AWS CLI Query for A List of Policies

Obtain the latest version of a policies using the AWS CLI

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: Privilege Escalation | AWS Security | Application Security | Data Breaches | IAM

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Often times on a penetration test and assessment I’m looking at a list of policies associated with a finding and I want to quickly review all those policies to validate the finding severity. Often times the tools overestimate the risk because they can’t understand the nuances of the policy or the environment. Other times the tools missing things I see as a risk in policies.

The AWS CLI makes you jump through some hoops to get to that point. You have to get the list of versions of policies and then figure out what the latest version is. Then you can query for that specific policy version.

What I can do is generate a list of policies in a file using various bash commands like cut and sed from whatever list from any output I’m viewing. Or I can parse the…