Automate AWS IAM Profiles with least privilege #527
dougsillars
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Rather than fight with the AWS console to create access profiles at AWS, or just resigning myself to using profiles with elevated permissions - I wanted to automate a way to generate IAM profiles with the precise access for my apps.
So I built a RunBook. Here's the blog post describing how it works.
https://unskript.com/automate-the-creation-of-least-privileged-aws-security-profiles/
TL;dr -
Using a test IAM account - I ran through all the steps my application will use. These get stored in a cloudtrail log. I can then access the log, parse the usage and generate the precise Iam policy - and attach it to an IAM user.
I can use this IAM user for my application - knowing that it adheres to the Principle of Least Privilege.
And the RunBook is already here in the repository for you to use!!
https://github.com/unskript/Awesome-CloudOps-Automation/blob/master/AWS/IAM_security_least_privilege.ipynb
Beta Was this translation helpful? Give feedback.
All reactions