trackiam
vault-demo
Our great sponsors
trackiam | vault-demo | |
---|---|---|
5 | 2 | |
278 | - | |
0.4% | - | |
9.8 | - | |
1 day ago | - | |
Go | ||
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
trackiam
-
Plan using ReadOnlyAccess
Is it possible to reasonably plan but not apply with https://github.com/glassechidna/trackiam/blob/master/policies/ReadOnlyAccess.json ?
- Minimal IAM policy for a (read-only) plan on AWS?
- AWS IAM Tracker
-
AWS federation comes to GitHub Actions
Shoutouts to Aidan, he always manages to dig up some real obscure AWS insights!
I can recommend checking out his trackiam project too: https://github.com/glassechidna/trackiam
vault-demo
-
Vault root token using terraform?
GitLab supports jwt. This allows the pipeline job to generate a one time use token to authenticate to vault. Here are a few examples on how to do this. https://gitlab.com/bdowney/vault-demo/-/blob/master/.gitlab-ci.yml
-
AWS federation comes to GitHub Actions
There are a couple approaches. GitLab's JWT token allows custom scripting to interface it to other systems. This demo shows custom integration with Vault (it also demonstrates our native integration - so you have to parse out which code you are looking at): https://gitlab.com/bdowney/vault-demo
Another approach is placing a GitLab runner within AWS and assigning it an IAM role directly. While this isn't as flexible, it is also not as complex to debug why a specific user can't build or deploy a job when another can.
In this scheme, there is potentially a runner per-dev team that has the same exact IAM profile as the dev team.
This can be done using KIAM for EKS runners, or if you are doing docker runners, you can use the "GitLab HA Scaling Runner Vending Machine for AWS EC2 ASG" here: https://gitlab.com/guided-explorations/aws/gitlab-runner-aut...
That last automation is designed to be self-service and can be setup in AWS Service Manager for teams to self-deploy their runners.
The many other benefits to this automation are enumerated here: https://gitlab.com/guided-explorations/aws/gitlab-runner-aut...
What are some alternatives?
aws-runas - aws-runas rewritten in Go
aws-cct - AWS Cost Comparison Tool - Moved to https://gitlab.agodadev.io/partnertech/aws-cct
aws-redis-iam-auth-golang - Using IAM authentication for Redis on AWS
aws
awsdtc - AWS Data Transfer Cost Explorer
gitlab
aws-sdk-go-v2 - AWS SDK for the Go programming language.