About This Archive
How we track and historize AWS Managed IAM Policy changes
🔊 What is MAMIP?
MAMIP (Monitor AWS Managed IAM Policies) is an unofficial archive that continuously tracks every change made to AWS Managed IAM Policies. We provide a comprehensive, searchable history of policy modifications with full version control through Git.
This service is particularly valuable for AWS practitioners who need to stay informed about security changes, spot new AWS service launches early (via v1 policies), and maintain compliance documentation.
⚙️ How Does It Work?
1. Automated Collection (Every 4 Hours)
Our system runs on AWS ECS Fargate with Spot instances for cost optimization. A scheduled CloudWatch Event triggers the collection process every 4 hours during weekdays (Monday to Friday), using the cron expression: cron(0 */4 ? * MON-FRI *)
2. Policy Retrieval via AWS CLI
We use the official AWS CLI to fetch all managed policies:
aws iam list-policies --scope AWS
# Retrieve each policy document
aws iam get-policy-version \
--policy-arn arn:aws:iam::aws:policy/[PolicyName] \
--version-id [VersionId]
3. Change Detection & Version Control
Each policy is compared against our Git repository. When changes are detected:
- Policy documents are stored as individual JSON files
- Each change gets its own Git commit with timestamp
- Version history is preserved indefinitely
- Diffs are automatically generated
4. Policy Validation
Every policy is validated using AWS IAM Access Analyzer to identify:
- Security warnings
- Best practice recommendations
- Syntax issues
- Redundant statements
5. Multi-Channel Notifications
Policy changes are broadcast through multiple channels:
- Bluesky (@mamip.bsky.social)
- Twitter/𝕏 (@mamip_aws)
- AWS SNS Topic (arn:aws:sns:eu-west-1:567589703415:mamip-sns-topic)
- GitHub commits & releases
🏗️ Technology Stack
Infrastructure
- • AWS ECS Fargate (Spot)
- • AWS CloudWatch Events
- • AWS Secrets Manager
- • Terraform (IaC)
Application
- • Python 3.x
- • AWS CLI & Boto3
- • Docker
- • Git
Website
- • Next.js 15 (SSG)
- • TypeScript
- • Tailwind CSS
- • GitHub Pages
Validation
- • AWS IAM Access Analyzer
- • Policy validation API
- • Security findings
💡 Credits & Inspiration
The initial idea for tracking AWS Managed IAM Policies comes from Scott Piper (@0xdabbad00) from SummitRoute, who created the original aws_managed_policies repository.
MAMIP extends this concept by adding automated infrastructure, continuous monitoring, policy validation, multi-channel notifications, and this searchable web interface. Scott's work laid the foundation for tracking these important security changes in the AWS ecosystem.
🔎 Known AWS Account Lookup
MAMIP includes a Known AWS Account Lookup tool powered by the fwdcloudsec/known_aws_accounts community dataset. Paste an AWS account ID to identify its owner - useful when investigating CloudTrail logs, S3 bucket policies, or IAM trust relationships.
This dataset is maintained under the fwd:cloudsec organization, a non-profit conference on cloud security. At this conference you can expect discussions about all the major cloud platforms, both attack and defense research, limitations of security features, the pros and cons of different security strategies, and generally the types of things cloud practitioners want to know, but that don't fit neatly into a vendor conference schedule.
👨💻 About the Maintainer
MAMIP is created and maintained by zoph.io, an AWS Cloud Advisory Boutique based in France.
As a freelance AWS consultant specializing in cloud security, compliance, and infrastructure automation, I created this tool to help the AWS community stay informed about IAM policy changes and maintain better security posture.
This project combines my expertise in AWS security, DevOps practices, and open-source development to provide a valuable resource for AWS practitioners worldwide.
🔗 Useful Links
⚠️Important Disclaimer
This is an unofficial archive and is not affiliated with, endorsed by, or sponsored by Amazon Web Services (AWS). AWS, Amazon Web Services, and all related marks are trademarks of Amazon.com, Inc. or its affiliates. This project is independently operated and maintained for educational and informational purposes.