Damn. The report guidance is really good. I'm going to use this in an assessment next week :) Have to review an account that has hundreds of IAM roles but this should help a lot,.

Thanks! I’m glad you like it. Let me know if you have any feedback - here, in the Gitter channel (link in the Readme), or on Twitter (kmcquade3)

What kind of privileges do I need to run it? I don’t see any details in the documentation. You should probably add this there.

You just need a single IAM action - iam:GetAccountAuthorizationDetails (https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetA...).

I’ll definitely add that to the README. Thanks

Cool project. How is this different from PMapper though? I use that it some of my assessments (underrated tool IMHO).

PMapper is definitely a great tool. It’s best used in Pentests for validating some privilege escalation paths. It has the benefit of analyzing IAM trust policies, resource based policies, viewing escalation paths in a graph based approach. Very underrated indeed.

Cloudsplaining is faster at creating a more comprehensive report. We realize that there is lots of damage that can be done just by being able to modify Infrastructure, even when your privileges fall short of legit privilege escalation.

I think the example report will illustrate this best for you. Check it out here: https://opensource.salesforce.com/cloudsplaining/