Iam

A Terraform module that establishes security baseline configurations for AWS accounts based on CIS benchmarks and AWS security best practices.

A GitHub action that lints AWS IAM policy documents to identify security issues and misconfigurations with configurable severity levels and custom rules.

Cloud Inquisitor is an AWS security tool that monitors resource ownership, detects domain hijacking, verifies security services, and manages IAM policies across multiple accounts.

CloudMapper is an AWS security analysis tool that audits configurations, identifies misconfigurations, analyzes IAM policies, finds unused resources, and provides network visualization capabilities.

kube2iam provides IAM credentials to Kubernetes containers by intercepting EC2 metadata API calls and retrieving temporary AWS credentials based on pod annotations.

Documentation of an AWS IAM privilege escalation technique that exploits the iam:CreatePolicyVersion permission to gain elevated access through policy manipulation.

SkyArk is a cloud security scanning tool that identifies privileged entities in AWS and Azure environments to help mitigate Cloud Shadow Admin threats.

A NodeJS/TypeScript library that generates IAM Policy Actions Statements for AWS services with predefined constants and factory classes for AWS CDK integration.

SkyWrapper analyzes temporary token behaviors in AWS accounts to detect suspicious activities and generates Excel reports with findings summaries.

Kiam is a Kubernetes agent that allows Pods to assume AWS IAM roles, though it is being deprecated in favor of AWS' official IAM roles for Service Accounts solution.

OpenIAM offers a unified identity governance platform featuring CIAM, MFA, and PAM integration.

ASH is an automated security scanning tool that integrates multiple open-source security scanners to perform preliminary security checks on code, infrastructure, and IAM configurations during development.

Principal Mapper is a Python tool that models AWS IAM configurations as directed graphs to identify privilege escalation risks and alternative attack paths in AWS environments.

A CLI tool for generating AWS IAM policy documents, SAM policy templates, and SAM Connectors using JSON definitions from the AWS Policy Generator.

An AWS IAM security assessment tool that identifies least privilege violations and generates risk-prioritized reports for IAM policy remediation.

IAM Floyd is a code generation tool that provides a fluent interface for creating AWS IAM policy statements with comprehensive service coverage and CDK integration support.

ConsoleMe is a web service that simplifies AWS IAM permissions and credential management across multiple accounts through self-service workflows and centralized administration.

AirIAM analyzes AWS IAM usage patterns and generates least-privilege Terraform configurations to optimize cloud access management.

A graph-based tool for visualizing AWS access permissions and resource relationships to identify potential attack paths and privilege escalation opportunities.

A CLI utility that simplifies switching between different AWS roles by automatically managing AWS credentials file modifications.

A command-line tool that performs automated IAM policy security linting across AWS accounts and organizations using AWS Access Analyzer validation.

CloudTracker analyzes CloudTrail logs against IAM policies to identify over-privileged AWS users and roles by comparing actual permission usage with granted permissions.

A proof of concept for using the SSM Agent in Fargate for incident response

Zeus is an AWS security auditing and hardening tool that evaluates cloud configurations against CIS benchmarks and can automatically apply recommended security settings.