37 tools and resources
A platform that helps companies automate the management of their SaaS identities and applications, providing visibility, security, and compliance across the organization's SaaS ecosystem.
A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies
Identify AWS IAM permissions by brute-forcing API calls.
Securely store and access AWS credentials in a development environment.
Automate actions on Security Command Center findings with automated disk snapshots, IAM grant revocation, and more.
A tool that generates least privilege IAM policies for AWS services
A CLI tool to simplify the use of AWS Systems Manager Session Manager
A Lambda Function that disables AWS IAM User Access Keys after a set amount of time to reduce the risk associated with old access keys.
Lists AWS resources using the AWS Cloud Control API and writes them to a JSON output file.
A community-driven list of sample security analytics for auditing cloud usage and detecting threats in Google Cloud.
IAM Zero detects IAM issues and suggests least-privilege policies for AWS and other cloud platforms.
A library utilizing Z3 prover to analyze AWS IAM policies.
Repokid uses Access Advisor to remove unused service permissions from IAM roles in AWS.
A tool for identifying security issues in CloudFormation templates.
Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made, as well as regions, IP addresses and user agents they used.
Collection of scripts and resources for DevSecOps, Security Automation and Automated Incident Response Remediation.
Centralized workforce identity management for AWS applications.
A Terraform module to set up a secure AWS account configuration baseline
Github action for linting AWS IAM policy documents.
A security tool that monitors AWS objects for ownership attribution, detects domain hijacking, and verifies security services.
Redirects EC2 metadata API traffic to a container that retrieves temporary AWS credentials and proxies other calls to the EC2 metadata API.
An attacker can create a new IAM policy version and set it as the default version without requiring the iam:SetDefaultPolicyVersion permission.
Tool for visualizing and analyzing control paths in Active Directory to determine access privileges and permissions.
A NodeJS/Typescript library for generating IAM Policy Actions Statements for AWS CDK with predefined constants and a factory class.
Open-source tool for analyzing AWS temporary tokens to detect malicious activity.
Tool for associating IAM roles to Pods in Kubernetes clusters.
OpenIAM offers a unified identity governance platform featuring CIAM, MFA, and PAM integration.
A script and library for identifying risks in AWS IAM configuration
AWS IAM Security Assessment tool for identifying violations of least privilege and generating risk-prioritized reports.
Tool for generating AWS IAM policy statements with a fluent interface.
A web service for easier AWS IAM permissions and credential management with various login methods and IAM Self-Service Wizard.
AirIAM is an AWS IAM to least privilege Terraform execution framework that compiles AWS IAM usage and leverages that data to create a least-privilege IAM Terraform.
An AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources.
Runs IAM policy linting checks against AWS accounts to identify security best practices and policy errors.
CloudTracker helps identify over-privileged IAM users and roles by analyzing CloudTrail logs.
A proof of concept for using the SSM Agent in Fargate for incident response
Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices with a focus on Identity and Access Management.
