IAM-APE returns an empty answer when trying to feed it a policy that is structured as an Allowlist with a Deny and NotAction combination. Example can be found here in AWS documentation.
When I run it with an ARN of my role that has Admin permissions and with -s switch it produces empty output:
`
Effective permissions policy for arn:aws:iam::12312312312:role/path/rolename
{
"Statement": []
}
`
Expectations is that it would evaluate the SCP correctly and provide the effective permissions
IAM-APE returns an empty answer when trying to feed it a policy that is structured as an Allowlist with a Deny and NotAction combination. Example can be found here in AWS documentation.
When I run it with an ARN of my role that has Admin permissions and with -s switch it produces empty output:
`
Effective permissions policy for arn:aws:iam::12312312312:role/path/rolename
{
"Statement": []
}
`
Expectations is that it would evaluate the SCP correctly and provide the effective permissions