Repokid

Free

1 saves

Updated 11 March 2025

Repokid uses Access Advisor provided by Aardvark to remove permissions granting access to unused services from the inline policies of IAM roles in an AWS account. Getting Started: - Install mkvirtualenv repokid - git clone git@github.com:Netflix/repokid.git - cd repokid - pip install -e . - repokid config config.json DynamoDB: - You will need a DynamoDB table called repokid_roles (specify account and endpoint in dynamo_db in config file). - The table should have RoleId (string) as a primary partition key, no primary sort key. - A global secondary index named Account with a primary partition key of Account and RoleId and Account as projected attributes. - A global secondary index named RoleName with a primary partition key of RoleName and RoleId and RoleName as projected attributes. - For development, you can run dynamo locally. To run locally: docker-compose up. The endpoint for DynamoDB will be http://localhost:8000. A DynamoDB admin panel can be found at http://localhost:8001. If you run the development version the table and index will be created for you automatically. IAM Permissions: - Repokid needs an IAM Role in each account that will be queried.

FEATURES

The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.

EXPLORE BY TAGS

Aws

Aws Config

Aws Security

Iam

Security Audit

Security Automation

SIMILAR TOOLS

Okta Customer Identity Cloud

Okta Customer Identity Cloud is a CIAM solution that provides secure, customizable identity management for consumer and SaaS applications.

Commercial

IAM

CredStash

CredStash is a tool for managing and securely storing credentials.

Free

IAM

helm-secrets

Helm plugin for decrypting encrypted Helm value files on the fly and integrating with cloud native secret managers.

Free

IAM

Gatekeeper Library by Psecio

A simple drop-in library for managing users, permissions, and groups in your application.

Free

IAM

Active Directory Security

A comprehensive resource for securing Active Directory, including attack methods and effective defenses.

Free

IAM

Chamber

Chamber is a tool for managing secrets that utilizes AWS SSM Parameter Store.

Free

IAM

BeyondTrust Privileged Access Management (PAM)

BeyondTrust Privileged Access Management (PAM) provides comprehensive security controls for privileged accounts and users.

Free

IAM

cred_scanner

A tool for finding AWS credentials in files, optimized for Jenkins integration.

Free

IAM

AWS IAM Privilege Escalation Methods

An attacker can create a new IAM policy version and set it as the default version without requiring the iam:SetDefaultPolicyVersion permission.

Free

IAM

PINNED

Mandos

Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Consulting

Checkmarx SCA

A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Application Security

Orca Security

A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

Cloud Security

DryRun

A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.

Application Security