Tools

The 46-Minute Problem The IAMTrail detection engine fetches ~1,500 AWS managed IAM policies every run. The original approach was pure bash: 1 2 3 4 aws iam list-policies --output json | jq -cr '...' | xargs -P 16 -n3 sh -c \ 'aws iam get-policy-version --policy-arn $1 --version-id $2 | jq --indent 4 . > "policies/$3"' sh Looks fine, right? Except each iteration spawns a full AWS CLI process. That means a fresh Python runtime, boto3 import, credential resolution, one single HTTP call, then exit. Times 1,500. ...

📜 The Origins Back in 2019, Scott Piper started a Github repository to track changes to AWS Managed Policies. It was a simple setup, manually triggered but it worked well and was incredibly useful. Using git diff or Github.com UI, Scott and the community could easily see how policies evolved over time. At that time, AWS didn’t publicly share the changes made to managed policies by the various “two-pizza” product teams inside AWS. ...