pike
terrascan
Our great sponsors
pike | terrascan | |
---|---|---|
6 | 1 | |
499 | 3,324 | |
- | - | |
9.3 | 10.0 | |
7 days ago | over 1 year ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pike
-
Top Terraform Tools to Know in 2024
Pike is a tool that analyzes Terraform managed resources and automatically generates the necessary IAM permissions, improving security by ensuring that only the minimum necessary permissions are granted.
- Show HN: Slauth.io (YC S22) – IAM Policy Auto-Generation
-
Open Source Terraform projects - azure focused (open to other providers as well)
I test out the Api the hard way, I make a resource and test it with a role that doesnt have the permissions (see the folder i linked), the Api (with azure anyway) tells you what you lack, azure tends to be simpler with crud permissions than aws. I then have another privilege tole that can update the first with each permission and iterate: https://github.com/JamesWoolfenden/pike/tree/master/terraform/azurerm, i then create the mapping file for that resource and add it. I can show you if you need help - send me an email/message/zoom. If you figure a better way i'm all ears, but this way I can be sure on what permissions are required.
-
Can I generate permissions needed to run a TF script on AWS, GCP or Azure?
You can run my tool pike on your tf to generate iam for aws and gcp. Get it here https://github.com/jamesWoolfenden/pike
- Can I auto-generate AWS IAM policy document based on directory of existing Terraform code so that CI has limited access to what it can deploy?
-
Pike: Tool to determine your IAM requirements from code
I wrote a small tool called Pike. It looks at your TF code and determines and create the IAM policy/Tf resource required to build it. To help you stick to least privilege in your build process. It currently supports a small but growing sub-set of AWS resources, it will support other providers. Use it or ?, but would welcome feedback https://github.com/JamesWoolfenden/pike . Its open source and always will be.
terrascan
-
Defender for DevOps on GitHub (Terrascan edition)
As mentioned MSDO features a few different tools (I will cover some of the other tools in a future blog post), but I want to concentrate on a specific tool today called Terrascan which is part of the MSDO toolkit.
What are some alternatives?
KubeArmor - Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).
cloudknit - Self-service management of complex Cloud Environments
iamlive - Generate an IAM policy from AWS, Azure, or Google Cloud (GCP) calls using client-side monitoring (CSM) or embedded proxy
klotho - Klotho - write AWS applications at lightning speed
aztfy - A tool to bring existing Azure resources under Terraform's management [Moved to: https://github.com/Azure/aztfexport]
aws-sso-cli - A powerful tool for using AWS Identity Center for the CLI and web console.
yatas - :owl::mag_right: A simple tool to audit your AWS/GCP infrastructure for misconfiguration or potential security issues with plugins integration
MSDO-Lab - Microsoft Security DevOps (MSDO) Lab for testing Defender for DevOps integration on Azure.
terraform-provider-checkly - Terraform provider for the Checkly monitoring service
Netris.ai - The Kubernetes Operator for Netris
userdata-decoder-3000 - Decodes cloud instance startup data. It works with AWS and handles both cloud-init and plain text formats.
cloud-concierge - Codify resources outside of Terraform control, detect drift, estimate cloud costs, identify security risks, and more. "Terraform best practices as a Pull Request."