The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 23 Iam Open-Source Projects
-
casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN
-
awesome-aws
A curated list of awesome Amazon Web Services (AWS) libraries, open source repos, guides, blogs, and other resources. Featuring the Fiery Meter of AWSome.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
prowler
Prowler is an Open Source Security tool for AWS, Azure, GCP and Kubernetes to do security assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAMP, PCI-DSS, GDPR, HIPAA, FFIEC, SOC2, GXP, Well-Architected Security, ENS and more
-
my-arsenal-of-aws-security-tools
List of open source tools for AWS security: defensive, offensive, auditing, DFIR, etc.
-
Pomerium
Pomerium is an identity and context-aware reverse proxy for zero-trust access to web applications and services.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
iamlive
Generate an IAM policy from AWS, Azure, or Google Cloud (GCP) calls using client-side monitoring (CSM) or embedded proxy
-
warrant
Warrant is a highly scalable, centralized authorization service based on Google Zanzibar, used for defining, querying, and auditing application authorization models and access control rules.
-
iam-policy-json-to-terraform
Small tool to convert an IAM Policy in JSON format into a Terraform aws_iam_policy_document
-
ssh-over-ssm
SSH over AWS SSM. No bastions or public-facing instances. SSH user management through IAM. No requirement to store SSH keys locally or on server.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
https://casbin.org/ (multiple approaches, multiple languages, provider) Open source authZ library that has support for many access control models (ACL, RBAC, ABAC, …) and many languages (Go, Java, Node.js, JS, Rust, …). While somewhat complex, it is also powerful and flexible. They also have their Casdoor platform, which is authN and authZ provider.
Project mention: Ask HN: Cloud security auditing for indie-grade projects? | news.ycombinator.com | 2023-12-04Which cloud provider?
https://github.com/prowler-cloud/prowler is easy to get going with, and gives decent results. It's much stronger at AWS than GCP or Azure.
Steampipe can be a little harder to wrap your head around, but scales really well and has broader support: https://hub.steampipe.io/mods?objectives=security
Undying fondness for aws-vault to securely cache my session credentials.
Option 3: Pomerium might be an alternative as well.
Also things like this (same guy) if you have a sandbox to play in with wider permissions and are trying to build a more scoped profile: https://github.com/iann0036/iamlive
Project mention: A Step-by-Step Guide to Easily Deploying EKS Infrastructure and Applications Using Terraform | dev.to | 2024-02-04curl -Lo aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v0.5.9/aws-iam-authenticator_0.5.9_linux_amd64 chmod +x ./aws-iam-authenticator mkdir -p $HOME/bin && cp ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator && export PATH=$PATH:$HOME/bin echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc
Check this: https://github.com/kanidm/kanidm/ Maybe not production ready, but looks very promising
Project mention: Why use OpenID Connect instead of plain OAuth2? | news.ycombinator.com | 2023-06-27You can start with: https://github.com/kdeldycke/awesome-iam . But beware of the rabbit hole!
Project mention: Recommendations for a better way to grant access in K8s on a granular level? | /r/kubernetes | 2023-09-05Check out https://infrahq.com. I saw the founder give a talk at the Civo conference in Feb.
Project mention: A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev | dev.to | 2024-02-05Warrant — Hosted enterprise-grade authorization and access control service for your apps. The free tier includes 1 million monthly API requests and 1,000 authz rules.
Project mention: Ask HN: How do you manage many profiles and credentials for cloud tooling? | news.ycombinator.com | 2023-10-03You're going to love https://granted.dev. It can be extended further, as we've done internally: https://www.duckbillgroup.com/blog/overhauling-aws-account-a...
Project mention: Push code with GitHub Actions to Google Cloud’s Artifact Registry | dev.to | 2024-04-10This workflow will authenticate with Google Cloud using the Google Cloud auth GitHub Action and use Docker to authenticate and push to the registry. To make this workflow work (or flow?) we need to set up some Google Cloud resources and add in those values for our environment variables. Make sure to add in the value for PROJECT_ID where you have permission to create resources. The value for IMAGE_NAME can be anything — it’ll be created the first time this workflow runs:
ugh access + least privilege on AWS + GCP is really hard
not made easier by the fact that debugging service accounts can sometimes require rebooting boxes or clusters
'cloud traceroute' to discover where exactly the problem is would be amazing
(in fairness there are 'least privilege' tools I haven't tried -- listed below and I recall reading about others)
1. iam access analyzer https://aws.amazon.com/blogs/security/iam-access-analyzer-ma...
2. airiam https://github.com/bridgecrewio/AirIAM
3. policy simulator https://cloud.google.com/policy-intelligence/docs/iam-simula...
You need to create IRSA part and give it as a variable for addons. You can GitHub repository for more details https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/modules/iam-role-for-service-accounts-eks
Iam related posts
- Keep your AWS CLI config fresh with Cog
- A Step-by-Step Guide to Easily Deploying EKS Infrastructure and Applications Using Terraform
- OAuth server for authorization
- Ask HN: How do you manage many profiles and credentials for cloud tooling?
- Krptn: User Auth and Encryption of data at rest, derived from users’ credentials
- Recommendations for a better way to grant access in K8s on a granular level?
- AWS Networking Concepts in a Diagram
-
A note from our sponsor - WorkOS
workos.com | 28 Apr 2024
Index
What are some of the best open-source Iam projects? This list will help you:
Project | Stars | |
---|---|---|
1 | casbin | 16,865 |
2 | awesome-aws | 12,165 |
3 | prowler | 9,547 |
4 | my-arsenal-of-aws-security-tools | 8,702 |
5 | aws-vault | 8,141 |
6 | Pomerium | 3,843 |
7 | Security-101 | 3,291 |
8 | iamlive | 2,952 |
9 | aws-iam-authenticator | 2,144 |
10 | kanidm | 2,133 |
11 | policy_sentry | 1,938 |
12 | awesome-iam | 1,571 |
13 | infra | 1,350 |
14 | PMapper | 1,323 |
15 | warrant | 979 |
16 | awesome-auth | 895 |
17 | granted | 888 |
18 | auth | 826 |
19 | trailscraper | 762 |
20 | iam-policy-json-to-terraform | 758 |
21 | AirIAM | 752 |
22 | terraform-aws-iam | 751 |
23 | ssh-over-ssm | 720 |
Sponsored