Awesome Open Source
Awesome Open Source

AWS IAM Tracker

This project collects IAM actions, AWS APIs and managed policies from various public sources.

You can explore the data collected using the static site.

Collected data is published to the policies and services folders in this repo.

Thank you to alanakirby/aktion for originally having this idea and being gracious about me shamelessly ripping it off.

Stats

  • Unique services: 289
  • Unique actions: 11588
  • Managed policies: 876

Most common managed policy name prefixes:

Policy ARN Count
arn:aws:iam::aws:policy/Amazon* 242
arn:aws:iam::aws:policy/AWS* 241
arn:aws:iam::aws:policy/aws-service-role/* 178
arn:aws:iam::aws:policy/service-role/* 128
arn:aws:iam::aws:policy/job-function/* 7
Other 80

The following table summarises the AWS APIs.

  • The first column is the name of the API as far as IAM policies are concerned.
  • The second column is IAM actions that exactly match the names of invokable APIs exposed by AWS.
  • The third column is invokable APIs that don't have a corresponding IAM action.
  • The fourth column is IAM actions that don't have a corresponding invokable API.
Service Action/API pairs APIs without actions Actions without APIs
ec2 470 1 1
sagemaker 248 5 2
chime 200 0 51
iam 158 0 1
lightsail 153 0 0
glue 147 19 2
ses 138 0 0
rds 137 0 5
ssm 134 1 7
quicksight 115 0 19
mobiletargeting 112 5 1
connect 110 0 3
servicecatalog 108 0 0
greengrass 107 3 1
redshift 101 15 18
cognito-idp 100 1 0
gamelift 95 0 0
lex 94 3 4
a4b 93 0 3
storagegateway 89 1 1
config 86 0 0
cloudfront 85 0 1
s3 83 57 42
waf-regional 81 0 0
codecommit 77 0 11
waf 77 0 0
devicefarm 77 0 0
opsworks 74 0 0
backup 66 0 2
frauddetector 66 0 0
elasticache 65 0 0
cloudformation 64 1 11
route53 64 0 0
clouddirectory 63 3 0
es 63 0 10
comprehend 63 0 0
ds 62 1 6
autoscaling 61 0 0
route53resolver 60 0 0
directconnect 59 4 0
iotsitewise 59 1 1
guardduty 58 0 0
robomaker 57 0 2
macie2 57 0 0
iotwireless 57 0 0
workmail 56 9 51
lambda 56 2 4
medialive 56 1 0
dms 54 1 0
elasticloadbalancing 54 0 1
workspaces 54 0 0
ecs 52 0 2
personalize 52 0 0
securityhub 51 5 9
elasticmapreduce 51 1 22
auditmanager 51 0 4
events 51 0 1
rekognition 51 0 0
organizations 51 0 0
proton 49 0 23
imagebuilder 49 0 0
dynamodb 48 6 10
appstream 48 0 1
license-manager 48 0 0
geo 47 3 0
kms 47 1 3
elasticbeanstalk 47 0 3
codedeploy 47 0 1
globalaccelerator 47 0 0
codebuild 45 0 8
nimble 45 0 2
kendra 43 0 0
logs 42 0 5
workdocs 41 0 11
appsync 41 0 2
wafv2 40 5 2
sns 39 0 0
mechanicalturk 39 0 0
databrew 39 0 0
codepipeline 39 0 0
transcribe 38 3 2
appmesh 38 0 1
swf 37 0 12
iotevents 37 0 1
inspector 37 0 0
amplify 37 0 0
forecast 36 0 0
cloudwatch 36 0 0
sms 35 0 2
ecr 35 0 1
networkmanager 35 0 0
iotthingsgraph 35 0 0
datasync 35 0 0
codeartifact 34 0 4
athena 34 0 1
iotanalytics 34 0 0
memorydb 33 2 2
panorama 33 0 31
worklink 33 0 1
shield 33 0 0
glacier 33 0 0
cloudhsm 33 0 0
appconfig 33 0 0
mediatailor 32 5 0
eks 32 2 1
transfer 32 0 0
route53-recovery-readiness 32 0 0
sso 31 0 52
kinesisanalytics 31 0 1
wisdom 31 0 0
wellarchitected 31 0 0
schemas 31 0 0
kafka 31 0 0
ce 30 0 10
profile 30 0 0
mediaconnect 30 0 0
ssm-incidents 29 0 0
network-firewall 29 0 0
cloudsearch 28 1 4
route53domains 28 0 0
machinelearning 28 0 0
kinesis 28 0 0
access-analyzer 28 0 0
elasticfilesystem 27 0 5
fsx 27 0 4
ssm-contacts 27 0 3
kinesisvideo 27 0 3
dataexchange 27 0 2
xray 27 0 0
applicationinsights 27 0 0
servicediscovery 26 0 0
mediastore 26 0 0
ivs 26 0 0
iot1click 26 0 0
fms 26 0 0
mediaconvert 25 3 0
mgn 25 0 26
lookoutmetrics 25 0 1
snowball 25 0 0
groundstation 25 0 0
discovery 25 0 0
amplifybackend 25 0 0
ram 24 0 0
lakeformation 23 0 1
states 23 0 0
managedblockchain 23 0 0
ecr-public 23 0 0
cognito-identity 23 0 0
codeguru-profiler 23 0 0
acm-pca 23 0 0
apprunner 22 0 1
secretsmanager 22 0 0
mq 22 0 0
lookoutequipment 22 0 0
qldb 21 0 13
dax 21 0 9
voiceid 21 0 2
devops-guru 21 0 0
comprehendmedical 20 1 0
route53-recovery-control-config 20 0 1
mgh 20 0 0
lookoutvision 19 0 3
datapipeline 19 0 2
servicequotas 19 0 0
opsworks-cm 19 0 0
mediapackage 19 0 0
batch 19 0 0
appflow 18 0 6
codestar 18 0 4
cloudtrail 18 0 0
sqs 17 3 0
aps 17 0 16
cognito-sync 17 0 2
signer 17 0 0
mediapackage-vod 17 0 0
elastictranscoder 17 0 0
timestream 16 1 3
resource-groups 16 0 1
detective 15 0 5
app-integrations 15 0 4
emr-containers 15 0 0
acm 15 0 0
support 14 0 8
fis 14 0 3
codeguru-reviewer 14 0 3
serverlessrepo 14 0 1
translate 14 0 0
compute-optimizer 14 0 0
cloud9 13 0 16
healthlake 13 0 7
synthetics 13 0 0
snow-device-management 13 0 0
iotdeviceadvisor 13 0 0
health 13 0 0
codestar-notifications 13 0 0
honeycode 12 0 14
codestar-connections 12 0 9
firehose 12 0 0
iot 11 0 240
aws-marketplace 11 0 28
kafkaconnect 11 0 0
grafana 11 0 0
airflow 11 0 0
outposts 10 1 0
sdb 10 0 0
redshift-data 10 0 0
application-autoscaling 10 0 0
savingsplans 9 0 0
polly 9 0 0
braket 9 0 0
budgets 8 14 2
mobilehub 8 1 15
finspace 8 0 6
sts 8 0 3
tag 8 0 0
sms-voice 8 0 0
iotfleethub 8 0 0
dlm 8 0 0
textract 7 0 0
macie 7 0 0
elastic-inference 6 0 1
rds-data 6 0 0
importexport 6 0 0
ebs 6 0 0
autoscaling-plans 6 0 0
application-cost-profiler 6 0 0
identitystore 4 0 0
cur 4 0 0
s3-outposts 3 0 29
account 3 0 3
route53-recovery-cluster 3 0 0
pricing 3 0 0
pi 3 0 0
workmailmessageflow 2 0 0
marketplacecommerceanalytics 2 0 0
ec2-instance-connect 2 0 0
mobileanalytics 1 0 2
execute-api 0 245 3
apigateway 0 152 9
cloudcontrolapi 0 8 0
IoTSecuredTunneling 0 7 0
awsssoportal 0 4 0
finspace-api 0 3 0
awsssooidc 0 3 0
sso-directory 0 0 52
deepracer 0 0 50
sqlworkbench 0 0 42
appmesh-preview 0 0 36
controltower 0 0 29
s3-object-lambda 0 0 26
migrationhub-strategy 0 0 26
deeplens 0 0 24
trustedadvisor 0 0 21
kafka-cluster 0 0 19
deepcomposer 0 0 18
connect-campaigns 0 0 18
bugbust 0 0 17
dbqms 0 0 13
chatbot 0 0 13
monitron 0 0 12
freertos 0 0 11
elemental-activations 0 0 10
cloudshell 0 0 9
launchwizard 0 0 8
cassandra 0 0 8
activate 0 0 8
elemental-appliances-software 0 0 7
aws-portal 0 0 7
ec2messages 0 0 6
iot-device-tester 0 0 5
groundtruthlabeling 0 0 5
elemental-support-cases 0 0 5
aws-marketplace-management 0 0 5
ssmmessages 0 0 4
artifact 0 0 4
tiros 0 0 3
resource-explorer 0 0 3
awsconnector 0 0 3
sumerian 0 0 2
purchase-orders 0 0 2
wam 0 0 1
rds-db 0 0 1
neptune-db 0 0 1
iq-permission 0 0 1
iq 0 0 1
elemental-support-content 0 0 1
codeguru 0 0 1
backup-storage 0 0 1
arsenal 0 0 1

Most common action prefixes:

Prefix Count
List 1717
Get 1526
Describe 1396
Delete 1348
Create 1251
Update 1009
Put 337
Start 211
Tag 181
Untag 179

Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Go (196,315
Golang (32,748
Aws (11,177
Iam (347
Aws Sdk (253
Aws Iam (129
Related Projects