AWS IAM 権限昇格チェックツール

https://dev.classmethod.jp/articles/principal-mapper-try/
https://shinobe179.hatenablog.com/entry/2022/08/09/233421
https://github.com/nccgroup/PMapper

 

OS: Amazon Linux2

-- 1. インストール

sudo yum install -y graphviz git

pip3 install principalmapper

-- 2. 動作確認

pmapper graph create --include-regions ap-northeast-1

pmapper graph display
pmapper graph list

pmapper query 'who can do iam:CreateUser'

pmapper visualize --filetype svg

pmapper visualize --only-privesc