AirIAM is an AWS IAM optimization framework that analyzes existing IAM usage patterns to generate least-privilege Terraform configurations. The tool scans current IAM implementations across AWS environments to identify actual permission usage and access patterns. It compiles this usage data to understand which permissions are actively utilized versus those that are granted but unused. Based on this analysis, AirIAM generates right-sized Terraform code that implements least-privilege access controls. The generated Terraform plans replace existing IAM management methods with infrastructure-as-code approaches. The framework enables organizations to migrate from over-privileged IAM configurations to properly scoped permissions while maintaining operational functionality. It integrates IAM management into standard infrastructure provisioning workflows. AirIAM supports tracking and auditing of IAM changes through version-controlled Terraform code. This allows administrators to review, approve, and deploy IAM modifications using established development processes.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A PHP OAuth 2.0 authorization server implementation with support for various grants and RFCs.
Policy Sentry is an automated IAM policy generator that helps developers create least privilege AWS IAM policies through a template-based workflow.
Encrypt Kubernetes Secrets into SealedSecrets for safe storage and controlled decryption within the cluster.
A list of Windows privilege escalation techniques, categorized and explained in detail.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.