99designs/iamy 99designs/iamy

  • Stars
    star
    238
  • Rank 169,306 (Top 4 %)
  • Language
    Go
  • License
    MIT License
  • Created over 9 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
99designs/iamy
github

99designs

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A cli tool for importing and exporting AWS IAM configuration to YAML files

IAMy

IAMy is a tool for dumping and loading your AWS IAM configuration into YAML files.

This allows you to use an Infrastructure as Code model to manage your IAM configuration. For example, you might use a github repo with a pull request model for changes to IAM config.

How it works

IAMy has two subcommands.

pull will sync IAM users, groups and policies from AWS to YAML files

push will sync IAM users, groups and policies from YAML files to AWS

For the push command, IAMy will output an execution plan as a series of aws cli commands which can be optionally executed. This turns out to be a very direct and understandable way to display the changes to be made, and means you can pick and choose exactly what commands get actioned.

Getting started

You can install IAMy on macOS with brew install iamy, or with the go toolchain go get -u github.com/99designs/iamy.

Because IAMy uses the aws cli tool, you'll want to install it first.

For configuration, IAMy uses the same AWS environment variables as the aws cli. You might find aws-vault an excellent complementary tool for managing AWS credentials.

Example Usage

$ iamy pull

$ find .
./myaccount-123456789/iam/user/joe.yml

$ mkdir -p myaccount-123456789/iam/user/foo

$ touch myaccount-123456789/iam/user/foo/bar.baz

$ cat << EOD > myaccount-123456789/iam/user/billy.blogs
Policies:
- arn:aws:iam::aws:policy/ReadOnly
EOD

$ iamy push
Commands to push changes to AWS:
        aws iam create-user --path /foo --user-name bar.baz
        aws iam create-user --user-name billy.blogs
        aws iam attach-user-policy --user-name billy.blogs --policy-arn arn:aws:iam::aws:policy/ReadOnly

Exec all aws commands? (y/N) y

> aws iam create-user --path /foo --user-name bar.baz
> aws iam create-user --user-name billy.blogs
> aws iam attach-user-policy --user-name billy.blogs --policy-arn arn:aws:iam::aws:policy/ReadOnly

Accurate cloudformation matching

By default, iamy will use a simple heuristic (does it end with an ID, eg -ABCDEF1234) to determine if a given resource is managed by cloudformation.

This behaviour is good enough for some cases, but if you want slower but more accurate matching pass --accurate-cfn to enumerate all cloudformation stacks and resources to determine exactly which resources are managed.

Inspiration and similar tools

More Repositories

1

gqlgen

go generate based graphql server library
Go
9,940
star
2

aws-vault

A vault for securely storing and accessing AWS credentials in development environments
Go
8,472
star
3

colorific

Automatic color palette detection
Python
699
star
4

keyring

Go library providing a uniform interface across a range of secure credential stores
Go
579
star
5

phumbor

A minimal PHP helper for Thumbor
PHP
120
star
6

gqlgen-contrib

Add-ons for gqlgen
Go
85
star
7

cmdstalk

beanstalkd broker; run jobs as unix commands.
Go
73
star
8

aws-ecr-gc

Garbage collector for Amazon ECR docker registry
Go
48
star
9

http-signatures-php

Sign and verify PSR-7 HTTP messages in PHP.
PHP
44
star
10

goodies

A grab-bag of useful Go helper libraries
Go
32
star
11

ergo

A lightweight php5 library for request/response routing, controllers and http interaction.
PHP
29
star
12

httpsignatures-go

A golang http-signatures library
Go
28
star
13

clouddetect

Go package for resolving IP addresses back to published cloud provider public ranges
Go
27
star
14

gqlgen-workshop

Source for a workshop on generating GraphQL servers with gqlgen
Go
24
star
15

thumbor_botornado

Thumbor S3 backend based on botornado async client.
Python
21
star
16

http-signatures-ruby

Sign and verify HTTP messages in Ruby.
Ruby
21
star
17

basicauth-go

HTTP basic auth middleware for golang
Go
19
star
18

telemetry

Golang application monitoring middleware
Go
18
star
19

http-signatures-guzzlehttp

Guzzle 6 support for 99designs http-signatures library
PHP
12
star
20

simpletest

Unit testing, mock objects and web testing framework for PHP built around test cases.
PHP
11
star
21

ecs-upload-task

Upload an ecs task definition and optionally deploy it
Go
11
star
22

httpforwarder

Asynchronously forward HTTP requests
Go
10
star
23

protobuf-playground

Playground and generated docs for Protobuf files
TypeScript
8
star
24

php-desk

PHP client for desk.com API
PHP
7
star
25

dddk

Datadog Development Kit
TypeScript
7
star
26

smartling

Smartling is a library and cli tool for managing Smartling projects
Go
6
star
27

capistrano-rightscale

A Capistrano extension that maps Rightscale tags to Roles
Ruby
4
star
28

rightsignature-php

PHP wrapper around the RightSignature API
PHP
4
star
29

relax

A library for consuming simple REST services in PHP5.
PHP
3
star
30

silex-assets

An asset pipeline for Silex orchestrated by make
PHP
3
star
31

sera

A library for queuing and executing php5 tasks
PHP
3
star
32

http-signatures-guzzle

Guzzle 3 support for 99designs http-signatures library
PHP
2
star
33

cliph

A PHP5.3 library for testable CLI applications
PHP
2
star
34

scopecheck

Go linter checking access to a captured closure var when a closer one is available
Go
2
star
35

twirfony

Symfony support for Twirp
PHP
2
star
36

ergo-http

Http utils extracted from https://github.com/99designs/ergo
PHP
1
star
37

dddk-init

Scaffolding for dddk
TypeScript
1
star
38

sipht

A PHP client for the Sift Science REST API
PHP
1
star