We have a new primary maintainer for this project

[kmcquade]

I just made the 0.12.5 release with the latest IAM Definition update, probably for the last time in a while. I do not have the bandwidth to maintain this project any longer. When the IAM Definition updates happen on a monthly basis, it usually makes some of the unit tests fail (my fault for not future-proofing the unit tests) and I have to fix the unit tests one at a time to get the PRs to pass. I just created my own startup and can't dedicate time to this repository anymore.

New Maintainers

If someone else is looking to maintain the project who has contributed in the past, I am happy to transition management of this package depending on the person. If you are interested, please reach out to me.

Otherwise, I will not be accepting any new PRs or addressing any issues.

Continuing use of Policy Sentry

As a package

If you want to keep using this package, it is definitely still possible to do so. The AWS IAM Definition shouldn't change much over time, so it's fine to keep using it directly via pip install - but if you want the absolute latest IAM definition versions, I would suggest using Netflix's policyuniverse or parliament by Scott Piper.

As a command line tool

If you really want to keep using Policy Sentry, you can do so in the current state with no problem.

Latest IAM Definitions*: You can use the latest IAM data from AWS by creating your own IAM definition. You can do this by running policy_sentry initialize --fetch. More information on the IAM definition is available here: https://policy-sentry.readthedocs.io/en/latest/other/initialize/.

Other: For other usage guidance, look at the docs :) See here: https://policy-sentry.readthedocs.io/en/latest/

Personal note

Thank you to everyone who contributed to this project, provided feedback, helped popularize it, and helped make this possible. To date, Policy Sentry has 3.6 million downloads. It runs in thousands of CI/CD pipelines, provides the IAM definition to several multi-million dollar security vendors, and helps protect hundreds of companies - indirectly affecting millions of people like you and me. On a personal note, it was a turning point in my career and helped me really learn python. I grew as a person and as a security professional through the life of this project, and we truly helped move the industry forward with how to do least privilege in AWS. From the bottom of my heart, thank you for everyone who was a part of it. If you want to stay in touch (or to see the next thing that I'm building), feel free to connect with me on Twitter @kmcquade3.

[kmcquade]

I'm going to close this issue because @gruebel has stepped in a new active maintainer. He is a talented developer, a maintainer of Checkov (which is the biggest consumer of Policy Sentry and Cloudsplaining) so he has a vested interest in responsible stewardship of this project. He has also been highly recommended to me from other industry leaders who have worked with him in the past.

I will continue to collaborate with him on project direction questions, but we have generally agreed with the following principles going forward:

• Ensure backwards compatibility for commands
• Ensure backwards compatibility for existing methods, since people use this as a library, both in open source project and commercial products
• Implementing speed and other performance improvements are welcome. He has already implemented lots of this.

Going forward, feel free to open up issues if you want. He will be the point person for things going forward. I am sure that if others are interested in maintaining or collaborating on the project will be welcome too.