Policy Sentry automates the generation of least-privilege AWS IAM policies by scoping permissions based on access levels and resource constraints.
IAM Least Privilege Policy Generator
This tool is designed for developers, security engineers, and DevOps professionals who need to create secure, least-privilege IAM policies quickly and accurately without manually combing through AWS documentation. It helps teams enforce security best practices by automating policy creation, reducing the risk of over-permissioned roles and managed policies.
For best results, users should provide accurate ARNs and access level details in the templates. While Policy Sentry automates policy generation, reviewing generated policies for context-specific adjustments is recommended. Integration with Terraform and Docker enhances automation in Infrastructure as Code workflows.
Install via package managers (e.g., pip install policy-sentry)
Enable shell completion for your shell environment (optional)
Refer to the official ReadTheDocs for detailed setup and usagepolicy_sentry write-policy
Generates a least-privilege IAM policy based on a user-provided template and ARNs.
policy_sentry create-template
Starts the process by creating a policy template to define required permissions.
policy_sentry query-iam-database
Allows querying the IAM database for actions, resources, and condition keys.