-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.go
91 lines (74 loc) · 1.7 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package main
import (
"encoding/json"
"flag"
"fmt"
"io/ioutil"
"log"
"os"
"strings"
)
type awsCloudJSONObject struct {
Records []awsCloudJSONElement `json:"Records"`
}
type awsCloudJSONElement struct {
EventName string `json:"eventName"`
EventSource string `json:"eventSource"`
}
type awsPermissions struct {
Version string `json:"Version"`
Statement []awsPermissionElement `json:"Statement"`
}
type awsPermissionElement struct {
Effect string `json:"Effect"`
Action []string `json:"Action"`
Resource string `json:"Resource"`
}
func main() {
awsCloudTrailFile := flag.String("file", "", "The AWS Cloudtrail json file")
flag.Parse()
if *awsCloudTrailFile == "" {
flag.PrintDefaults()
os.Exit(1)
}
file, err := os.Open(*awsCloudTrailFile)
if err != nil {
log.Fatal(err)
}
defer file.Close()
jsonByteArray, err := ioutil.ReadAll(file)
if err != nil {
log.Fatal(err)
}
var data awsCloudJSONObject
err = json.Unmarshal(jsonByteArray, &data)
if err != nil {
log.Fatal(err)
}
// Deduplicate permissions
rules := map[string]bool{}
for _, element := range data.Records {
eventSource := strings.Split(element.EventSource, ".")[0]
rules[eventSource+":"+element.EventName] = true
}
// Create a slice out of all permissions
keys := make([]string, 0, len(rules))
for k := range rules {
keys = append(keys, k)
}
awsPermissionBlob := awsPermissions{
Version: "2012-10-17",
Statement: []awsPermissionElement{
awsPermissionElement{
Effect: "Allow",
Action: keys,
Resource: "*",
},
},
}
permissionString, err := json.Marshal(awsPermissionBlob)
if err != nil {
log.Fatal(err)
}
fmt.Printf("%v\n", string(permissionString))
}