Automate AWS IAM Profiles with least privilege #527
dougsillars
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Rather than fight with the AWS console to create access profiles at AWS, or just resigning myself to using profiles with elevated permissions - I wanted to automate a way to generate IAM profiles with the precise access for my apps.
So I built a RunBook. Here's the blog post describing how it works.
https://unskript.com/automate-the-creation-of-least-privileged-aws-security-profiles/
TL;dr -
Using a test IAM account - I ran through all the steps my application will use. These get stored in a cloudtrail log. I can then access the log, parse the usage and generate the precise Iam policy - and attach it to an IAM user.
I can use this IAM user for my application - knowing that it adheres to the Principle of Least Privilege.
And the RunBook is already here in the repository for you to use!!
https://github.com/unskript/Awesome-CloudOps-Automation/blob/master/AWS/IAM_security_least_privilege.ipynb
Beta Was this translation helpful? Give feedback.
All reactions