{"id":3407,"library":"awacs","title":"AWACS (AWS Access Policy Language creation library)","description":"AWACS is a Python library designed for creating AWS Access Policy Language (IAM policies) programmatically. It provides a structured way to define policies using Python objects, making them easier to manage, version, and integrate into infrastructure-as-code tools. The library regularly updates its definitions for AWS services and actions by scraping AWS documentation. It is actively maintained with frequent minor releases to incorporate new AWS actions and address scraper fixes, currently at version 2.5.0.","status":"active","version":"2.5.0","language":"en","source_language":"en","source_url":"https://github.com/cloudtools/awacs","tags":["aws","iam","policy","security","cloud"],"install":[{"cmd":"pip install awacs","lang":"bash","label":"Install stable version"}],"dependencies":[],"imports":[{"symbol":"Policy","correct":"from awacs.aws import Policy"},{"symbol":"Statement","correct":"from awacs.aws import Statement"},{"symbol":"Principal","correct":"from awacs.aws import Principal"},{"symbol":"Action","correct":"from awacs.aws import Action"},{"symbol":"Allow","correct":"from awacs.aws import Allow"},{"symbol":"ARN","correct":"from awacs.iam import ARN"},{"symbol":"AssumeRole","correct":"from awacs.sts import AssumeRole"},{"symbol":"get_service_principal","correct":"from awacs.helpers.trust import get_service_principal"}],"quickstart":{"code":"from awacs.aws import Action, Allow, Policy, Principal, Statement\nfrom awacs.iam import ARN\nfrom awacs.sts import AssumeRole\n\n# Create a basic AssumeRole policy\npolicy = Policy(\n    Statement(\n        Effect=Allow,\n        Principal=Principal(\"AWS\", ARN(\"arn:aws:iam::123456789012:root\")),\n        Action=[AssumeRole],\n    )\n)\n\n# Convert the policy to JSON string\npolicy_json = policy.to_json()\nprint(policy_json)\n\n# Example of an S3 read-only policy for a specific bucket\nfrom awacs.s3 import GetObject, ListBucket\n\ns3_read_policy = Policy(\n    Statement(\n        Effect=Allow,\n        Action=[ListBucket],\n        Resource=[ARN(\"arn:aws:s3:::my-example-bucket\")]\n    ),\n    Statement(\n        Effect=Allow,\n        Action=[GetObject],\n        Resource=[ARN(\"arn:aws:s3:::my-example-bucket/*\")]\n    )\n)\nprint(s3_read_policy.to_json())","lang":"python","description":"This quickstart demonstrates how to create a simple AWS IAM AssumeRole policy and an S3 read-only policy using AWACS. It shows how to import core components like `Policy`, `Statement`, `Principal`, `Action`, `Effect`, and specific service actions (`AssumeRole`, `GetObject`, `ListBucket`) to build policies that can then be converted to a JSON string for use with AWS services."},"warnings":[{"fix":"Ensure your project runs on Python 3.x. The current stable version of AWACS requires Python >=3.9.","message":"Version 2.0.0 of AWACS dropped support for Python 2.x. This was a major breaking change, requiring all users to migrate to Python 3.x.","severity":"breaking","affected_versions":">=2.0.0"},{"fix":"Upgrade your Python environment to 3.9 or newer before installing or upgrading to the latest AWACS versions.","message":"The minimum required Python version has been progressively increased. As of version 2.5.0, AWACS officially requires Python >=3.9. Users on Python 3.6, 3.7, or 3.8 will encounter compatibility issues when upgrading to recent AWACS versions.","severity":"breaking","affected_versions":">=2.1.0 (for 3.6), >=2.5.0 (for 3.7, 3.8)"},{"fix":"Regularly update `awacs` to the latest version (`pip install --upgrade awacs`) to ensure you have the most current AWS action definitions.","message":"AWACS dynamically generates AWS action definitions by scraping AWS documentation. If you're using an older version of the library, it might not contain the definitions for newly released AWS services or actions. This can lead to missing action errors or incomplete policies.","severity":"gotcha","affected_versions":"<2.5.0"},{"fix":"Upgrade to `awacs` version 2.4.0 or newer for improved type-checking compatibility and reliability, especially in projects using `mypy` or similar static analysis tools.","message":"Version 2.4.0 included fixes for `mypy` which addressed implicit `Optional` types. Users relying on strict type checking with older `awacs` versions (prior to 2.4.0) might have encountered type-hinting related issues.","severity":"gotcha","affected_versions":"<2.4.0"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}