How to list AWS policies (with resource -* and action contains) attached to an instance profile?

dcpeach

Able to list the policies but stuck on how to query whether it has resource "*" along with the action.

AaronO

Hi, thanks for your question! This should find what you're looking for:

FIND aws_instance as i
  THAT USES aws_iam_role as r
  THAT ASSIGNED AccessPolicy as p
  THAT ALLOWS AS rule *
  WHERE rule.resources='*' AND rule.actions='*'
RETURN 
  r.displayName, i.displayName, i.iaminstanceProfileArn, 
  p.displayName, p.policyName, p.roleName