This is an IAM Access Analyzer for Azure. It will return all the actions / permissions used by a given user or service principal between two dates at either subscription or resource group scope.
This project requires pipenv
App uses the Azure Python SDK DefaultCredentialClass.
If using a service principal the environment variables used are:
export AZURE_TENANT_ID="<TENANT_ID>"
export AZURE_CLIENT_ID="<CLIENT_ID>"
export AZURE_CLIENT_SECRET="<CLIENT_SECRET>"pipenv run python main.py <subscription> <username> <num_hours> <resource_group_name>App is using Loguru so all settings are configurable via environment variables.
For example to configure the log level:
export LOGURU_LEVEL="INFO"export LOGURU_LEVEL="DEBUG"pipenv run pytest -v- handle paging
- compare to existing roles
- add management group support
Similar projects and services are:
Permissions.cloud, supports AWS, Azure and Google.