Update docs

README.md

@@ -274,8 +274,6 @@ Actions: ecr:BatchDeleteImage, ecr:CompleteLayerUpload, ecr:CreateRepository, ec
 cloudsplaining download
 # Download from a specific profile
 cloudsplaining download --profile someprofile
-# Download authorization details for **all** of your AWS profiles
-cloudsplaining download --profile all
 
 # Scan Authorization details
 cloudsplaining scan --input default.json

docs/user-guide/download.md

@@ -1,37 +1,26 @@
-# Downloading Account Authorization Details
+#### Downloading Account Authorization Details
 
-The `download` command downloads a large JSON file containing all the AWS IAM information in your account. This is done via the [aws iam get-account-authorization-details](https://docs.aws.amazon.com/cli/latest/reference/iam/get-account-authorization-details.html) API call. It stores them in `account-alias.json`.
+We can scan an entire AWS account and generate reports. To do this, we leverage the AWS IAM [get-account-authorization-details](https://docs.aws.amazon.com/cli/latest/reference/iam/get-account-authorization-details.html) API call, which downloads a large JSON file (around 100KB per account) that contains all of the IAM details for the account. This includes data on users, groups, roles, customer-managed policies, and AWS-managed policies.
 
-The `scan` command requires that file.
+* You must have AWS credentials configured that can be used by the CLI.
 
-## Quick start
+* You must have the privileges to run [iam:GetAccountAuthorizationDetails](https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetAccountAuthorizationDetails.html). The `arn:aws:iam::aws:policy/SecurityAudit` policy includes this, as do many others that allow Read access to the IAM Service.
 
-* Set your AWS access keys as environment variables:
+* To download the account authorization details, ensure you are authenticated to AWS, then run `cloudsplaining`'s `download` command:
 
 ```bash
-export AWS_ACCESS_KEY_ID=...
-export AWS_SECRET_ACCESS_KEY=...
-# If you are using MFA or STS; optional but highly recommended
-export AWS_SESSION_TOKEN=...
+cloudsplaining download
 ```
 
-* Download the account authorization details
+* If you prefer to use your `~/.aws/credentials` file instead of environment variables, you can specify the profile name:
 
 ```bash
-cloudsplaining download
+cloudsplaining download --profile myprofile
 ```
 
-## Additional Details
-
-#### Order of Precedence
-
-* **Environment variables**: The `download` command will first look for the existence of your AWS access keys in environment variables (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN`).
-  - Note: If you do not have AWS_SESSION_TOKEN set and are using static access keys, I highly recommend the use of [aws-mfa](https://github.com/broamski/aws-mfa) for security reasons.
-
-* **Shared Credentials file**:
-  - If those environment variables are not set, it will then use the `default` profile in your `~/.aws/credentials` file, if a different profile name is not provided via the argument `--profile`.
-  - If you specify `--profile all`, it will run the download command recursively for every profile in your `~/.aws/credentials` file.
+It will download a JSON file in your current directory that contains your account authorization detail information.
 
+## Additional Details
 
 ### Required AWS IAM Policy
 

docs/user-guide/scan-account.md

@@ -1,14 +1,40 @@
-# Scanning an Account
+#### Scanning the Authorization Details file
 
-Scan the Account Authorization details file with the following command
+Now that we've downloaded the account authorization file, we can scan *all* of the AWS IAM policies with `cloudsplaining`.
 
+Run the following command:
+
+```bash
+cloudsplaining scan --exclusions-file exclusions.yml --input examples/files/example.json --output examples/files/
 ```
-cloudsplaining scan --input default.json --exclusions-file my-exclusions.yml
-```
 
-* It will generate three files:
-  1. The single-file HTML report
-  2. The triage CSV worksheet, and
-  3. The raw JSON data file
+It will create an HTML report like [this](https://opensource.salesforce.com/cloudsplaining/):
+
+> ![](docs/_images/cloudsplaining-report.gif)
 
 
+It will also create a raw JSON data file:
+
+* `default-iam-results.json`: This contains the raw JSON output of the report. You can use this data file for operating on the scan results for various purposes. For example, you could write a Python script that parses this data and opens up automated JIRA issues or Salesforce Work Items. An example entry is shown below. The full example can be viewed at [examples/output/example-authz-details-results.json](examples/files/iam-results-example.json)
+
+```json
+{
+    "example-authz-details": [
+        {
+            "AccountID": "012345678901",
+            "ManagedBy": "Customer",
+            "PolicyName": "InsecureUserPolicy",
+            "Arn": "arn:aws:iam::012345678901:user/userwithlotsofpermissions",
+            "ActionsCount": 2,
+            "ServicesCount": 1,
+            "Actions": [
+                "s3:PutObject",
+                "s3:PutObjectAcl"
+            ],
+            "Services": [
+                "s3"
+            ]
+        }
+    ]
+}
+```

docs/user-guide/troubleshooting.md

@@ -1,14 +1,13 @@
 # Troubleshooting
 
-### Running the command (Path issues)
-
-* *I followed the installation instructions but can't execute the program via command line. What do I do?*
+**I followed the installation instructions but can't execute the program via command line at all. What do I do?**
 
 This is likely an issue with your PATH. Your PATH environment variable is not considering the binary packages installed by `pip3`. On a Mac, you can likely fix this by entering the command below, depending on the versions you have installed. YMMV.
 
 ```bash
-# Python 3.7
 export PATH=$HOME/Library/Python/3.7/bin/:$PATH
-# Python 3.8
-export PATH=$HOME/Library/Python/3.8/bin/:$PATH
 ```
+
+**I followed the installation instructions but I am receiving a `ModuleNotFoundError` that says `No module named policy_sentry.analysis.expand`. What should I do?**
+
+Try upgrading to the latest version of Cloudsplaining. This error was fixed in version 0.0.10.