The Console -> IAM -> Policies -> Create Policy -> Policy Generator wizard provides a list of AWS Services, and for each service a list of available actions. Knowing Amazon, it is not possible that someone hardwired those into the web page -- they are being generated with an API call.
Anyone know what that API call is? I haven't been able to find it in either the general API reference, or the boto3 reference.
As a concrete example, this is what I want to do; let's say I'm writing my own little policy creation engine, and I want to let my users pick from a (restricted) set of actions to enable. Recall that a policy document is a json object that looks like this:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iam:DeleteSSHPublicKey",
"iam:GetSSHPublicKey",
"iam:ListSSHPublicKeys",
"iam:UpdateSSHPublicKey",
"iam:UploadSSHPublicKey"
],
"Resource": "arn:aws:iam::*:user/${aws:username}"
}
]
}
How can I programmatically get the list of all the available "iam:*" actions? And by that I don't mean "scrape web pages"!
Thanks
/ji