iamlive
dark
iamlive | dark | |
---|---|---|
30 | 43 | |
2,952 | 1,607 | |
- | 1.1% | |
6.2 | 9.9 | |
2 months ago | 2 days ago | |
Go | F# | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
iamlive
-
Why has AWS made IAM Actions impossible to find?
Also things like this (same guy) if you have a sandbox to play in with wider permissions and are trying to build a more scoped profile: https://github.com/iann0036/iamlive
- iann0036/iamlive: Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
-
Why Companies Still Struggle with Least Privilege in the Cloud?
I know there is a tool called iamlive that logs all API calls on your local machine. So you can run commands as an admin user locally while this is running, and find out what permissions were needed. Then you tear down the infra you just deployed, and add those same permissions to a service user of some kind (e.g. a CICD role) to avoid over-privileging it. It's messy but it can be helpful.
-
AWS Creates New Policy-Based Access Control Language Cedar
actually Ian (aws hero) has a tool that does exactly this
https://github.com/iann0036/iamlive
- Permissions Map
- iamlive
-
Show HN: Slauth.io (YC S22) – IAM Policy Auto-Generation
I have used https://github.com/iann0036/iamlive with great success in the past. On high level, the approach you are describing is iamlive on steroids and UX improved.
Kudos on launch, will check your beta
- IAM Live
-
Pike: Tool to determine your IAM requirements from code
Thanks! Permissions are determined per resource or datasource. There's no easy way that I had found, especially if you want this done statically, https://github.com/iann0036/iamlive does it by inspecting your api calls but there's always a look up somewhere. Hopefully ill manage to get a few community contributions and get the ball rolling, i've made it as easy as I could to add support for other resources without you even really having to know golang.
-
The End of CI
IAM isn’t fun, but there’s lots of options.
https://pypi.org/project/access-undenied-aws/ will allow you to start with least privilege and fix specific issues.
https://github.com/iann0036/iamlive allows an admin to perform the action via CLI and capture the policy.
Access advisor can inspect how you actually use the role and give suggestions on what to remove.
A more helpful suggestion is to experiment with these tools and then find gaps in IAM actions and submit those as feature requests via your TAM.
dark
- Darklang
-
WASM_of_OCaml
Yes. Darklang was originally in OCaml using js_of_ocaml, and we ported it to F# using Blazor (https://github.com/darklang/dark/tree/main/backend/src/Wasm). It works.
We found that in dotnet 6, the code was much slower, with long startup times and a much bigger download, than in js_of_ocaml. It also had a lot of issues in running in a Webworker, which wasn't the case for js_of_ocaml.
In dotnet 7, the webworker issues are better and AOT is easier, so startup is faster. Download sizes are still bad, and it's still slower than js_of_ocaml.
However, dotnet allows almost any code to run in WASM, which js_of_ocaml had large limitations. This meant a decent chunk of functionality had to be worked around to make separate js vs native targets, which also was a massive pain and took a long time. Dune's virtual targets wasn't ready at the time - I think we were one of the test cases for it.
-
It's so unfortunate they decided to go with the Clojure/Haskell type syntax, as opposed to something friendlier like Elixir. A lot of people will not even try this language as a result. [Unison]
Why should I use this instead of https://darklang.com/
-
Cloud, Why So Difficult?
First it was probably Dark. They made a lot of noise some years ago, but then I never heard of them again (looking at their current website, looks like they moved on to AI now, obviously).
-
New open-source programming language for DevOps engineers by the creator of the CDK
Reminds me of Darklang. Personally, I don't think vendoring cloud services into a language is going to be beneficial. I'm curious how the language deals with vendor updates. Do I have to upgrade the language then? If so, I see a lot conflicts coming from this. Then it comes down to Javascript or HCL, the HCL bit makes me think that the below statement is not as truthy as it is on the surface:
-
Darklang Release 9
We still don't have all that many users (~100 active), so I'm not sure you'll find an answer here. But we collect that sort of feedback publicly, which might answer your question: https://github.com/darklang/dark/discussions/categories/feed...
-
Making Something Waspy: A Review Of Wasp
I wish I could remember what took me to YCombinator's website on the 10th of October, 2022. That was when I first heard about Wasp and another language called DarkLang. After I learned about Wasp, I was intrigued and curious to know how it works, which led me to join the discord server the next day.
-
Using Rust at a Startup: A Cautionary Tale
Some languages that try to integrate an HTTP server and a database:
Ur/Web: http://impredicative.com/ur/
Dark (Darklang): https://darklang.com/
-
The Current State of Infrastructure From Code
There are others in this space I did not assess like Encore, Shuttle, Modal, and Dark. These were not assessed for the sake of time. If you're interested in IfC, I encourage you to take a look at these others.
-
Finally, we have support for negative numbers!
Oh, finally! I was waiting to build my serverless CRUD webapp in Dark (OCaml + JavaScript and Fsharp?) until they had support for returning negative numbers on a GET request!
What are some alternatives?
aws-leastprivilege - Generates an IAM policy for the CloudFormation service role that adheres to least privilege.
nvim-ts-rainbow - Rainbow parentheses for neovim using tree-sitter. Use https://sr.ht/~p00f/nvim-ts-rainbow instead
consoleme - A Central Control Plane for AWS Permissions and Access
Bracket-Pair-Colorizer-2 - Bracket Colorizer Extension for VSCode
policy_sentry - IAM Least Privilege Policy Generator
unison - A friendly programming language from the future
iamzero - Identity & Access Management simplified and secure.
nanos - A kernel designed to run one and only one application in a virtualized environment
iamlive-lambda-extension - Lambda Extension for iamlive
liquibase - Main Liquibase Source
trailscraper - A command-line tool to get valuable information out of AWS CloudTrail
terraform-cdk - Define infrastructure resources using programming constructs and provision them using HashiCorp Terraform