Our great sponsors
-
slauth-cli
CLI that scans directories for Cloud Provider SDK usage generates the IAM Policies/Permissions needed
-
Puts Debuggerer
Ruby library for improved puts debugging, automatically displaying bonus useful information such as source line number and source code.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Hi HN, We're Daniel and Bruno and working on [Slauth.io]([https://slauth.io/](https://slauth.io/)). Slauth.io is a CLI to auto-generate secure IAM policies for AWS, and GCP (Azure in the next few days!). We enable development teams to speed up creating secure policies and reduce over-permissive policies being deployed to the cloud.
Check out the [video](https://www.loom.com/share/bd02211659eb4c7f9b335e34094b57cb?...) or give our open-source CLI a try with one of the sample repo's on [GitHub]([https://github.com/slauth-io/slauth-cli](https://github.com/...)
We got into the cloud access market by coincidence and were amazed by the amount of money spent on IAM. Current tooling such as [Ermetic.com]([http://Ermetic.com](http://ermetic.com/)) and [Wiz.io]([http://Wiz.io](http://wiz.io/)) visualize IAM misconfigurations post deployment but don't actually change engineering behavior, leaving organizations in a constant loop of engineers deploying over-permissive policies ⇒ security engineers/CISO's getting alerts ⇒ Jira tickets created begging developers to remediate ⇒ New over-permissive policies being deployed again.
We interviewed hundreds of developers and DevOps engineers and discovered two key pain points:
1. *IAM is a Hassle:* Developers despise dealing with IAM intricacies.
Hi HN, We're Daniel and Bruno and working on [Slauth.io]([https://slauth.io/](https://slauth.io/)). Slauth.io is a CLI to auto-generate secure IAM policies for AWS, and GCP (Azure in the next few days!). We enable development teams to speed up creating secure policies and reduce over-permissive policies being deployed to the cloud.
Check out the [video](https://www.loom.com/share/bd02211659eb4c7f9b335e34094b57cb?...) or give our open-source CLI a try with one of the sample repo's on [GitHub]([https://github.com/slauth-io/slauth-cli](https://github.com/...)
We got into the cloud access market by coincidence and were amazed by the amount of money spent on IAM. Current tooling such as [Ermetic.com]([http://Ermetic.com](http://ermetic.com/)) and [Wiz.io]([http://Wiz.io](http://wiz.io/)) visualize IAM misconfigurations post deployment but don't actually change engineering behavior, leaving organizations in a constant loop of engineers deploying over-permissive policies ⇒ security engineers/CISO's getting alerts ⇒ Jira tickets created begging developers to remediate ⇒ New over-permissive policies being deployed again.
We interviewed hundreds of developers and DevOps engineers and discovered two key pain points:
1. *IAM is a Hassle:* Developers despise dealing with IAM intricacies.
that's a false dichotomy. there are approaches to this problem that are powered by neither humans nor LLMs -- see https://github.com/Netflix/Repokid as an example
Why are you using (very expensive) GPT, or any LLM for that matter, when this was already a solved problem using rulesets? Netflix for example has open source that does this already: https://github.com/Netflix/consoleme
Instead of analyzing your code, you just run your code with no permissions and it automatically detects permission failures and thens open those permissions, with a UI showing you what it did so you can remove any permissions you don't want.
That actually seems much more secure than trying to divine the rules from reading the code.
What value is the LLM adding here?
Related posts
- Cloudsplaining - AWS IAM Security Assessment Tool
- AWS open source news and updates #81
- AWSXenos will list all the trust relationships in all the IAM roles and S3 buckets
- AWSXenos will detect and classify all the cross account trust relationships in all the IAM roles and S3 buckets, in you AWS Account.
- AWSXenos will detect and classify all the cross account trust relationships in all the IAM roles and S3 buckets, in you AWS Account.