{"id":6032,"library":"policyuniverse","title":"PolicyUniverse","description":"PolicyUniverse, currently at version 1.5.1.20231109, is a Python library for parsing and processing AWS IAM Policies, Statements, ARNs, and wildcards. It provides classes to parse AWS IAM and Resource Policies, expand wildcards using AWS permission data, and minify policies to help users stay under AWS policy size limits. The project, open-sourced by Netflix-Skunkworks, sees releases as needed, with its latest update in November 2023.","status":"active","version":"1.5.1.20231109","language":"en","source_language":"en","source_url":"https://github.com/Netflix-Skunkworks/policyuniverse","tags":["aws","iam","policy","security","cloud"],"install":[{"cmd":"pip install policyuniverse","lang":"bash","label":"Install latest version"}],"dependencies":[],"imports":[{"symbol":"ARN","correct":"from policyuniverse.arn import ARN"},{"symbol":"Policy","correct":"from policyuniverse.policy import Policy"},{"note":"Often used implicitly by Policy objects, but can be imported for direct use.","symbol":"Statement","correct":"from policyuniverse.statement import Statement"}],"quickstart":{"code":"from policyuniverse.policy import Policy\n\npolicy_document = {\n    'Version': '2012-10-17',\n    'Statement': [\n        {\n            'Effect': 'Allow',\n            'Principal': 'arn:aws:iam::012345678910:root',\n            'Action': ['s3:*'],\n            'Resource': '*',\n            'Condition': {\n                'IpAddress': {\n                    'AWS:SourceIP': ['0.0.0.0/0']\n                }\n            }\n        },\n        {\n            'Effect': 'Allow',\n            'Principal': 'arn:aws:iam::*:role/Hello',\n            'Action': ['ec2:*'],\n            'Resource': '*',\n            'Condition': {\n                'StringLike': {\n                    'AWS:SourceOwner': '012345678910'\n                }\n            }\n        }\n    ]\n}\n\npolicy = Policy(policy_document)\n\nprint(f\"Policy principals: {policy.principals}\")\nprint(f\"Is internet accessible: {policy.is_internet_accessible()}\")\nprint(f\"Actions summary: {policy.action_summary()}\")","lang":"python","description":"This example demonstrates how to parse an AWS IAM policy document using the `Policy` class, retrieve its principals, check for internet accessibility, and get a summary of actions."},"warnings":[{"fix":"Ensure that policies intended for minification only contain 'Allow' effects, or handle 'Deny' statements separately.","message":"Minification of policies does not currently work on 'Deny' statements. Attempting to minify a policy with 'Deny' effects will raise an exception.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Only use policy minification when strictly necessary to comply with AWS policy size constraints. Otherwise, manage policies in their more human-readable expanded form.","message":"While PolicyUniverse can minify policies to meet size limits, the resulting minified policies can be significantly less readable. It is recommended to avoid minification if possible, prioritizing human readability and maintainability.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-14T00:00:00.000Z","next_check":"2026-07-13T00:00:00.000Z"}