pike
terratag
pike | terratag | |
---|---|---|
6 | 7 | |
507 | 899 | |
- | 1.4% | |
9.2 | 5.3 | |
8 days ago | 22 days ago | |
Go | Go | |
Apache License 2.0 | Mozilla Public License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pike
-
Top Terraform Tools to Know in 2024
Pike is a tool that analyzes Terraform managed resources and automatically generates the necessary IAM permissions, improving security by ensuring that only the minimum necessary permissions are granted.
- Show HN: Slauth.io (YC S22) – IAM Policy Auto-Generation
-
Open Source Terraform projects - azure focused (open to other providers as well)
I test out the Api the hard way, I make a resource and test it with a role that doesnt have the permissions (see the folder i linked), the Api (with azure anyway) tells you what you lack, azure tends to be simpler with crud permissions than aws. I then have another privilege tole that can update the first with each permission and iterate: https://github.com/JamesWoolfenden/pike/tree/master/terraform/azurerm, i then create the mapping file for that resource and add it. I can show you if you need help - send me an email/message/zoom. If you figure a better way i'm all ears, but this way I can be sure on what permissions are required.
-
Can I generate permissions needed to run a TF script on AWS, GCP or Azure?
You can run my tool pike on your tf to generate iam for aws and gcp. Get it here https://github.com/jamesWoolfenden/pike
- Can I auto-generate AWS IAM policy document based on directory of existing Terraform code so that CI has limited access to what it can deploy?
-
Pike: Tool to determine your IAM requirements from code
I wrote a small tool called Pike. It looks at your TF code and determines and create the IAM policy/Tf resource required to build it. To help you stick to least privilege in your build process. It currently supports a small but growing sub-set of AWS resources, it will support other providers. Use it or ?, but would welcome feedback https://github.com/JamesWoolfenden/pike . Its open source and always will be.
terratag
-
Top Terraform Tools to Know in 2024
Terratag is a tool designed to assign tags or labels to a complete collection of Terraform or Terragrunt files. It enables applying tags or labels to resources within AWS, GCP, and Azure.
- Standardized tags across all Azure resources with terraform
-
List of most useful Terraform open-source tools
Terratag (tagging): https://github.com/env0/terratag (disclaimer, I am CEO at env0)
Documentation:
Cost:Infracost (estimation): https://github.com/infracost/infracostTerratag (tagging): https://github.com/env0/terratag (disclaimer, I am CEO at env0)
- Terratag Open Source
- Terratag
-
DevOps tools you should have on your belt
🏷 Terratag is a CLI tool allowing for tags or labels to be applied across an entire set of Terraform files.
What are some alternatives?
KubeArmor - Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).
NubesGen - Going to production on Azure is only one `git push` away
iamlive - Generate an IAM policy from AWS, Azure, or Google Cloud (GCP) calls using client-side monitoring (CSM) or embedded proxy
yor - Extensible auto-tagger for your IaC files. The ultimate way to link entities in the cloud back to the codified resource which created it.
aztfy - A tool to bring existing Azure resources under Terraform's management [Moved to: https://github.com/Azure/aztfexport]
infracost-atlantis - Atlantis integration for Infracost. Shows cloud cost estimates for Terraform in pull requests.
terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. [Moved to: https://github.com/tenable/terrascan]
terracognita - Reads from existing public and private cloud providers (reverse Terraform) and generates your infrastructure as code on Terraform configuration
awesome-tf - Curated list of resources on HashiCorp's Terraform and OpenTofu
personal-zero-trust-hashicorp-vault - Cloudflare for Teams + HashiCorp Vault = Zero Trust Love
terraforming - Export existing AWS resources to Terraform style (tf, tfstate) / No longer actively maintained
azure-fun-bytes - HashiCorp and Microsoft Teams Up For Maximum Fun! No Slacking guarantee! Positive Outlook.