Add setup documentation.

Freeze requirements into a pip requirements file. The PyYAML dependency was inferred from import errors at runtime. Add basic setup instructions for a Python venv. Add the venv from those instructions to .gitignore.
primeharbor · Sep 7, 2024 · 3cba5e2 · 3cba5e2
1 parent 605e760
commit 3cba5e2
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
-iam_definition.json
+iam_definition.json
+venv/
diff --git a/README.md b/README.md
@@ -23,6 +23,16 @@ The addition of an action to these lists can be subjective. Is a pull request in
 
 The script [policy-generation.py](scripts/policy-generation.py) allows you to customize your policies to an extent. If there are specific actions you want to exclude from the explicit deny, you can specify them using `--exclude-actions`. If there are a handful of resource ARNs that you need to access, say a specific S3 Bucket, you can use the `--exclude-resources` flag, and they will be added to the policy using a `NotResource` field.
 
+First, install the script's dependencies. A [Python venv](https://docs.python.org/3/library/venv.html) is an easy way:
+
+```bash
+python3 -m venv venv
+source venv/bin/activate
+pip install -r requirements.txt
+```
+
+Then you can run the script:
+
 ```bash
 usage: policy-generation.py [-h] [--debug] --risk {PrivEsc,ResourceExposure,CredentialExposure,DataAccess,ALL}
                             [--exclude-resources EXCLUDE_RESOURCES [EXCLUDE_RESOURCES ...]]

diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1 @@
+PyYAML==6.0.2