def get_managed_policy(managed_policy_arn):
iam_client = boto3.client("iam")
managed_policy = iam_client.get_policy(PolicyArn=managed_policy_arn)
version_id = managed_policy.get("Policy", {}).get("DefaultVersionId")
if version_id:
policy_version = iam_client.get_policy_version(
PolicyArn=managed_policy_arn, VersionId=version_id)
return Policy(
**{
"PolicyDocument": policy_version["PolicyVersion"]["Document"],
"PolicyName": f"AutoTransformedManagedPolicy{version_id}",
})
return None
def parse_fetch_update(self, resources):
for resource in resources:
for managed_policy_arn in resource.managed_policy_arns:
managed_policy = self.iam_client.get_policy(
PolicyArn=managed_policy_arn)
version_id = managed_policy.get("Policy",
{}).get("DefaultVersionId")
if not version_id:
continue
policy_version = self.iam_client.get_policy_version(
PolicyArn=managed_policy_arn, VersionId=version_id)
policy_document_json = {
"PolicyDocument":
policy_version["PolicyVersion"]["Document"],
"PolicyName":
"AutoTransformedManagedPolicy{}".format(version_id),
}
policy_document = Policy(policy_document_json)
resource.policies.append(policy_document)