Tools on zoph.me /tags/tools/ Recent content in Tools on zoph.me zoph.me https://zoph.me/posts/resources/images/code-social.png https://zoph.me/posts/resources/images/code-social.png Hugo -- 0.148.2 en-us Sat, 04 Apr 2026 07:37:00 +0200 Speeding Up IAMTrail: One Boto3 Process Instead of 1,500 CLI Invocations /posts/2026-04-04-iamtrail-optim/ Sat, 04 Apr 2026 07:37:00 +0200 /posts/2026-04-04-iamtrail-optim/ <h2 id="the-46-minute-problem">The 46-Minute Problem</h2> <p>The IAMTrail detection engine fetches ~1,500 AWS managed IAM policies every run. The original approach was pure bash:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt" id="hl-0-1"><a class="lnlinks" href="#hl-0-1">1</a> </span><span class="lnt" id="hl-0-2"><a class="lnlinks" href="#hl-0-2">2</a> </span><span class="lnt" id="hl-0-3"><a class="lnlinks" href="#hl-0-3">3</a> </span><span class="lnt" id="hl-0-4"><a class="lnlinks" href="#hl-0-4">4</a> </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">aws iam list-policies --output json <span class="p">|</span> </span></span><span class="line"><span class="cl"> jq -cr <span class="s1">&#39;...&#39;</span> <span class="p">|</span> </span></span><span class="line"><span class="cl"> xargs -P <span class="m">16</span> -n3 sh -c <span class="se">\ </span></span></span><span class="line"><span class="cl"><span class="se"></span> <span class="s1">&#39;aws iam get-policy-version --policy-arn $1 --version-id $2 | jq --indent 4 . &gt; &#34;policies/$3&#34;&#39;</span> sh </span></span></code></pre></td></tr></table> </div> </div><p>Looks fine, right? Except each iteration spawns a full AWS CLI process. That means a fresh Python runtime, boto3 import, credential resolution, one single HTTP call, then exit. Times 1,500.</p> IAMTrail.com: The AWS Managed Policy Archive (Evolved from MAMIP) /posts/2025-10-23-mamip-compagnion-website/ Thu, 23 Oct 2025 13:37:00 +0200 /posts/2025-10-23-mamip-compagnion-website/ <h2 id="-the-origins">📜 The Origins</h2> <p>Back in 2019, <a href="https://twitter.com/0xdabbad00">Scott Piper</a> started a GitHub repository to track changes to AWS Managed Policies. It was a simple setup, manually triggered but it worked well and was incredibly useful. Using <code>git diff</code> or the Github.com UI, Scott and the community could easily see how policies evolved over time.</p> <p>At that time, AWS didn&rsquo;t publicly share the changes made to managed policies by the various &ldquo;two-pizza&rdquo; product teams inside AWS.</p>