Querying Global Condition Context Keys #243
Description
Based on Amazon docs there are 30 Global Condition Context Keys. It would be great if we had a direct way to query those.
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
aws:CalledVia
aws:CalledViaFirst
aws:CalledViaLast
aws:CurrentTime
aws:EpochTime
aws:MultiFactorAuthAge
aws:MultiFactorAuthPresent
aws:PrincipalAccount
aws:PrincipalArn
aws:PrincipalOrgID
aws:PrincipalOrgPaths
aws:PrincipalTag
aws:PrincipalType
aws:referer
aws:RequestedRegion
aws:RequestTag/tag-key
aws:ResourceTag/tag-key
aws:SecureTransport
aws:SourceAccount
aws:SourceArn
aws:SourceIp
aws:SourceVpc
aws:SourceVpce
aws:TagKeys
aws:TokenIssueTime
aws:UserAgent
aws:userid
aws:username
aws:ViaAWSService
aws:VpcSourceIp
I attempted to generate that list by going through all the services and grepping context keys that started with "aws" but come up short by about 15 of them.
#! /usr/bin/env python
from policy_sentry.querying.all import get_all_service_prefixes
from policy_sentry.querying.arns import get_raw_arns_for_service
from policy_sentry.querying.all import get_all_actions
from policy_sentry.querying.arns import get_arn_types_for_service
from policy_sentry.querying.arns import get_arn_type_details
from policy_sentry.querying.conditions import get_condition_keys_for_service
services = get_all_service_prefixes()
condition_keys = []
services_with_specific_keys = []
for s in services:
arn_types = get_arn_types_for_service(s)
keys = get_condition_keys_for_service(s)
condition_keys += keys
condition_keys = (set(condition_keys))
for key in condition_keys:
if key.startswith('aws:'):
print(key)