iamfast v0.2.22

iamfast

Generate least privileged AWS IAM policies by analysing application code.

Installation

npm i -g iamfast

You can also install iamfast as a Visual Studio Code extension.

Usage

Execute iamfast with the first argument being the file or directory to be scanned.

iamfast yourfile.js

iamfast supports the following programming languages:

• JavaScript (v2/v3 SDK)
• Python 3 (Boto3 SDK)
• Go (v1/v2 SDK)
• Java (v2 SDK)

The following programming languages are planned:

• PHP (v3 SDK)
• C/C++ (v1 SDK)
• Rust (v1 SDK)
• .NET/C# (v3/v4 SDK)
• Ruby (v1 SDK)

Optional Flags

--format <format>: Sets the format of the output, currently supporting json (default), yaml, hcl and sam

--inclusions <mode>: Specify the mode for external code inclusions, currently supporting file (default), project, organization, external and all

--context <mode>: Specify the mode for contextual information, used for account ID, region etc., currently supporting none (default) and local

--profile <name>: The profile to use for contextual information

Example

> cat tests/js/test1.js
// Load the AWS SDK for Node.js
var AWS = require('aws-sdk');
// Set the region 
AWS.config.update({region: 'us-east-1'});

// Create the DynamoDB service object
var ddb = new AWS.DynamoDB({apiVersion: '2012-08-10'});

var params = {
  TableName: 'CUSTOMER_LIST',
  Item: {
    'CUSTOMER_ID' : {N: '001'},
    'CUSTOMER_NAME' : {S: 'Richard Roe'}
  }
};

// Call DynamoDB to add the item to the table
ddb.putItem(params, function(err, data) {
  if (err) {
    console.log("Error", err);
  } else {
    console.log("Success", data);
  }
});

> iamfast tests/js/test1.js
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "dynamodb:PutItem",
            "Resource": [
                "arn:aws:dynamodb:us-east-1:123456789012:table/CUSTOMER_LIST"
            ]
        }
    ]
}