IAM

Policy Sentry is an automated IAM policy generator that helps developers create least privilege AWS IAM policies through a template-based workflow.

A Lambda function that automatically disables AWS IAM User Access Keys after a specified time period to reduce security risks from aging credentials.

Aaia visualizes AWS IAM and Organizations data in Neo4j graph format to help identify security outliers and conduct privilege escalation analysis through Cypher queries.

Certbot is a free tool for automatically enabling HTTPS on websites using Let's Encrypt certificates.

IAM Zero detects identity and access management issues and automatically suggests least-privilege policies by analyzing application errors and access patterns in cloud environments.

IAMSpy is a library that uses the Z3 prover to analyze AWS IAM policies and query whether specific actions are allowed or denied.

GPG Sync is a tool designed to keep OpenPGP public keys up-to-date within an organization by offloading the complexity of key management to a single trusted person.

This tutorial describes how to set up two-factor authentication for an SSH server by integrating Google Authenticator with OpenSSH.

Repokid automatically removes unused service permissions from AWS IAM role inline policies using Access Advisor data to implement least privilege access.

A Certificate Transparency log monitor that alerts users when SSL/TLS certificates are issued for their domains, helping detect unauthorized certificate issuance and potential security threats.

Centralized workforce identity management for AWS applications.

A PHP OAuth 2.0 authorization server implementation with support for various grants and RFCs.

A command-line password manager that encrypts credentials using GnuPG and stores them in YAML files with git synchronization support.

Crt.sh is a website that allows users to search for SSL/TLS certificates of a targeted domain, providing transparency into certificate logs.

Provision, manage, and renew SSL/TLS certificates for your AWS resources with AWS Certificate Manager.

Secure and manage passwords across devices with Bitwarden's open-source, encrypted password manager.

Project hosting scripts for implementing Pass the Hash mitigations with PtHTools module commands.

kube2iam provides IAM credentials to Kubernetes containers by intercepting EC2 metadata API calls and retrieving temporary AWS credentials based on pod annotations.

An automated script that configures Active Directory domains using customizable XML configuration files.

A tool for analyzing and visualizing control relationships and privilege escalation paths within Active Directory environments using graph-based representations.

A NodeJS/TypeScript library that generates IAM Policy Actions Statements for AWS services with predefined constants and factory classes for AWS CDK integration.

BeyondTrust Privileged Access Management (PAM) provides comprehensive security controls for privileged accounts and users.

A Helm plugin that decrypts encrypted value files using sops encryption and integrates with cloud secret managers for secure secrets management in Kubernetes deployments.

Kiam is a Kubernetes agent that allows Pods to assume AWS IAM roles, though it is being deprecated in favor of AWS' official IAM roles for Service Accounts solution.