Along with the General Guides, it might be helpful to add a niche guide section, which is broken down by AWS service. Happy to issue a PR with some quality tutorials as an example.

Currently if I "aws-vault foobar" and don't have a foobar profile in my aws config file, a profile section will be added and written to the file. However, if I then /remove/ the credentials, the profile section remains despite being empty. The expected behavior from me would be that if the profile were still empty (that is, never filled with extra data by the user), then it would be removed.

Is your feature request related to a problem? Please describe.

As observed during #261, users can accidentally set timeouts inconsistently. A concrete example is that one can set a User facing timeout lower than any backend timeout, such that requests may fail early.

Describe the solution you'd like

We should provide some sanity checking to prevent unintended timeout behavior.

In the Readme file, the second step to "Run the server" is not clear. Can you modify that to describe how to run the server?

The flags used to configure the keepalive time and timeout imply the use of milliseconds rather than a duration.

  --grpc-keepalive-time-ms=10s   gRPC keepalive time
  --grpc-keepalive-timeout-ms=2s  
                                 gRPC keepalive timeout

Should probably have the -ms removed from the flag.

Man-in-the-Middle
commons-httpclient:commons-httpclient is a HttpClient component of the Apache HttpComponents project.

Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). due to not verifing the requesting server's hostname agains existing domain names in the SSL Certificate. The AbstractVerifier does not properly verify that the server hostname matches a dom

Gotta make sure this tool works across multiple operating systems and Python versions. The biggest concern is the graph file-storage, since that's OS-specific code and I could only test against Ubuntu 16.

Principal Mapper needs to be tested on the following operating systems and Python versions (but not all combinations of which):

Python

• Python 3.6
• Python 3.7

Operati

Currently, there is no way to uninstall keymaker.

Please add this option and explain how to do it in the documentation.

It would also be helpful to list where the keymaker files are installed to (file paths).

Please make sure to provide all the fields and describe your issue.

• Service: lambda
• Action: TagResource, UntagResource, ListTags

The above are missing in the catalogue. The corresponding documentation is at https://docs.aws.amazon.com/lambda/latest/dg/lambda-api-permissions-ref.html

I think we should write it down somewhere, so we don't forget it?! I mean, it's drop dead simple: push the tag, but anyways. I don't think we need this with 3.0, so no hurry here.

#53 makes a change to completely ignore aws-service-roles. This raises an issue when you migrate to 2.3, it tries to create aws-service-roles as they are not "synced".

The fix I've implemented is to delete aws-service-role/* from our repo. I've documented this now in the releases page but we should do anything further?

cc @jacobbednarz

Note

You should remove all roles under `iam

Would be nice to install this using a package managers

brew install iam-policy-json-to-terraform
choco install iam-policy-json-to-terraform
scoop install iam-policy-json-to-terraform

Thanks!

#22 introduced a feature to guess actions that are similar to an existing policy. It currently doesn't support all actions.

Here's things I currently know are missing (comment if you find more):

• KMS: Encrypt, Decrypt, GenerateDataKey, ...
• ECR: BatchDeleteImage, BatchGetImage, ...
• *Deregister*
• *Modify*
• *Remove*
• API Gateway: (DELETE,

It would be great if we can specify the DurationSeconds parameter as MaxSessionDuration while assuming the role. Currently the code uses the default 1 hour