{"library":"policy-sentry","title":"Policy Sentry","description":"Policy Sentry is an AWS IAM Least Privilege Policy Generator, auditor, and analysis database, currently at version 0.15.1. It compiles database tables based on the AWS IAM Documentation on Actions, Resources, and Condition Keys and leverages that data to create least-privilege IAM policies. It helps organizations limit the blast radius in the event of a breach and scale the creation of secure IAM policies. The project maintains an active release cadence with frequent updates.","language":"python","status":"active","last_verified":"Thu May 14","install":{"commands":["pip install policy-sentry"],"cli":{"name":"policy_sentry","version":"policy_sentry, version 0.15.2"}},"imports":["from policy_sentry.writing.policy import write_policy","from policy_sentry.querying.actions import get_actions_for_service"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"from policy_sentry.writing.policy import write_policy\nimport json\n\n# Define the policy requirements using a dictionary that mirrors the YAML template structure\npolicy_definition = {\n    \"mode\": \"crud\",\n    \"name\": \"MyS3ReadPolicy\",\n    \"read\": [\n        \"arn:aws:s3:::my-unique-bucket\",\n        \"arn:aws:s3:::my-unique-bucket/*\"\n    ],\n    \"write\": [],\n    \"list\": [\n        \"arn:aws:s3:::my-unique-bucket\"\n    ],\n    \"tagging\": [],\n    \"permissions-management\": [],\n    \"wildcard-only\": {\n        \"single-actions\": [],\n        \"service-read\": [],\n        \"service-write\": [],\n        \"service-list\": [],\n        \"service-tagging\": [],\n        \"service-permissions-management\": []\n    },\n    \"skip-resource-constraints\": [],\n    \"exclude-actions\": []\n}\n\n# Generate the IAM policy\noutput_policy = write_policy(policy_definition)\n\nprint(json.dumps(output_policy, indent=4))","lang":"python","description":"This quickstart demonstrates how to programmatically define policy requirements using a dictionary structure similar to the CLI's YAML templates, and then generate a least-privilege AWS IAM policy in JSON format. It creates a policy allowing read and list access to a specific S3 bucket and its objects.","tag":null,"tag_description":null,"last_tested":"2026-04-25","results":[{"runtime":"python:3.10-alpine","exit_code":1},{"runtime":"python:3.10-slim","exit_code":1},{"runtime":"python:3.11-alpine","exit_code":1},{"runtime":"python:3.11-slim","exit_code":1},{"runtime":"python:3.12-alpine","exit_code":1},{"runtime":"python:3.12-slim","exit_code":1},{"runtime":"python:3.13-alpine","exit_code":1},{"runtime":"python:3.13-slim","exit_code":1},{"runtime":"python:3.9-alpine","exit_code":1},{"runtime":"python:3.9-slim","exit_code":1}]},"compatibility":{"tag":null,"tag_description":null,"last_tested":"2026-05-14","installed_version":"0.14.1","pypi_latest":"0.15.2","is_stale":true,"summary":{"python_range":"3.10–3.9","success_rate":50,"avg_install_s":2.9,"avg_import_s":null,"wheel_type":"wheel"},"results":[{"runtime":"python:3.10-alpine","python_version":"3.10","os_libc":"alpine (musl)","variant":"policy-sentry","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":"39.0M"},{"runtime":"python:3.10-alpine","python_version":"3.10","os_libc":"alpine (musl)","variant":"policy-sentry","exit_code":1,"wheel_type":null,"failure_reason":null,"import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null},{"runtime":"python:3.10-slim","python_version":"3.10","os_libc":"slim (glibc)","variant":"policy-sentry","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":3.1,"import_time_s":null,"mem_mb":null,"disk_size":"40M"},{"runtime":"python:3.10-slim","python_version":"3.10","os_libc":"slim (glibc)","variant":"policy-sentry","exit_code":1,"wheel_type":null,"failure_reason":null,"import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null},{"runtime":"python:3.11-alpine","python_version":"3.11","os_libc":"alpine (musl)","variant":"policy-sentry","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":"41.8M"},{"runtime":"python:3.11-alpine","python_version":"3.11","os_libc":"alpine (musl)","variant":"policy-sentry","exit_code":1,"wheel_type":null,"failure_reason":null,"import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null},{"runtime":"python:3.11-slim","python_version":"3.11","os_libc":"slim (glibc)","variant":"policy-sentry","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":2.9,"import_time_s":null,"mem_mb":null,"disk_size":"43M"},{"runtime":"python:3.11-slim","python_version":"3.11","os_libc":"slim (glibc)","variant":"policy-sentry","exit_code":1,"wheel_type":null,"failure_reason":null,"import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null},{"runtime":"python:3.12-alpine","python_version":"3.12","os_libc":"alpine (musl)","variant":"policy-sentry","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":"33.4M"},{"runtime":"python:3.12-alpine","python_version":"3.12","os_libc":"alpine (musl)","variant":"policy-sentry","exit_code":1,"wheel_type":null,"failure_reason":null,"import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null},{"runtime":"python:3.12-slim","python_version":"3.12","os_libc":"slim (glibc)","variant":"policy-sentry","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":2.5,"import_time_s":null,"mem_mb":null,"disk_size":"35M"},{"runtime":"python:3.12-slim","python_version":"3.12","os_libc":"slim (glibc)","variant":"policy-sentry","exit_code":1,"wheel_type":null,"failure_reason":null,"import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null},{"runtime":"python:3.13-alpine","python_version":"3.13","os_libc":"alpine (musl)","variant":"policy-sentry","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":"33.2M"},{"runtime":"python:3.13-alpine","python_version":"3.13","os_libc":"alpine (musl)","variant":"policy-sentry","exit_code":1,"wheel_type":null,"failure_reason":null,"import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null},{"runtime":"python:3.13-slim","python_version":"3.13","os_libc":"slim (glibc)","variant":"policy-sentry","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":2.6,"import_time_s":null,"mem_mb":null,"disk_size":"34M"},{"runtime":"python:3.13-slim","python_version":"3.13","os_libc":"slim (glibc)","variant":"policy-sentry","exit_code":1,"wheel_type":null,"failure_reason":null,"import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null},{"runtime":"python:3.9-alpine","python_version":"3.9","os_libc":"alpine (musl)","variant":"policy-sentry","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":"37.3M"},{"runtime":"python:3.9-alpine","python_version":"3.9","os_libc":"alpine (musl)","variant":"policy-sentry","exit_code":1,"wheel_type":null,"failure_reason":null,"import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null},{"runtime":"python:3.9-slim","python_version":"3.9","os_libc":"slim (glibc)","variant":"policy-sentry","exit_code":0,"wheel_type":"wheel","failure_reason":null,"import_side_effects":"broken","install_time_s":3.6,"import_time_s":null,"mem_mb":null,"disk_size":"38M"},{"runtime":"python:3.9-slim","python_version":"3.9","os_libc":"slim (glibc)","variant":"policy-sentry","exit_code":1,"wheel_type":null,"failure_reason":null,"import_side_effects":null,"install_time_s":null,"import_time_s":null,"mem_mb":null,"disk_size":null}]}}