graph LR
CLI_Interface["CLI Interface"]
IAM_Data_Management["IAM Data Management"]
IAM_Data_Query_Engine["IAM Data Query Engine"]
Policy_Generation_Engine["Policy Generation Engine"]
Policy_Analysis_Module["Policy Analysis Module"]
CLI_Interface -- "Initializes/Updates IAM Data Store" --> IAM_Data_Management
CLI_Interface -- "Requests IAM Data" --> IAM_Data_Query_Engine
CLI_Interface -- "Requests Policy Creation" --> Policy_Generation_Engine
IAM_Data_Management -- "Populates/Provides Data Access" --> IAM_Data_Query_Engine
IAM_Data_Query_Engine -- "Returns Query Results" --> CLI_Interface
IAM_Data_Query_Engine -- "Provides IAM Data" --> Policy_Generation_Engine
IAM_Data_Query_Engine -- "Provides IAM Data" --> Policy_Analysis_Module
Policy_Generation_Engine -- "Queries IAM Data" --> IAM_Data_Query_Engine
Policy_Generation_Engine -- "Submits Policy for Analysis/Minimization" --> Policy_Analysis_Module
Policy_Analysis_Module -- "Queries IAM Data for Expansion" --> IAM_Data_Query_Engine
Policy_Analysis_Module -- "Returns Analyzed/Minimized Policy" --> Policy_Generation_Engine
click CLI_Interface href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/policy_sentry/CLI_Interface.md" "Details"
click IAM_Data_Management href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/policy_sentry/IAM_Data_Management.md" "Details"
click IAM_Data_Query_Engine href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/policy_sentry/IAM_Data_Query_Engine.md" "Details"
click Policy_Generation_Engine href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/policy_sentry/Policy_Generation_Engine.md" "Details"
click Policy_Analysis_Module href "https://github.com/CodeBoarding/GeneratedOnBoardings/blob/main/policy_sentry/Policy_Analysis_Module.md" "Details"
The policy_sentry project is structured around a clear separation of concerns, facilitating robust IAM policy management. The CLI Interface serves as the primary entry point, orchestrating user commands. It interacts with the IAM Data Management component for initial setup and updates of the internal AWS IAM data store. For all data retrieval needs, both the CLI and other internal components rely on the IAM Data Query Engine, which provides an abstracted interface to the stored IAM information. Policy creation is handled by the Policy Generation Engine, which leverages the IAM Data Query Engine for necessary data and then passes generated policies to the Policy Analysis Module for refinement and expansion. The Policy Analysis Module can also query the IAM Data Query Engine for its operations, ensuring a consistent data flow throughout the system. This modular design allows for clear data flow, making it suitable for both detailed documentation and intuitive visual diagram generation.
CLI Interface [Expand]
The user-facing component responsible for parsing command-line arguments, validating input, and dispatching commands to the appropriate backend modules. It acts as the orchestrator for all user-initiated operations.
Related Classes/Methods:
policy_sentry.bin.clipolicy_sentry.command.initializepolicy_sentry.command.querypolicy_sentry.command.write_policy
IAM Data Management [Expand]
Manages the lifecycle of the internal AWS IAM data store. This includes ingesting raw AWS documentation, parsing it, and populating/updating the local database with service, action, ARN, and condition key information.
Related Classes/Methods:
IAM Data Query Engine [Expand]
Provides a standardized, abstracted interface for other components to retrieve specific AWS IAM data from the internal data store. It handles queries for actions, ARNs, services, and condition keys, ensuring consistent data access.
Related Classes/Methods:
policy_sentry.querying.actionspolicy_sentry.querying.allpolicy_sentry.querying.arnspolicy_sentry.querying.conditionspolicy_sentry.querying.services:11-19
Policy Generation Engine [Expand]
The core logic for constructing AWS IAM policies. It takes user-defined templates, access levels, and resource constraints, then generates minimized and secure IAM policies, handling SID grouping and statement optimization.
Related Classes/Methods:
policy_sentry.writing.sid_grouppolicy_sentry.writing.minimizepolicy_sentry.writing.create_template
Policy Analysis Module [Expand]
Focuses on transforming and analyzing IAM policies. Its primary function is to expand shorthand actions (e.g., s3:*) into their full, explicit equivalents, and can be extended for other policy-level validations or transformations.
Related Classes/Methods: