tar.gz

Potentially problematic release.

iam-policy-validator 1.3.0tar.gz → 1.3.1tar.gz