# CloudCustodian IAM Policy

Extracts perms from cloud-custodian repo, sanitizes extracted data, and transforms into terraform.

## How it works

The code will

1. search for `permissions = (get this data)` over multiline
1. print only the captured group
1. remove the file names from rg output
1. make all quotes single quotes
1. insert a new line in between single quoted strings
1. make all quotes double quotes
1. remove leading whitespace and empty lines
1. remove any lines that don't begin with a quote
1. remove all quotes
1. remove all commas
1. sort output
1. only return unique values
1. run python script against that to create the iam policy
1. profit

## Regenerate

1. Install ripgrep and git

    ```bash
    brew install rg git
    ```

1. Clone

    ```bash
    git clone git@github.com:cloud-custodian/cloud-custodian.git
    cd cloud-custodian
    ```

1. Download `extract-perms.sh` and `convert-extracted-cloud-custodian-perms-to-terraform.py`

    ```bash
    wget https://gist.github.com/nitrocode/0cd3db8e0a7c994fbca2a6f252ca40cf/raw/extract-perms.sh
    wget https://gist.github.com/nitrocode/0cd3db8e0a7c994fbca2a6f252ca40cf/raw/convert-extracted-cloud-custodian-perms-to-terraform.py
    ```

1. Run `extract-perms.sh`

    ```bash
    bash extract-perms.sh
    ```

    The output terraform will be saved in `cloud-custodian-iam-policy.tf` and the list of perms will be saved in `perms.txt`.

## Reuse

If regenerating the policy is not wanted then feel free to download the following terraform files, init, and apply.

Note: That this code does fall out of date with the source code so it's usually best to regenerate.

```
wget https://gist.github.com/nitrocode/0cd3db8e0a7c994fbca2a6f252ca40cf/raw/cloud_custodain_iam_role.tf
wget https://gist.github.com/nitrocode/0cd3db8e0a7c994fbca2a6f252ca40cf/raw/cloud_custodian_iam_policy.tf
```

Add a backend and simply run the following to create the role.

```
terraform init
terraform apply
```