iam-policy-validator 1.3.0__tar.gz → 1.4.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (620) hide show
  1. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/DOCS.md +162 -6
  2. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/PKG-INFO +160 -8
  3. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/README.md +159 -7
  4. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/_manifest.json +1 -1
  5. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/aps.json +237 -0
  6. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/bedrock.json +26 -0
  7. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cognito-idp.json +100 -0
  8. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/emr-containers.json +20 -0
  9. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iotmanagedintegrations.json +20 -0
  10. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/default-config.yaml +78 -19
  11. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/docs/README.md +2 -1
  12. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/docs/configuration.md +190 -0
  13. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/docs/github-actions-workflows.md +29 -6
  14. iam_policy_validator-1.4.0/docs/python-library-usage.md +1028 -0
  15. iam_policy_validator-1.4.0/examples/configs/principal-validation-public-with-conditions.yaml +33 -0
  16. iam_policy_validator-1.4.0/examples/configs/principal-validation-relaxed.yaml +32 -0
  17. iam_policy_validator-1.4.0/examples/configs/principal-validation-strict.yaml +36 -0
  18. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/github-actions/README.md +27 -7
  19. iam_policy_validator-1.4.0/examples/iam-test-policies/README.md +159 -0
  20. iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies/invalid-sid-special-chars.json +17 -0
  21. iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies/invalid-sid-with-spaces.json +23 -0
  22. iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies/valid-sid-formats.json +29 -0
  23. iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies/wrong-s3-condition.json +28 -0
  24. iam_policy_validator-1.4.0/examples/iam-test-policies/resource-control-policies/rcp-invalid-allow-effect.json +12 -0
  25. iam_policy_validator-1.4.0/examples/iam-test-policies/resource-control-policies/rcp-invalid-not-action.json +12 -0
  26. iam_policy_validator-1.4.0/examples/iam-test-policies/resource-control-policies/rcp-invalid-specific-principal.json +14 -0
  27. iam_policy_validator-1.4.0/examples/iam-test-policies/resource-control-policies/rcp-invalid-unsupported-service.json +17 -0
  28. iam_policy_validator-1.4.0/examples/iam-test-policies/resource-control-policies/rcp-invalid-wildcard-action.json +12 -0
  29. iam_policy_validator-1.4.0/examples/iam-test-policies/resource-control-policies/rcp-valid-enforce-encryption.json +32 -0
  30. iam_policy_validator-1.4.0/examples/iam-test-policies/resource-policies/kms-key-policy-cross-account.json +29 -0
  31. iam_policy_validator-1.4.0/examples/iam-test-policies/resource-policies/lambda-permission-api-gateway.json +19 -0
  32. iam_policy_validator-1.4.0/examples/iam-test-policies/resource-policies/s3-bucket-policy-cloudfront.json +19 -0
  33. iam_policy_validator-1.4.0/examples/iam-test-policies/resource-policies/s3-bucket-policy-public-with-conditions.json +20 -0
  34. iam_policy_validator-1.4.0/examples/iam-test-policies/resource-policies/s3-bucket-policy-public.json +12 -0
  35. iam_policy_validator-1.4.0/examples/iam-test-policies/resource-policies/s3-bucket-policy-specific-account.json +17 -0
  36. iam_policy_validator-1.4.0/examples/iam-test-policies/resource-policies/sns-topic-policy-cross-account.json +20 -0
  37. iam_policy_validator-1.4.0/examples/iam-test-policies/service-control-policies/deny-root-account-usage.json +16 -0
  38. iam_policy_validator-1.4.0/examples/iam-test-policies/service-control-policies/require-mfa.json +24 -0
  39. iam_policy_validator-1.4.0/examples/iam-test-policies/service-control-policies/restrict-regions.json +20 -0
  40. iam_policy_validator-1.4.0/examples/library-usage/README.md +118 -0
  41. iam_policy_validator-1.4.0/examples/library-usage/example1_basic_usage.py +35 -0
  42. iam_policy_validator-1.4.0/examples/library-usage/example2_config_file.py +36 -0
  43. iam_policy_validator-1.4.0/examples/library-usage/example3_programmatic_config.py +67 -0
  44. iam_policy_validator-1.4.0/examples/library-usage/quick_reference.py +201 -0
  45. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/__version__.py +1 -1
  46. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/checks/__init__.py +2 -0
  47. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/checks/policy_size.py +1 -0
  48. iam_policy_validator-1.4.0/iam_validator/checks/policy_type_validation.py +299 -0
  49. iam_policy_validator-1.4.0/iam_validator/checks/principal_validation.py +282 -0
  50. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/checks/security_best_practices.py +1 -0
  51. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/checks/sid_uniqueness.py +45 -7
  52. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/commands/post_to_pr.py +7 -0
  53. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/commands/validate.py +176 -14
  54. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/aws_fetcher.py +16 -2
  55. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/check_registry.py +12 -2
  56. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/defaults.py +41 -14
  57. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/models.py +13 -3
  58. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/policy_checks.py +39 -6
  59. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/pr_commenter.py +30 -9
  60. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/pyproject.toml +1 -1
  61. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/scripts/sync_defaults_from_yaml.py +2 -2
  62. iam_policy_validator-1.4.0/tests/test_policy_type_validation.py +334 -0
  63. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/uv.lock +1 -1
  64. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/.github/dependabot.yml +0 -0
  65. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/.github/workflows/ci.yml +0 -0
  66. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/.github/workflows/release.yml +0 -0
  67. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/.gitignore +0 -0
  68. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/.python-version +0 -0
  69. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/CONTRIBUTING.md +0 -0
  70. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/LICENSE +0 -0
  71. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/Makefile +0 -0
  72. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/action.yaml +0 -0
  73. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/_services.json +0 -0
  74. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/a2c.json +0 -0
  75. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/a4b.json +0 -0
  76. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/access-analyzer.json +0 -0
  77. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/account.json +0 -0
  78. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/acm-pca.json +0 -0
  79. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/acm.json +0 -0
  80. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/action-recommendations.json +0 -0
  81. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/activate.json +0 -0
  82. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/aiops.json +0 -0
  83. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/airflow.json +0 -0
  84. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/amplify.json +0 -0
  85. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/amplifybackend.json +0 -0
  86. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/amplifyuibuilder.json +0 -0
  87. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/aoss.json +0 -0
  88. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/apigateway.json +0 -0
  89. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/app-integrations.json +0 -0
  90. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/appconfig.json +0 -0
  91. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/appfabric.json +0 -0
  92. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/appflow.json +0 -0
  93. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/application-autoscaling.json +0 -0
  94. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/application-signals.json +0 -0
  95. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/application-transformation.json +0 -0
  96. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/applicationinsights.json +0 -0
  97. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/appmesh-preview.json +0 -0
  98. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/appmesh.json +0 -0
  99. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/apprunner.json +0 -0
  100. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/appstream.json +0 -0
  101. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/appstudio.json +0 -0
  102. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/appsync.json +0 -0
  103. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/apptest.json +0 -0
  104. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/arc-region-switch.json +0 -0
  105. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/arc-zonal-shift.json +0 -0
  106. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/arsenal.json +0 -0
  107. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/artifact.json +0 -0
  108. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/athena.json +0 -0
  109. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/auditmanager.json +0 -0
  110. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/autoscaling-plans.json +0 -0
  111. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/autoscaling.json +0 -0
  112. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/aws-marketplace-management.json +0 -0
  113. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/aws-marketplace.json +0 -0
  114. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/aws-portal.json +0 -0
  115. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/awsconnector.json +0 -0
  116. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/b2bi.json +0 -0
  117. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/backup-gateway.json +0 -0
  118. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/backup-search.json +0 -0
  119. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/backup-storage.json +0 -0
  120. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/backup.json +0 -0
  121. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/batch.json +0 -0
  122. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/bcm-dashboards.json +0 -0
  123. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/bcm-data-exports.json +0 -0
  124. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/bcm-pricing-calculator.json +0 -0
  125. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/bcm-recommended-actions.json +0 -0
  126. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/bedrock-agentcore.json +0 -0
  127. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/billing.json +0 -0
  128. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/billingconductor.json +0 -0
  129. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/braket.json +0 -0
  130. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/budgets.json +0 -0
  131. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/bugbust.json +0 -0
  132. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cases.json +0 -0
  133. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cassandra.json +0 -0
  134. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ce.json +0 -0
  135. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/chatbot.json +0 -0
  136. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/chime.json +0 -0
  137. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cleanrooms-ml.json +0 -0
  138. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cleanrooms.json +0 -0
  139. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cloud9.json +0 -0
  140. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/clouddirectory.json +0 -0
  141. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cloudformation.json +0 -0
  142. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cloudfront-keyvaluestore.json +0 -0
  143. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cloudfront.json +0 -0
  144. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cloudhsm.json +0 -0
  145. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cloudsearch.json +0 -0
  146. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cloudshell.json +0 -0
  147. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cloudtrail-data.json +0 -0
  148. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cloudtrail.json +0 -0
  149. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cloudwatch.json +0 -0
  150. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codeartifact.json +0 -0
  151. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codebuild.json +0 -0
  152. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codecatalyst.json +0 -0
  153. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codecommit.json +0 -0
  154. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codeconnections.json +0 -0
  155. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codedeploy-commands-secure.json +0 -0
  156. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codedeploy.json +0 -0
  157. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codeguru-profiler.json +0 -0
  158. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codeguru-reviewer.json +0 -0
  159. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codeguru-security.json +0 -0
  160. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codeguru.json +0 -0
  161. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codepipeline.json +0 -0
  162. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codestar-connections.json +0 -0
  163. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codestar-notifications.json +0 -0
  164. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codestar.json +0 -0
  165. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/codewhisperer.json +0 -0
  166. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cognito-identity.json +0 -0
  167. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cognito-sync.json +0 -0
  168. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/comprehend.json +0 -0
  169. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/comprehendmedical.json +0 -0
  170. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/compute-optimizer.json +0 -0
  171. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/config.json +0 -0
  172. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/connect-campaigns.json +0 -0
  173. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/connect.json +0 -0
  174. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/consoleapp.json +0 -0
  175. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/consolidatedbilling.json +0 -0
  176. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/controlcatalog.json +0 -0
  177. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/controltower.json +0 -0
  178. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cost-optimization-hub.json +0 -0
  179. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/cur.json +0 -0
  180. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/customer-verification.json +0 -0
  181. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/databrew.json +0 -0
  182. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/dataexchange.json +0 -0
  183. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/datapipeline.json +0 -0
  184. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/datasync.json +0 -0
  185. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/datazone.json +0 -0
  186. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/dax.json +0 -0
  187. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/dbqms.json +0 -0
  188. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/deadline.json +0 -0
  189. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/deepcomposer.json +0 -0
  190. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/deepracer.json +0 -0
  191. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/detective.json +0 -0
  192. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/devicefarm.json +0 -0
  193. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/devops-guru.json +0 -0
  194. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/directconnect.json +0 -0
  195. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/discovery.json +0 -0
  196. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/dlm.json +0 -0
  197. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/dms.json +0 -0
  198. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/docdb-elastic.json +0 -0
  199. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/drs.json +0 -0
  200. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ds-data.json +0 -0
  201. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ds.json +0 -0
  202. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/dsql.json +0 -0
  203. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/dynamodb.json +0 -0
  204. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ebs.json +0 -0
  205. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ec2-instance-connect.json +0 -0
  206. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ec2.json +0 -0
  207. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ec2messages.json +0 -0
  208. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ecr-public.json +0 -0
  209. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ecr.json +0 -0
  210. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ecs.json +0 -0
  211. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/eks-auth.json +0 -0
  212. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/eks.json +0 -0
  213. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/elasticache.json +0 -0
  214. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/elasticbeanstalk.json +0 -0
  215. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/elasticfilesystem.json +0 -0
  216. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/elasticloadbalancing.json +0 -0
  217. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/elasticmapreduce.json +0 -0
  218. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/elastictranscoder.json +0 -0
  219. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/elemental-activations.json +0 -0
  220. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/elemental-appliances-software.json +0 -0
  221. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/elemental-support-cases.json +0 -0
  222. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/elemental-support-content.json +0 -0
  223. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/emr-serverless.json +0 -0
  224. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/entityresolution.json +0 -0
  225. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/es.json +0 -0
  226. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/events.json +0 -0
  227. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/evidently.json +0 -0
  228. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/evs.json +0 -0
  229. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/execute-api.json +0 -0
  230. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/finspace-api.json +0 -0
  231. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/finspace.json +0 -0
  232. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/firehose.json +0 -0
  233. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/fis.json +0 -0
  234. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/fms.json +0 -0
  235. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/forecast.json +0 -0
  236. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/frauddetector.json +0 -0
  237. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/freertos.json +0 -0
  238. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/freetier.json +0 -0
  239. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/fsx.json +0 -0
  240. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/gamelift.json +0 -0
  241. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/gameliftstreams.json +0 -0
  242. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/geo-maps.json +0 -0
  243. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/geo-places.json +0 -0
  244. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/geo-routes.json +0 -0
  245. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/geo.json +0 -0
  246. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/glacier.json +0 -0
  247. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/globalaccelerator.json +0 -0
  248. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/glue.json +0 -0
  249. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/grafana.json +0 -0
  250. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/greengrass.json +0 -0
  251. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/groundstation.json +0 -0
  252. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/groundtruthlabeling.json +0 -0
  253. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/guardduty.json +0 -0
  254. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/health.json +0 -0
  255. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/healthlake.json +0 -0
  256. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/honeycode.json +0 -0
  257. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iam.json +0 -0
  258. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/identity-sync.json +0 -0
  259. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/identitystore-auth.json +0 -0
  260. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/identitystore.json +0 -0
  261. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/imagebuilder.json +0 -0
  262. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/importexport.json +0 -0
  263. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/inspector-scan.json +0 -0
  264. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/inspector.json +0 -0
  265. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/inspector2.json +0 -0
  266. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/internetmonitor.json +0 -0
  267. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/invoicing.json +0 -0
  268. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iot-device-tester.json +0 -0
  269. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iot.json +0 -0
  270. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iotanalytics.json +0 -0
  271. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iotdeviceadvisor.json +0 -0
  272. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iotevents.json +0 -0
  273. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iotfleethub.json +0 -0
  274. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iotfleetwise.json +0 -0
  275. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iotjobsdata.json +0 -0
  276. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iotsitewise.json +0 -0
  277. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iottwinmaker.json +0 -0
  278. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iotwireless.json +0 -0
  279. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iq-permission.json +0 -0
  280. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/iq.json +0 -0
  281. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ivs.json +0 -0
  282. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ivschat.json +0 -0
  283. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/kafka-cluster.json +0 -0
  284. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/kafka.json +0 -0
  285. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/kafkaconnect.json +0 -0
  286. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/kendra-ranking.json +0 -0
  287. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/kendra.json +0 -0
  288. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/kinesis.json +0 -0
  289. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/kinesisanalytics.json +0 -0
  290. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/kinesisvideo.json +0 -0
  291. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/kms.json +0 -0
  292. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/lakeformation.json +0 -0
  293. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/lambda.json +0 -0
  294. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/launchwizard.json +0 -0
  295. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/lex.json +0 -0
  296. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/license-manager-linux-subscriptions.json +0 -0
  297. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/license-manager-user-subscriptions.json +0 -0
  298. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/license-manager.json +0 -0
  299. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/lightsail.json +0 -0
  300. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/logs.json +0 -0
  301. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/lookoutequipment.json +0 -0
  302. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/lookoutmetrics.json +0 -0
  303. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/lookoutvision.json +0 -0
  304. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/m2.json +0 -0
  305. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/machinelearning.json +0 -0
  306. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/macie2.json +0 -0
  307. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/managedblockchain-query.json +0 -0
  308. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/managedblockchain.json +0 -0
  309. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mapcredits.json +0 -0
  310. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/marketplacecommerceanalytics.json +0 -0
  311. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mechanicalturk.json +0 -0
  312. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mediaconnect.json +0 -0
  313. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mediaconvert.json +0 -0
  314. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mediaimport.json +0 -0
  315. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/medialive.json +0 -0
  316. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mediapackage-vod.json +0 -0
  317. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mediapackage.json +0 -0
  318. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mediapackagev2.json +0 -0
  319. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mediastore.json +0 -0
  320. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mediatailor.json +0 -0
  321. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/medical-imaging.json +0 -0
  322. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/memorydb.json +0 -0
  323. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mgh.json +0 -0
  324. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mgn.json +0 -0
  325. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/migrationhub-orchestrator.json +0 -0
  326. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/migrationhub-strategy.json +0 -0
  327. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mobileanalytics.json +0 -0
  328. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mobiletargeting.json +0 -0
  329. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/monitron.json +0 -0
  330. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mpa.json +0 -0
  331. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/mq.json +0 -0
  332. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/neptune-db.json +0 -0
  333. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/neptune-graph.json +0 -0
  334. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/network-firewall.json +0 -0
  335. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/network-security-director.json +0 -0
  336. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/networkflowmonitor.json +0 -0
  337. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/networkmanager-chat.json +0 -0
  338. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/networkmanager.json +0 -0
  339. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/networkmonitor.json +0 -0
  340. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/nimble.json +0 -0
  341. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/notifications-contacts.json +0 -0
  342. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/notifications.json +0 -0
  343. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/oam.json +0 -0
  344. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/observabilityadmin.json +0 -0
  345. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/odb.json +0 -0
  346. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/omics.json +0 -0
  347. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/one.json +0 -0
  348. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/opensearch.json +0 -0
  349. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/opsworks-cm.json +0 -0
  350. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/opsworks.json +0 -0
  351. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/organizations.json +0 -0
  352. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/osis.json +0 -0
  353. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/outposts.json +0 -0
  354. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/panorama.json +0 -0
  355. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/partnercentral-account-management.json +0 -0
  356. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/partnercentral.json +0 -0
  357. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/payment-cryptography.json +0 -0
  358. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/payments.json +0 -0
  359. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/pca-connector-ad.json +0 -0
  360. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/pca-connector-scep.json +0 -0
  361. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/pcs.json +0 -0
  362. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/personalize.json +0 -0
  363. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/pi.json +0 -0
  364. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/pipes.json +0 -0
  365. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/polly.json +0 -0
  366. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/pricing.json +0 -0
  367. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/private-networks.json +0 -0
  368. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/profile.json +0 -0
  369. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/proton.json +0 -0
  370. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/purchase-orders.json +0 -0
  371. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/q.json +0 -0
  372. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/qapps.json +0 -0
  373. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/qbusiness.json +0 -0
  374. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/qdeveloper.json +0 -0
  375. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/qldb.json +0 -0
  376. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/quicksight.json +0 -0
  377. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ram.json +0 -0
  378. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/rbin.json +0 -0
  379. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/rds-data.json +0 -0
  380. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/rds-db.json +0 -0
  381. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/rds.json +0 -0
  382. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/redshift-data.json +0 -0
  383. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/redshift-serverless.json +0 -0
  384. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/redshift.json +0 -0
  385. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/refactor-spaces.json +0 -0
  386. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/rekognition.json +0 -0
  387. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/repostspace.json +0 -0
  388. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/resiliencehub.json +0 -0
  389. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/resource-explorer-2.json +0 -0
  390. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/resource-explorer.json +0 -0
  391. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/resource-groups.json +0 -0
  392. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/rhelkb.json +0 -0
  393. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/robomaker.json +0 -0
  394. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/rolesanywhere.json +0 -0
  395. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/route53-recovery-cluster.json +0 -0
  396. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/route53-recovery-control-config.json +0 -0
  397. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/route53-recovery-readiness.json +0 -0
  398. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/route53.json +0 -0
  399. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/route53domains.json +0 -0
  400. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/route53profiles.json +0 -0
  401. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/route53resolver.json +0 -0
  402. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/rtbfabric.json +0 -0
  403. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/rum.json +0 -0
  404. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/s3-object-lambda.json +0 -0
  405. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/s3-outposts.json +0 -0
  406. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/s3.json +0 -0
  407. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/s3express.json +0 -0
  408. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/s3tables.json +0 -0
  409. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/s3vectors.json +0 -0
  410. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sagemaker-data-science-assistant.json +0 -0
  411. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sagemaker-geospatial.json +0 -0
  412. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sagemaker-mlflow.json +0 -0
  413. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sagemaker.json +0 -0
  414. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/savingsplans.json +0 -0
  415. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/scheduler.json +0 -0
  416. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/schemas.json +0 -0
  417. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/scn.json +0 -0
  418. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sdb.json +0 -0
  419. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/secretsmanager.json +0 -0
  420. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/security-ir.json +0 -0
  421. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/securityhub.json +0 -0
  422. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/securitylake.json +0 -0
  423. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/serverlessrepo.json +0 -0
  424. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/servicecatalog.json +0 -0
  425. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/servicediscovery.json +0 -0
  426. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/serviceextract.json +0 -0
  427. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/servicequotas.json +0 -0
  428. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ses.json +0 -0
  429. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/shield.json +0 -0
  430. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/signer.json +0 -0
  431. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/signin.json +0 -0
  432. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/simspaceweaver.json +0 -0
  433. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sms-voice.json +0 -0
  434. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sms.json +0 -0
  435. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/snow-device-management.json +0 -0
  436. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/snowball.json +0 -0
  437. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sns.json +0 -0
  438. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/social-messaging.json +0 -0
  439. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sqlworkbench.json +0 -0
  440. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sqs.json +0 -0
  441. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ssm-contacts.json +0 -0
  442. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ssm-guiconnect.json +0 -0
  443. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ssm-incidents.json +0 -0
  444. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ssm-quicksetup.json +0 -0
  445. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ssm-sap.json +0 -0
  446. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ssm.json +0 -0
  447. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ssmmessages.json +0 -0
  448. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sso-directory.json +0 -0
  449. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sso-oauth.json +0 -0
  450. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sso.json +0 -0
  451. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/states.json +0 -0
  452. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/storagegateway.json +0 -0
  453. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sts.json +0 -0
  454. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/support-console.json +0 -0
  455. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/support.json +0 -0
  456. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/supportapp.json +0 -0
  457. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/supportplans.json +0 -0
  458. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/sustainability.json +0 -0
  459. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/swf.json +0 -0
  460. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/synthetics.json +0 -0
  461. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/tag.json +0 -0
  462. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/tax.json +0 -0
  463. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/textract.json +0 -0
  464. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/thinclient.json +0 -0
  465. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/timestream-influxdb.json +0 -0
  466. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/timestream.json +0 -0
  467. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/tiros.json +0 -0
  468. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/tnb.json +0 -0
  469. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/transcribe.json +0 -0
  470. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/transfer.json +0 -0
  471. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/transform.json +0 -0
  472. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/translate.json +0 -0
  473. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/trustedadvisor.json +0 -0
  474. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/ts.json +0 -0
  475. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/user-subscriptions.json +0 -0
  476. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/uxc.json +0 -0
  477. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/vendor-insights.json +0 -0
  478. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/verified-access.json +0 -0
  479. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/verifiedpermissions.json +0 -0
  480. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/voiceid.json +0 -0
  481. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/vpc-lattice-svcs.json +0 -0
  482. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/vpc-lattice.json +0 -0
  483. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/vpce.json +0 -0
  484. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/waf-regional.json +0 -0
  485. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/waf.json +0 -0
  486. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/wafv2.json +0 -0
  487. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/wam.json +0 -0
  488. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/wellarchitected.json +0 -0
  489. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/wickr.json +0 -0
  490. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/wisdom.json +0 -0
  491. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/workdocs.json +0 -0
  492. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/worklink.json +0 -0
  493. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/workmail.json +0 -0
  494. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/workmailmessageflow.json +0 -0
  495. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/workspaces-instances.json +0 -0
  496. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/workspaces-web.json +0 -0
  497. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/workspaces.json +0 -0
  498. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/xray.json +0 -0
  499. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/docs/aws-services-backup.md +0 -0
  500. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/docs/custom-checks.md +0 -0
  501. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/docs/development/PUBLISHING.md +0 -0
  502. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/docs/github-actions-examples.md +0 -0
  503. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/docs/privilege-escalation.md +0 -0
  504. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/docs/smart-filtering.md +0 -0
  505. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/README.md +0 -0
  506. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/access-analyzer/example1.json +0 -0
  507. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/access-analyzer/example2.json +0 -0
  508. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/configs/basic-config.yaml +0 -0
  509. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/configs/offline-validation.yaml +0 -0
  510. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/configs/strict-security.yaml +0 -0
  511. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/custom_checks/README.md +0 -0
  512. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/custom_checks/advanced_multi_condition_validator.py +0 -0
  513. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/custom_checks/cross_account_external_id_check.py +0 -0
  514. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/custom_checks/domain_restriction_check.py +0 -0
  515. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/custom_checks/encryption_required_check.py +0 -0
  516. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/custom_checks/mfa_required_check.py +0 -0
  517. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/custom_checks/region_restriction_check.py +0 -0
  518. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/custom_checks/tag_enforcement_check.py +0 -0
  519. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/custom_checks/time_based_access_check.py +0 -0
  520. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/github-actions/access-analyzer-only.yaml +0 -0
  521. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/github-actions/basic-validation.yaml +0 -0
  522. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/github-actions/custom-policy-checks.yml +0 -0
  523. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/github-actions/multi-region-validation.yaml +0 -0
  524. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/github-actions/resource-policy-validation.yaml +0 -0
  525. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/github-actions/sequential-validation.yaml +0 -0
  526. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/github-actions/two-step-validation.yaml +0 -0
  527. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/examples/github-actions/validate-changed-files.yaml +0 -0
  528. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/allowed-wildcard-resource.json +0 -0
  529. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/api_gateway_management.json +0 -0
  530. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/athena_query_access.json +0 -0
  531. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/backup_vault_access.json +0 -0
  532. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/cloudformation_deployer.json +0 -0
  533. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/cloudwatch_monitoring.json +0 -0
  534. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/cognito_user_pool.json +0 -0
  535. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/dynamodb_table_access.json +0 -0
  536. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/ecs_task_execution.json +0 -0
  537. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/eventbridge_rules.json +0 -0
  538. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/glue_etl_jobs.json +0 -0
  539. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/insecure_policy.json +0 -0
  540. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/insecure_policy.yaml +0 -0
  541. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/invalid-resource-constraint.json +0 -0
  542. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/invalid_policy.json +0 -0
  543. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/kms_encryption_keys.json +0 -0
  544. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/lambda_developer.json +0 -0
  545. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/lambda_developer.yaml +0 -0
  546. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/maximum_size_policy.json +0 -0
  547. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/policy_missing_required_tags.json +0 -0
  548. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/policy_tag_enforcement_example.json +0 -0
  549. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/policy_with_wildcard_resources.json +0 -0
  550. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/privilege_escalation_scattered.json +0 -0
  551. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/rds_database_admin.json +0 -0
  552. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/s3_bucket_access.yaml +0 -0
  553. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/sample_policy.json +0 -0
  554. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/sample_policy.yaml +0 -0
  555. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/secrets_manager_access.json +0 -0
  556. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/sensitive-action-wildcards.json +0 -0
  557. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/sns_sqs_messaging.json +0 -0
  558. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/step_functions_workflow.json +0 -0
  559. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/test_none_of_valid.json +0 -0
  560. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/test_none_of_violations.json +0 -0
  561. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/wildcard_examples.json +0 -0
  562. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/wildcard_examples.yaml +0 -0
  563. {iam_policy_validator-1.3.0/examples/iam-test-policies → iam_policy_validator-1.4.0/examples/iam-test-policies/identity-policies}/wrong-condition-key.json +0 -0
  564. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/__init__.py +0 -0
  565. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/__main__.py +0 -0
  566. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/checks/action_condition_enforcement.py +0 -0
  567. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/checks/action_resource_constraint.py +0 -0
  568. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/checks/action_validation.py +0 -0
  569. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/checks/condition_key_validation.py +0 -0
  570. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/checks/resource_validation.py +0 -0
  571. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/checks/utils/__init__.py +0 -0
  572. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/checks/utils/policy_level_checks.py +0 -0
  573. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/checks/utils/sensitive_action_matcher.py +0 -0
  574. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/checks/utils/wildcard_expansion.py +0 -0
  575. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/commands/__init__.py +0 -0
  576. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/commands/analyze.py +0 -0
  577. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/commands/base.py +0 -0
  578. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/commands/cache.py +0 -0
  579. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/commands/download_services.py +0 -0
  580. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/__init__.py +0 -0
  581. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/access_analyzer.py +0 -0
  582. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/access_analyzer_report.py +0 -0
  583. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/aws_global_conditions.py +0 -0
  584. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/cli.py +0 -0
  585. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/config_loader.py +0 -0
  586. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/formatters/__init__.py +0 -0
  587. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/formatters/base.py +0 -0
  588. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/formatters/console.py +0 -0
  589. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/formatters/csv.py +0 -0
  590. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/formatters/enhanced.py +0 -0
  591. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/formatters/html.py +0 -0
  592. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/formatters/json.py +0 -0
  593. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/formatters/markdown.py +0 -0
  594. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/formatters/sarif.py +0 -0
  595. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/policy_loader.py +0 -0
  596. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/core/report.py +0 -0
  597. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/integrations/__init__.py +0 -0
  598. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/integrations/github_integration.py +0 -0
  599. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/iam_validator/integrations/ms_teams.py +0 -0
  600. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/scripts/download_aws_services.py +0 -0
  601. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/README.md +0 -0
  602. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/__init__.py +0 -0
  603. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_action_condition_enforcement.py +0 -0
  604. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_action_resource_constraint.py +0 -0
  605. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_action_validation_check.py +0 -0
  606. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_aws_fetcher_wildcards.py +0 -0
  607. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_aws_global_conditions.py +0 -0
  608. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_check_registry.py +0 -0
  609. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_comment_truncation.py +0 -0
  610. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_condition_key_validation_check.py +0 -0
  611. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_config_loader.py +0 -0
  612. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_custom_policy_checks.py +0 -0
  613. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_models.py +0 -0
  614. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_multipart_comments.py +0 -0
  615. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_policy_loader.py +0 -0
  616. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_policy_size_check.py +0 -0
  617. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_resource_validation_check.py +0 -0
  618. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_security_best_practices.py +0 -0
  619. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_sensitive_action_wildcard_expansion.py +0 -0
  620. {iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/tests/test_sid_uniqueness_check.py +0 -0
{iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/DOCS.md RENAMED
@@ -521,8 +521,12 @@ Options:
521
521
  --batch-size BATCH_SIZE Number of policies to process per batch (default: 10, only with --stream)
522
522
  --no-recursive Don't recursively search directories
523
523
  --fail-on-warnings Fail validation if warnings are found (default: only fail on errors)
524
- --github-comment Post validation results as GitHub PR comment
525
- --github-review Create line-specific review comments on PR (requires --github-comment)
524
+ --policy-type, -t {IDENTITY_POLICY,RESOURCE_POLICY,SERVICE_CONTROL_POLICY}
525
+ Type of IAM policy being validated (default: IDENTITY_POLICY)
526
+ Enables policy-type-specific validation (e.g., requiring Principal for resource policies)
527
+ --github-comment Post summary comment to PR conversation
528
+ --github-review Create line-specific review comments on PR files
529
+ --github-summary Write summary to GitHub Actions job summary (visible in Actions tab)
526
530
  --config CONFIG, -c CONFIG Path to configuration file (default: auto-discover iam-validator.yaml)
527
531
  --custom-checks-dir DIR Path to directory containing custom checks for auto-discovery
528
532
  --no-registry Use legacy validation (disable check registry system)
@@ -544,8 +548,52 @@ iam-validator validate --path ./policies/ --format enhanced
544
548
  # Streaming mode for large policy sets
545
549
  iam-validator validate --path ./policies/ --stream
546
550
 
547
- # GitHub PR integration
548
- iam-validator validate --path ./policies/ --github-comment --github-review
551
+ # GitHub integration - all options (PR comment + review comments + job summary)
552
+ iam-validator validate --path ./policies/ --github-comment --github-review --github-summary
553
+
554
+ # Only line-specific review comments (clean, minimal)
555
+ iam-validator validate --path ./policies/ --github-review
556
+
557
+ # Only PR summary comment
558
+ iam-validator validate --path ./policies/ --github-comment
559
+
560
+ # Only GitHub Actions job summary
561
+ iam-validator validate --path ./policies/ --github-summary
562
+
563
+ # Validate resource policies (e.g., S3 bucket policies, SNS topics)
564
+ iam-validator validate --path ./bucket-policies/ --policy-type RESOURCE_POLICY
565
+ ```
566
+
567
+ ### Policy Type Validation
568
+
569
+ The `--policy-type` flag enables policy-type-specific validation:
570
+
571
+ **IDENTITY_POLICY** (default):
572
+ - Policies attached to IAM users, groups, or roles
573
+ - Should NOT contain Principal element
574
+ - Tool warns if Principal is present
575
+
576
+ **RESOURCE_POLICY**:
577
+ - Policies attached to AWS resources (S3 buckets, SNS topics, etc.)
578
+ - MUST contain Principal element in all statements
579
+ - Tool errors if Principal is missing
580
+
581
+ **SERVICE_CONTROL_POLICY**:
582
+ - AWS Organizations SCPs
583
+ - MUST NOT contain Principal element
584
+ - Tool errors if Principal is present
585
+
586
+ **Examples:**
587
+
588
+ ```bash
589
+ # Validate S3 bucket policy (resource policy)
590
+ iam-validator validate --path bucket-policy.json --policy-type RESOURCE_POLICY
591
+
592
+ # Validate IAM role policy (identity policy - default)
593
+ iam-validator validate --path role-policy.json --policy-type IDENTITY_POLICY
594
+
595
+ # Validate AWS Organizations SCP
596
+ iam-validator validate --path scp.json --policy-type SERVICE_CONTROL_POLICY
549
597
  ```
550
598
 
551
599
  ### `analyze` Command
@@ -566,8 +614,9 @@ Options:
566
614
  --output OUTPUT, -o OUTPUT Output file path (only for json/markdown formats)
567
615
  --no-recursive Don't recursively search directories
568
616
  --fail-on-warnings Fail validation if warnings are found (default: only fail on errors)
569
- --github-comment Post validation results as GitHub PR comment
570
- --github-review Create line-specific review comments on PR (requires --github-comment)
617
+ --github-comment Post summary comment to PR conversation
618
+ --github-review Create line-specific review comments on PR files
619
+ --github-summary Write summary to GitHub Actions job summary (visible in Actions tab)
571
620
  --run-all-checks Run full validation checks if Access Analyzer passes
572
621
  --verbose, -v Enable verbose logging
573
622
 
@@ -617,6 +666,7 @@ Options:
617
666
  --no-review Don't create line-specific review comments
618
667
  --add-summary Add summary comment (default: True)
619
668
  --no-summary Don't add summary comment
669
+ --config, -c CONFIG Path to configuration file (for fail_on_severity setting)
620
670
  ```
621
671
 
622
672
  **Examples:**
@@ -672,6 +722,112 @@ iam-validator cache location
672
722
 
673
723
  ---
674
724
 
725
+ ## GitHub Integration
726
+
727
+ The IAM Policy Validator provides flexible GitHub integration with **three independent options** for displaying validation results:
728
+
729
+ ### 1. PR Summary Comment (`--github-comment`)
730
+
731
+ Posts a high-level summary to the PR conversation:
732
+ - Overall metrics (total policies, issues, severities)
733
+ - Grouped findings by file
734
+ - Detailed issue descriptions with suggestions and examples
735
+ - Updated on subsequent runs (no duplicates)
736
+
737
+ **Example:**
738
+ ```bash
739
+ iam-validator validate --path ./policies/ --github-comment
740
+ ```
741
+
742
+ ### 2. Line-Specific Review Comments (`--github-review`)
743
+
744
+ Creates inline review comments on the "Files changed" tab:
745
+ - Comments appear directly on problematic lines in the diff
746
+ - Includes rich context (examples, suggestions from config)
747
+ - Automatically cleaned up on subsequent runs
748
+ - Review status (REQUEST_CHANGES or COMMENT) based on `fail_on_severity` config
749
+ - Works independently of `--github-comment`
750
+
751
+ **Example:**
752
+ ```bash
753
+ iam-validator validate --path ./policies/ --github-review
754
+ ```
755
+
756
+ **Review Status Logic:**
757
+ - If any issues match severities in `fail_on_severity` config → REQUEST_CHANGES
758
+ - Otherwise → COMMENT
759
+ - Default: REQUEST_CHANGES for `error` and `critical` severities
760
+
761
+ ### 3. GitHub Actions Job Summary (`--github-summary`)
762
+
763
+ Writes a high-level overview to the Actions tab:
764
+ - Visible in workflow run summary (not in PR conversation)
765
+ - Shows key metrics and severity breakdown
766
+ - Clean dashboard view without overwhelming details
767
+ - Perfect for quick status checks
768
+
769
+ **Example:**
770
+ ```bash
771
+ iam-validator validate --path ./policies/ --github-summary
772
+ ```
773
+
774
+ ### Mix and Match Options
775
+
776
+ All three options are **independent** and can be used in any combination:
777
+
778
+ ```bash
779
+ # All three for maximum visibility
780
+ iam-validator validate --path ./policies/ \
781
+ --github-comment \
782
+ --github-review \
783
+ --github-summary
784
+
785
+ # Only line-specific review comments (clean, minimal)
786
+ iam-validator validate --path ./policies/ --github-review
787
+
788
+ # Only PR summary + Actions summary (no inline comments)
789
+ iam-validator validate --path ./policies/ --github-comment --github-summary
790
+
791
+ # Only Actions summary (no PR interaction)
792
+ iam-validator validate --path ./policies/ --github-summary
793
+ ```
794
+
795
+ ### Comment Management
796
+
797
+ **Automatic Cleanup:**
798
+ - Old review comments are automatically deleted before new runs
799
+ - Summary comments are updated (not duplicated)
800
+ - All bot comments use HTML identifiers (invisible to users)
801
+
802
+ **Streaming Mode:**
803
+ - In CI environments, streaming is auto-enabled
804
+ - Review comments appear progressively as files are validated
805
+ - Provides immediate feedback during long validation runs
806
+
807
+ ### Required Environment Variables
808
+
809
+ ```yaml
810
+ env:
811
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
812
+ GITHUB_REPOSITORY: ${{ github.repository }}
813
+ GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }}
814
+ ```
815
+
816
+ For `--github-summary`, also requires:
817
+ - `GITHUB_STEP_SUMMARY` (automatically provided by GitHub Actions)
818
+
819
+ ### Permissions
820
+
821
+ Ensure your workflow has the required permissions:
822
+
823
+ ```yaml
824
+ permissions:
825
+ contents: read
826
+ pull-requests: write # Required for --github-comment and --github-review
827
+ ```
828
+
829
+ ---
830
+
675
831
  ## Configuration
676
832
 
677
833
  > **📢 Configuration Change (v1.1.0+):** The `allowed_wildcards` configuration has moved from `action_validation_check` to `security_best_practices_check` for cleaner separation of concerns. If you have a custom config file, update it accordingly. See [Migration Note](#configuration-migration) below.
{iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: iam-policy-validator
3
- Version: 1.3.0
3
+ Version: 1.4.0
4
4
  Summary: Validate AWS IAM policies for correctness and security using AWS Service Reference API
5
5
  Project-URL: Homepage, https://github.com/boogy/iam-policy-validator
6
6
  Project-URL: Documentation, https://github.com/boogy/iam-policy-validator/tree/main/docs
@@ -478,10 +478,11 @@ See [default-config.yaml](default-config.yaml) for a complete configuration exam
478
478
  | `recursive` | Recursively search directories for policy files | No | `true` |
479
479
 
480
480
  #### GitHub Integration
481
- | Input | Description | Required | Default |
482
- | --------------- | ------------------------------------------ | -------- | ------- |
483
- | `post-comment` | Post validation results as PR comment | No | `true` |
484
- | `create-review` | Create line-specific review comments on PR | No | `true` |
481
+ | Input | Description | Required | Default |
482
+ | ------------------ | ---------------------------------------------------- | -------- | ------- |
483
+ | `post-comment` | Post validation summary as PR conversation comment | No | `true` |
484
+ | `create-review` | Create line-specific review comments on PR files | No | `true` |
485
+ | `github-summary` | Write summary to GitHub Actions job summary (Actions tab) | No | `false` |
485
486
 
486
487
  #### Output Options
487
488
  | Input | Description | Required | Default |
@@ -494,7 +495,7 @@ See [default-config.yaml](default-config.yaml) for a complete configuration exam
494
495
  | ------------------------ | --------------------------------------------------------------------------- | -------- | ----------------- |
495
496
  | `use-access-analyzer` | Use AWS IAM Access Analyzer for validation | No | `false` |
496
497
  | `access-analyzer-region` | AWS region for Access Analyzer | No | `us-east-1` |
497
- | `policy-type` | Policy type: `IDENTITY_POLICY`, `RESOURCE_POLICY`, `SERVICE_CONTROL_POLICY` | No | `IDENTITY_POLICY` |
498
+ | `policy-type` | Policy type: `IDENTITY_POLICY`, `RESOURCE_POLICY`, `SERVICE_CONTROL_POLICY`, `RESOURCE_CONTROL_POLICY` | No | `IDENTITY_POLICY` |
498
499
  | `run-all-checks` | Run custom checks after Access Analyzer (sequential mode) | No | `false` |
499
500
 
500
501
  #### Custom Policy Checks (Access Analyzer)
@@ -540,6 +541,12 @@ iam-validator validate --path ./policies/
540
541
  # Validate multiple paths
541
542
  iam-validator validate --path policy1.json --path ./policies/ --path ./more-policies/
542
543
 
544
+ # Validate resource policies (S3 bucket policies, SNS topics, etc.)
545
+ iam-validator validate --path ./bucket-policies/ --policy-type RESOURCE_POLICY
546
+
547
+ # Validate AWS Organizations Resource Control Policies (RCPs)
548
+ iam-validator validate --path ./rcps/ --policy-type RESOURCE_CONTROL_POLICY
549
+
543
550
  # Generate JSON output
544
551
  iam-validator validate --path ./policies/ --format json --output report.json
545
552
 
@@ -557,6 +564,106 @@ iam-validator analyze \
557
564
  --github-review
558
565
  ```
559
566
 
567
+ ### Policy Type Validation
568
+
569
+ The validator supports four AWS policy types, each with specific validation rules:
570
+
571
+ #### 🔷 IDENTITY_POLICY (Default)
572
+ Standard IAM policies attached to users, groups, or roles.
573
+
574
+ **Requirements:**
575
+ - Should NOT have `Principal` element (implicit - the attached entity)
576
+ - Must have `Action` and `Resource` elements
577
+
578
+ **Example:**
579
+ ```bash
580
+ iam-validator validate --path ./user-policies/ --policy-type IDENTITY_POLICY
581
+ ```
582
+
583
+ #### 🔶 RESOURCE_POLICY
584
+ Policies attached to AWS resources (S3 buckets, SNS topics, KMS keys, etc.).
585
+
586
+ **Requirements:**
587
+ - MUST have `Principal` element (who can access)
588
+ - Must have `Action`, `Effect`, and `Resource` elements
589
+ - Can use configurable security checks for principal validation
590
+
591
+ **Example:**
592
+ ```bash
593
+ iam-validator validate --path ./bucket-policies/ --policy-type RESOURCE_POLICY
594
+ ```
595
+
596
+ **Advanced Principal Validation:**
597
+ ```yaml
598
+ # config.yaml
599
+ principal_validation_check:
600
+ enabled: true
601
+ severity: high
602
+ # Block public access
603
+ blocked_principals: ["*"]
604
+ # Or require specific conditions for public access
605
+ require_conditions_for:
606
+ "*":
607
+ - "aws:SourceArn"
608
+ - "aws:SourceAccount"
609
+ ```
610
+
611
+ #### 🔷 SERVICE_CONTROL_POLICY
612
+ AWS Organizations SCPs that set permission guardrails.
613
+
614
+ **Requirements:**
615
+ - Must NOT have `Principal` element (applies to all principals in OU)
616
+ - Typically uses `Deny` effect for guardrails
617
+ - Must have `Action` and `Resource` elements
618
+
619
+ **Example:**
620
+ ```bash
621
+ iam-validator validate --path ./scps/ --policy-type SERVICE_CONTROL_POLICY
622
+ ```
623
+
624
+ #### 🆕 RESOURCE_CONTROL_POLICY
625
+ AWS Organizations RCPs for resource-level access control (released 2024).
626
+
627
+ **Strict Requirements:**
628
+ - `Effect` MUST be `Deny` (only AWS-managed `RCPFullAWSAccess` can use `Allow`)
629
+ - `Principal` MUST be exactly `"*"` (use `Condition` to restrict)
630
+ - `Action` cannot use `"*"` alone (must be service-specific like `"s3:*"`)
631
+ - Only **5 supported services**: `s3`, `sts`, `sqs`, `secretsmanager`, `kms`
632
+ - `NotAction` and `NotPrincipal` are NOT supported
633
+ - Must have `Resource` or `NotResource` element
634
+
635
+ **Example:**
636
+ ```bash
637
+ iam-validator validate --path ./rcps/ --policy-type RESOURCE_CONTROL_POLICY
638
+ ```
639
+
640
+ **Valid RCP:**
641
+ ```json
642
+ {
643
+ "Version": "2012-10-17",
644
+ "Statement": [{
645
+ "Sid": "EnforceEncryptionInTransit",
646
+ "Effect": "Deny",
647
+ "Principal": "*",
648
+ "Action": ["s3:*", "sqs:*"],
649
+ "Resource": "*",
650
+ "Condition": {
651
+ "BoolIfExists": {
652
+ "aws:SecureTransport": "false"
653
+ }
654
+ }
655
+ }]
656
+ }
657
+ ```
658
+
659
+ **What the validator catches:**
660
+ ```
661
+ ✓ Effect is "Deny" (required for RCPs)
662
+ ✓ Principal is "*" (required - restrictions via Condition)
663
+ ✓ Actions from supported services (s3, sqs)
664
+ ✓ Uses Condition to scope the deny
665
+ ```
666
+
560
667
  ### Custom Policy Checks
561
668
 
562
669
  AWS IAM Access Analyzer provides specialized checks to validate policies against specific security requirements:
@@ -651,7 +758,9 @@ Use as a library in your Python applications:
651
758
 
652
759
  ```python
653
760
  import asyncio
654
- from iam_validator.core import PolicyLoader, validate_policies, ReportGenerator
761
+ from iam_validator.core.policy_loader import PolicyLoader
762
+ from iam_validator.core.policy_checks import validate_policies
763
+ from iam_validator.core.report import ReportGenerator
655
764
 
656
765
  async def main():
657
766
  # Load policies
@@ -669,6 +778,10 @@ async def main():
669
778
  asyncio.run(main())
670
779
  ```
671
780
 
781
+ **📚 For comprehensive Python library documentation, see:**
782
+ - **[Python Library Usage Guide](docs/python-library-usage.md)** - Complete guide with examples
783
+ - **[Library Examples](examples/library-usage/)** - Runnable code examples
784
+
672
785
  ## Validation Checks
673
786
 
674
787
  ### 1. Action Validation
@@ -738,6 +851,44 @@ Identifies potential security risks:
738
851
 
739
852
  ## GitHub Integration Features
740
853
 
854
+ ### Flexible Comment Options
855
+
856
+ The validator provides **three independent ways** to display validation results in GitHub:
857
+
858
+ #### 1. **PR Summary Comment** (`--github-comment`)
859
+ Posts a high-level summary to the PR conversation with:
860
+ - Overall metrics (total policies, issues, severities)
861
+ - Grouped findings by file
862
+ - Detailed issue descriptions with suggestions
863
+
864
+ #### 2. **Line-Specific Review Comments** (`--github-review`)
865
+ Creates inline review comments on the "Files changed" tab:
866
+ - Comments appear directly on problematic lines
867
+ - Includes rich context (examples, suggestions)
868
+ - Automatically cleaned up on subsequent runs
869
+ - Review status (REQUEST_CHANGES or COMMENT) based on `fail_on_severity` config
870
+
871
+ #### 3. **GitHub Actions Job Summary** (`--github-summary`)
872
+ Writes a high-level overview to the Actions tab:
873
+ - Visible in workflow run summary
874
+ - Shows key metrics and severity breakdown
875
+ - Clean dashboard view without overwhelming details
876
+
877
+ **Mix and Match:** Use any combination of these options:
878
+ ```bash
879
+ # All three for maximum visibility
880
+ --github-comment --github-review --github-summary
881
+
882
+ # Only line-specific review comments (clean, minimal)
883
+ --github-review
884
+
885
+ # Only PR summary comment
886
+ --github-comment
887
+
888
+ # Only Actions job summary
889
+ --github-summary
890
+ ```
891
+
741
892
  ### Smart PR Comment Management
742
893
 
743
894
  The validator intelligently manages PR comments to keep your PRs clean:
@@ -751,8 +902,9 @@ The validator intelligently manages PR comments to keep your PRs clean:
751
902
  **Behavior:**
752
903
  - ✅ **No Duplicates**: Summary comments are updated, not duplicated
753
904
  - ✅ **Clean PR**: Old review comments automatically deleted before new validation
754
- - ✅ **Identifiable**: All bot comments tagged with `🤖 IAM Policy Validator`
905
+ - ✅ **Identifiable**: All bot comments use HTML identifiers (invisible to users)
755
906
  - ✅ **Progressive**: In streaming mode, comments appear file-by-file
907
+ - ✅ **Smart Review Status**: Uses `fail_on_severity` config to determine REQUEST_CHANGES vs COMMENT
756
908
 
757
909
  **Example:**
758
910
  ```
{iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/README.md RENAMED
@@ -436,10 +436,11 @@ See [default-config.yaml](default-config.yaml) for a complete configuration exam
436
436
  | `recursive` | Recursively search directories for policy files | No | `true` |
437
437
 
438
438
  #### GitHub Integration
439
- | Input | Description | Required | Default |
440
- | --------------- | ------------------------------------------ | -------- | ------- |
441
- | `post-comment` | Post validation results as PR comment | No | `true` |
442
- | `create-review` | Create line-specific review comments on PR | No | `true` |
439
+ | Input | Description | Required | Default |
440
+ | ------------------ | ---------------------------------------------------- | -------- | ------- |
441
+ | `post-comment` | Post validation summary as PR conversation comment | No | `true` |
442
+ | `create-review` | Create line-specific review comments on PR files | No | `true` |
443
+ | `github-summary` | Write summary to GitHub Actions job summary (Actions tab) | No | `false` |
443
444
 
444
445
  #### Output Options
445
446
  | Input | Description | Required | Default |
@@ -452,7 +453,7 @@ See [default-config.yaml](default-config.yaml) for a complete configuration exam
452
453
  | ------------------------ | --------------------------------------------------------------------------- | -------- | ----------------- |
453
454
  | `use-access-analyzer` | Use AWS IAM Access Analyzer for validation | No | `false` |
454
455
  | `access-analyzer-region` | AWS region for Access Analyzer | No | `us-east-1` |
455
- | `policy-type` | Policy type: `IDENTITY_POLICY`, `RESOURCE_POLICY`, `SERVICE_CONTROL_POLICY` | No | `IDENTITY_POLICY` |
456
+ | `policy-type` | Policy type: `IDENTITY_POLICY`, `RESOURCE_POLICY`, `SERVICE_CONTROL_POLICY`, `RESOURCE_CONTROL_POLICY` | No | `IDENTITY_POLICY` |
456
457
  | `run-all-checks` | Run custom checks after Access Analyzer (sequential mode) | No | `false` |
457
458
 
458
459
  #### Custom Policy Checks (Access Analyzer)
@@ -498,6 +499,12 @@ iam-validator validate --path ./policies/
498
499
  # Validate multiple paths
499
500
  iam-validator validate --path policy1.json --path ./policies/ --path ./more-policies/
500
501
 
502
+ # Validate resource policies (S3 bucket policies, SNS topics, etc.)
503
+ iam-validator validate --path ./bucket-policies/ --policy-type RESOURCE_POLICY
504
+
505
+ # Validate AWS Organizations Resource Control Policies (RCPs)
506
+ iam-validator validate --path ./rcps/ --policy-type RESOURCE_CONTROL_POLICY
507
+
501
508
  # Generate JSON output
502
509
  iam-validator validate --path ./policies/ --format json --output report.json
503
510
 
@@ -515,6 +522,106 @@ iam-validator analyze \
515
522
  --github-review
516
523
  ```
517
524
 
525
+ ### Policy Type Validation
526
+
527
+ The validator supports four AWS policy types, each with specific validation rules:
528
+
529
+ #### 🔷 IDENTITY_POLICY (Default)
530
+ Standard IAM policies attached to users, groups, or roles.
531
+
532
+ **Requirements:**
533
+ - Should NOT have `Principal` element (implicit - the attached entity)
534
+ - Must have `Action` and `Resource` elements
535
+
536
+ **Example:**
537
+ ```bash
538
+ iam-validator validate --path ./user-policies/ --policy-type IDENTITY_POLICY
539
+ ```
540
+
541
+ #### 🔶 RESOURCE_POLICY
542
+ Policies attached to AWS resources (S3 buckets, SNS topics, KMS keys, etc.).
543
+
544
+ **Requirements:**
545
+ - MUST have `Principal` element (who can access)
546
+ - Must have `Action`, `Effect`, and `Resource` elements
547
+ - Can use configurable security checks for principal validation
548
+
549
+ **Example:**
550
+ ```bash
551
+ iam-validator validate --path ./bucket-policies/ --policy-type RESOURCE_POLICY
552
+ ```
553
+
554
+ **Advanced Principal Validation:**
555
+ ```yaml
556
+ # config.yaml
557
+ principal_validation_check:
558
+ enabled: true
559
+ severity: high
560
+ # Block public access
561
+ blocked_principals: ["*"]
562
+ # Or require specific conditions for public access
563
+ require_conditions_for:
564
+ "*":
565
+ - "aws:SourceArn"
566
+ - "aws:SourceAccount"
567
+ ```
568
+
569
+ #### 🔷 SERVICE_CONTROL_POLICY
570
+ AWS Organizations SCPs that set permission guardrails.
571
+
572
+ **Requirements:**
573
+ - Must NOT have `Principal` element (applies to all principals in OU)
574
+ - Typically uses `Deny` effect for guardrails
575
+ - Must have `Action` and `Resource` elements
576
+
577
+ **Example:**
578
+ ```bash
579
+ iam-validator validate --path ./scps/ --policy-type SERVICE_CONTROL_POLICY
580
+ ```
581
+
582
+ #### 🆕 RESOURCE_CONTROL_POLICY
583
+ AWS Organizations RCPs for resource-level access control (released 2024).
584
+
585
+ **Strict Requirements:**
586
+ - `Effect` MUST be `Deny` (only AWS-managed `RCPFullAWSAccess` can use `Allow`)
587
+ - `Principal` MUST be exactly `"*"` (use `Condition` to restrict)
588
+ - `Action` cannot use `"*"` alone (must be service-specific like `"s3:*"`)
589
+ - Only **5 supported services**: `s3`, `sts`, `sqs`, `secretsmanager`, `kms`
590
+ - `NotAction` and `NotPrincipal` are NOT supported
591
+ - Must have `Resource` or `NotResource` element
592
+
593
+ **Example:**
594
+ ```bash
595
+ iam-validator validate --path ./rcps/ --policy-type RESOURCE_CONTROL_POLICY
596
+ ```
597
+
598
+ **Valid RCP:**
599
+ ```json
600
+ {
601
+ "Version": "2012-10-17",
602
+ "Statement": [{
603
+ "Sid": "EnforceEncryptionInTransit",
604
+ "Effect": "Deny",
605
+ "Principal": "*",
606
+ "Action": ["s3:*", "sqs:*"],
607
+ "Resource": "*",
608
+ "Condition": {
609
+ "BoolIfExists": {
610
+ "aws:SecureTransport": "false"
611
+ }
612
+ }
613
+ }]
614
+ }
615
+ ```
616
+
617
+ **What the validator catches:**
618
+ ```
619
+ ✓ Effect is "Deny" (required for RCPs)
620
+ ✓ Principal is "*" (required - restrictions via Condition)
621
+ ✓ Actions from supported services (s3, sqs)
622
+ ✓ Uses Condition to scope the deny
623
+ ```
624
+
518
625
  ### Custom Policy Checks
519
626
 
520
627
  AWS IAM Access Analyzer provides specialized checks to validate policies against specific security requirements:
@@ -609,7 +716,9 @@ Use as a library in your Python applications:
609
716
 
610
717
  ```python
611
718
  import asyncio
612
- from iam_validator.core import PolicyLoader, validate_policies, ReportGenerator
719
+ from iam_validator.core.policy_loader import PolicyLoader
720
+ from iam_validator.core.policy_checks import validate_policies
721
+ from iam_validator.core.report import ReportGenerator
613
722
 
614
723
  async def main():
615
724
  # Load policies
@@ -627,6 +736,10 @@ async def main():
627
736
  asyncio.run(main())
628
737
  ```
629
738
 
739
+ **📚 For comprehensive Python library documentation, see:**
740
+ - **[Python Library Usage Guide](docs/python-library-usage.md)** - Complete guide with examples
741
+ - **[Library Examples](examples/library-usage/)** - Runnable code examples
742
+
630
743
  ## Validation Checks
631
744
 
632
745
  ### 1. Action Validation
@@ -696,6 +809,44 @@ Identifies potential security risks:
696
809
 
697
810
  ## GitHub Integration Features
698
811
 
812
+ ### Flexible Comment Options
813
+
814
+ The validator provides **three independent ways** to display validation results in GitHub:
815
+
816
+ #### 1. **PR Summary Comment** (`--github-comment`)
817
+ Posts a high-level summary to the PR conversation with:
818
+ - Overall metrics (total policies, issues, severities)
819
+ - Grouped findings by file
820
+ - Detailed issue descriptions with suggestions
821
+
822
+ #### 2. **Line-Specific Review Comments** (`--github-review`)
823
+ Creates inline review comments on the "Files changed" tab:
824
+ - Comments appear directly on problematic lines
825
+ - Includes rich context (examples, suggestions)
826
+ - Automatically cleaned up on subsequent runs
827
+ - Review status (REQUEST_CHANGES or COMMENT) based on `fail_on_severity` config
828
+
829
+ #### 3. **GitHub Actions Job Summary** (`--github-summary`)
830
+ Writes a high-level overview to the Actions tab:
831
+ - Visible in workflow run summary
832
+ - Shows key metrics and severity breakdown
833
+ - Clean dashboard view without overwhelming details
834
+
835
+ **Mix and Match:** Use any combination of these options:
836
+ ```bash
837
+ # All three for maximum visibility
838
+ --github-comment --github-review --github-summary
839
+
840
+ # Only line-specific review comments (clean, minimal)
841
+ --github-review
842
+
843
+ # Only PR summary comment
844
+ --github-comment
845
+
846
+ # Only Actions job summary
847
+ --github-summary
848
+ ```
849
+
699
850
  ### Smart PR Comment Management
700
851
 
701
852
  The validator intelligently manages PR comments to keep your PRs clean:
@@ -709,8 +860,9 @@ The validator intelligently manages PR comments to keep your PRs clean:
709
860
  **Behavior:**
710
861
  - ✅ **No Duplicates**: Summary comments are updated, not duplicated
711
862
  - ✅ **Clean PR**: Old review comments automatically deleted before new validation
712
- - ✅ **Identifiable**: All bot comments tagged with `🤖 IAM Policy Validator`
863
+ - ✅ **Identifiable**: All bot comments use HTML identifiers (invisible to users)
713
864
  - ✅ **Progressive**: In streaming mode, comments appear file-by-file
865
+ - ✅ **Smart Review Status**: Uses `fail_on_severity` config to determine REQUEST_CHANGES vs COMMENT
714
866
 
715
867
  **Example:**
716
868
  ```
{iam_policy_validator-1.3.0 → iam_policy_validator-1.4.0}/aws_services/_manifest.json RENAMED
@@ -1,5 +1,5 @@
1
1
  {
2
- "download_date": "2025-10-29T23:23:11.519006+00:00",
2
+ "download_date": "2025-10-31T23:41:25.480606+00:00",
3
3
  "total_services": 430,
4
4
  "successful_downloads": 430,
5
5
  "failed_downloads": 0,