Filter by different kinds of identity when generating policy

[flosell]

AS A trailscraper user
I WANT to select only events for a particular role/user when generating a policy
SO THAT I can generate a more useful policy for this role/user

• filter by assumed role
• filter by IAM user?
• invoking AWS service
• root account
• ...?

[flosell]

Example of different ways to get identity from different types of events: https://github.com/wcurrie/aws-iam-permissions-by-role/blob/master/group_by_arn.py#L41

[flosell]

Complete documentation: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html

[Almenon]

Being able to select cloudtrail events by user would be neat. For some reason the cloudtrail UI doesn't show requestParameters like the bucketName unless you drill down into it, it would be useful for a easy to way to see a list of actions with requestparameters by user.

[flosell]

Hi @Almenon, thanks for the feedback!
Unfortunately, I'm not spending a lot of time on trailscraper these days so not promising to get to implementing this soon. However, I'm always happy to help with and accept PRs.

If you want to give it a try, maybe start by pulling the right data out of the raw events in cloudtrail.py.
This might already be enough to get things working, though you'd probably want to adapt the select command in cli.py to get things working or just make the parameter speak to what it actually does.