#!/usr/bin/env python # This updates our local copies of AWS' managed policies # Invoked via `make update_managed_policies` # # Credit goes to # https://gist.github.com/gene1wood/55b358748be3c314f956 from botocore.exceptions import NoCredentialsError from datetime import datetime import boto3 import json import sys output_file = "./moto/iam/aws_managed_policies.py" def json_serial(obj): """JSON serializer for objects not serializable by default json code""" if isinstance(obj, datetime): serial = obj.isoformat() return serial raise TypeError("Type not serializable") client = boto3.client("iam") policies = {} paginator = client.get_paginator("list_policies") try: response_iterator = paginator.paginate(Scope="AWS") for response in response_iterator: for policy in response["Policies"]: policies[policy["PolicyName"]] = policy except NoCredentialsError: print("USAGE:") print("Put your AWS credentials into ~/.aws/credentials and run:") print(__file__) print("") print("Or specify them on the command line:") print( "AWS_ACCESS_KEY_ID=your_personal_access_key AWS_SECRET_ACCESS_KEY=your_personal_secret {}".format( __file__ ) ) print("") sys.exit(1) for policy_name in policies: response = client.get_policy_version( PolicyArn=policies[policy_name]["Arn"], VersionId=policies[policy_name]["DefaultVersionId"], ) for key in response["PolicyVersion"]: if ( key != "CreateDate" ): # the policy's CreateDate should not be overwritten by its version's CreateDate policies[policy_name][key] = response["PolicyVersion"][key] with open(output_file, "w") as f: triple_quote = '"""' f.write("# Imported via `make aws_managed_policies`\n") f.write("aws_managed_policies_data = {}\n".format(triple_quote)) f.write( json.dumps( policies, sort_keys=True, indent=4, separators=(",", ": "), default=json_serial, ) ) f.write("{}\n".format(triple_quote))