SaaSHub helps you find the best software and product alternatives Learn more →
Top 20 Python Iam Projects
-
awesome-aws
A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.
-
prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
-
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
iambic
IAMbic is Version-Control for IAM. It centralizes and simplifies cloud access and permissions. It maintains an eventually consistent, human-readable, bi-directional representation of IAM in Git.
-
aws-allowlister
Automatically compile an AWS Service Control Policy that ONLY allows AWS services that are compliant with your preferred compliance frameworks.
-
aws-leastprivilege
Generates an IAM policy for the CloudFormation service role that adheres to least privilege.
-
IAM-Deescalate
IAM-Deescalate helps mitigate privilege escalation risk in AWS identity and access management (IAM)
-
-
-
discover-aws-iam-resource-access
A Python script to discover AWS IAM identities (users and roles) with specified access to specified resources.
-
authum
Awesome authentication tool for connecting command line applications to SAML/OIDC identity and service providers
-
action-aws-iam-assume-role
GitHub Action to assume an AWS IAM role via OpenID Connect (OIDC) or a plain old IAM user.
-
iamzero-python
Identity & Access Management simplified and secure for Python scripts and applications.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Ask HN: Cloud security auditing for indie-grade projects? | news.ycombinator.com | 2023-12-04Which cloud provider?
https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.
Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security
ugh access + least privilege on AWS + GCP is really hard
not made easier by the fact that debugging service accounts can sometimes require rebooting boxes or clusters
'cloud traceroute' to discover where exactly the problem is would be amazing
(in fairness there are 'least privilege' tools I haven't tried -- listed below and I recall reading about others)
1. iam access analyzer https://aws.amazon.com/blogs/security/iam-access-analyzer-ma...
2. airiam https://github.com/bridgecrewio/AirIAM
3. policy simulator https://cloud.google.com/policy-intelligence/docs/iam-simula...
Hello everyone! We are working on an open-source IAM-as-code solution called IAMbic, and recently added AWS Service Control Policy support (AWS guardrails, typically used for compliance). IAMbic represents your IAM in Git as YAML Files (called iambic templates). An example repository of templates managed by IAMbic is here. The goal is that you can download IAMbic, and go from your cloud to code in ~10 minutes without needing to write any code yourself. Any changes you make (via clicking in the cloud console, running `terraform apply`, etc) are captured by IAMbic and updated in Git, so you have a running Git history of all IAM changes over time, and Git is an eventually consistent, reliable source of truth for permissions. IAMbic templates are bi-directional, so when you want to manage identities in IAMbic (like cookie-cutter engineering IAM roles or AWS SSO permission sets), You go through a GitOps workflow, get approval, and instruct IAMbic to apply the changes. We have some examples in our IAMOps Philosophy docs. If you want resources to be solely managed by IAMbic, you can instruct IAMbic to prevent drift on these resources. You can also declaratively define temporary access or permissions in the format (Like: "I want userA to have access to the Salesforce app in Okta for 12 hours" or "I want to have S3 permissions to BucketA on the engineering role on the prod AWS account until DATE"). We're really looking for feedback because we want this to be a compelling solution. What are your thoughts? How can we make this better?
Project mention: Krptn: User Auth and Encryption of data at rest, derived from users’ credentials | news.ycombinator.com | 2023-09-12Hello, all!
Encryption and user authentication are crucial to cybersecurity.
Encryption can be implemented at various levels. I believe that handling encryption at the application level is the most secure since it decreases the attack surface. For example, the SQL server doesn’t get to see the plaintext.
Krptn is a piece of software I’m currently building which could be used as a user authentication service, which also handles encryption (at the application level) of the user’s associated data (e.g.: the users’ phone number).
(Krptn only has a Python API right now.)
It would run in the same server instance as your Python code, so no need to host anything new (decreased complexity) - just install the Python module and call the APIs.
For additional security, I designed the system to derive the encryption keys from the users’ credentials. This prevents an attacker who gains access to the database from being able to decrypt all the data since the encryption keys aren’t stored anywhere. Additionally, each user gets an asymmetric keypair. This enables users to share specific pieces of information with each other.
I know that, for many projects, this level of encryption is not required to secure their system and hence not everyone would benefit from using this. But I hope that for the people who do wish to have such security, this project will help.
It would be much appreciated if you would try this out. Please let me know what you think of this! Also please provide some feedback if you have any!
Here is an example Django integration: https://github.com/krptn/djangoExample
Here is an example Flask integration: https://github.com/krptn/flaskExample
GitHub repo: https://github.com/krptn/krypton
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
The latest post mention was on 2023-12-04.
Python Iam related posts
- Krptn: User Auth and Encryption of data at rest, derived from users’ credentials
- AWS Networking Concepts in a Diagram
- Open source IAM-as-code through IAMbic
- Open source IAM-as-code
- Are there any open source tools to centrally manage IAM policies?
- IAMbic, A multi-account identity-centric IaC
- AWS Permission Bouncers: Letting Loose in Dev, Keeping it Tight in Prod
-
A note from our sponsor - SaaSHub
www.saashub.com | 19 Apr 2024
Index
What are some of the best open-source Iam projects in Python? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | awesome-aws | 12,134 |
| 2 | prowler | 9,514 |
| 3 | policy_sentry | 1,938 |
| 4 | PMapper | 1,318 |
| 5 | trailscraper | 761 |
| 6 | AirIAM | 750 |
| 7 | MAMIP | 455 |
| 8 | iambic | 269 |
| 9 | aws-allowlister | 217 |
| 10 | aws-leastprivilege | 109 |
| 11 | IAM-Deescalate | 92 |
| 12 | introspector | 66 |
| 13 | krypton | 47 |
| 14 | aws-iam-utils | 16 |
| 15 | discover-aws-iam-resource-access | 12 |
| 16 | authum | 7 |
| 17 | action-aws-iam-assume-role | 6 |
| 18 | requests-iamauth | 6 |
| 19 | iamzero-python | 4 |
| 20 | sso-setup-automation | 3 |
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com