{"id":24283,"library":"py-iam-expand","title":"py-iam-expand","description":"A Python package to expand and deobfuscate AWS IAM policies. Resolves wildcards (*, ?) into the full set of matching IAM actions, can invert action sets, and handles obfuscated policies. Currently at v0.3.0, supporting Python 3.10 through 3.14. Release cadence is irregular.","status":"active","version":"0.3.0","language":"python","source_language":"en","source_url":"https://github.com/prowler-cloud/py-iam-expand","tags":["iam","aws","policy","expansion","wildcard","security"],"install":[{"cmd":"pip install py-iam-expand","lang":"bash","label":"Install from PyPI"}],"dependencies":[],"imports":[{"note":"The main function to expand IAM policy JSON strings.","symbol":"expand_policy","correct":"from iam_expand import expand_policy"},{"note":"Expands a list of action strings with wildcards.","symbol":"expand_actions","correct":"from iam_expand import expand_actions"},{"note":"Returns the set of actions not matching given patterns.","symbol":"invert_actions","correct":"from iam_expand import invert_actions"}],"quickstart":{"code":"from iam_expand import expand_policy\n\npolicy_json = '{\"Effect\":\"Allow\",\"Action\":[\"ec2:*\",\"s3:Get*\"]}'\nexpanded = expand_policy(policy_json)\nprint(expanded)","lang":"python","description":"Expand IAM policy JSON containing wildcards into the full set of actions."},"warnings":[{"fix":"Run your script with internet access or pre-populate botocore's action data.","message":"The library depends on botocore (via py-aws-actions). If you are offline or have a stale botocore cache, expansion may fail or return incomplete results. Ensure network access or a recent action cache.","severity":"gotcha","affected_versions":"<=0.3.0"},{"fix":"Update imports to `from iam_expand import expand_policy`.","message":"In v0.1.0, the function `expand_policy` was named `expand_policies` (plural). The import path changed from `iam_expand_expand_policies` to `iam_expand.expand_policy`.","severity":"breaking","affected_versions":"0.1.0"},{"fix":"Use `expand_policy(policy_str, non_valid_action_behavior='keep')` or `'remove'` to avoid failures.","message":"Non-valid actions (e.g., misspelled actions like `ec2:Describ`) can cause errors. By default, the library fails. You can change behaviour via `non_valid_action_behavior` parameter.","severity":"gotcha","affected_versions":">=0.1.0"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Import as `from iam_expand import expand_policy`.","cause":"The package is installed as `py-iam-expand` but the import module is `iam_expand` (with underscore).","error":"ModuleNotFoundError: No module named 'iam_expand'"},{"fix":"Use `from iam_expand import expand_policy` (singular).","cause":"Using old import path from version 0.1.0 or an outdated import (e.g., `iam_expand.expand_policies`).","error":"AttributeError: module 'iam_expand' has no attribute 'expand_policy'"},{"fix":"Install botocore with full data (usually comes with boto3) or ensure network access on first run.","cause":"botocore data missing or cached version is incomplete; usually happens offline or in restricted environments.","error":"botocore.exceptions.DataNotFoundError: Unable to load data for: iam/2010-05-08/service-2"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}