Policy Sentry
Another tool that an IT auditor can use to monitor changes in Identity and Access Management (IAM) is an open source solution named Policy Sentry. Policy Sentry is a great tool to manage IAM entities. Policy Sentry also has functionality as an audit and analysis database. It compiles database tables based on AWS IAM documentation. Policy Sentry relies on a JSON file that contains all of the data from the actions, resources, and condition keys documentation hosted by AWS. Policy Sentry
supports querying that database through the Command Line Interface (CLI).
To get started with Policy Sentry, take the following steps:
- Download and install Python: https://pypi.org/project/policy-sentry/.
- Install Policy Sentry using the following command, as seen in Figure 10.20:
pip3 install –user policy_sentry
Figure 10.20 – Policy Sentry installation on the command line
3. Next, we connect to the AWS CLI through the aws configure command, as seen in Figure 10.21:
Figure 10.21 – Connecting to AWS through the CLI
I will demonstrate a couple of commands an IT auditor can execute to query the AWS IAM database.
The first command is the following:
policy_sentry query action-table –service all –access-level permissions-management
This command gets a list of all IAMactions across all services that have permissions-management access, as seen in Figure 10.22:
Figure 10.22 – The policy_sentry query command, example one
Now let’s use the following command:
policy_sentry query action-table –service ram –access-level permissions-management
This gets a list of all IAMactions under the RAM service that have the permissions-management access level, as seen in Figure 10.23:
Figure 10.23 – The policy_sentry query command, example two
Next, we will look at tools that an IT auditor can leverage for monitoring in the cloud.