#aws (2025-01)

Hey CloudPosse community! Heads up on a critical AWS EBS policy change that could cause issues if not addressed (for example). AWS’s notification only covers policies used in the last 90 days, potentially missing infrequently used ones in large environments. To help tackle this, I’ve created an open-source Python CLI tool that scans ALL policies, regardless of recent usage, and outputs a CSV based on policy statements. This can help catch and identify every affected policy, even rarely used ones. The tool is available for anyone to use: https://github.com/JacobAmar/aws-policy-checker All you need to do in order to generate a csv file containing all the policies that contains this statement is simply run:

python3 main.py --region us-east-1 --workers 50 (workers are optional but good to use when you have a lot of policies) --statement ec2:CreateVolume (or any other statement)

Hope this helps fellow DevOps pros facing this challenge across various organizations! Feel free to check it out, contribute, or share feedback! Cheers!