{"id":18510778,"url":"https://github.com/envato/iamy","last_synced_at":"2025-10-18T17:20:41.792Z","repository":{"id":14446916,"uuid":"365047146","full_name":"envato/iamy","owner":"envato","description":"IAMy - originally developed by 99designs","archived":false,"fork":false,"pushed_at":"2025-03-13T03:22:40.000Z","size":2248,"stargazers_count":0,"open_issues_count":5,"forks_count":1,"subscribers_count":56,"default_branch":"main","last_synced_at":"2025-07-11T15:54:01.637Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"99designs/iamy","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/envato.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-05-06T22:00:14.000Z","updated_at":"2021-11-01T23:58:58.000Z","dependencies_parsed_at":"2025-07-11T15:25:22.856Z","dependency_job_id":"586c9fed-7294-4259-a6dd-3307a960d2b0","html_url":"https://github.com/envato/iamy","commit_stats":null,"previous_names":[],"tags_count":30,"template":false,"template_full_name":null,"purl":"pkg:github/envato/iamy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envato%2Fiamy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envato%2Fiamy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envato%2Fiamy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envato%2Fiamy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/envato","download_url":"https://codeload.github.com/envato/iamy/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envato%2Fiamy/sbom","scorecard":{"id":378394,"data":{"date":"2025-08-11","repo":{"name":"github.com/envato/iamy","commit":"9458828a53b9306021e7aab904c944ebf9e00e0d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.2,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/go.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/envato/iamy/go.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/go.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/envato/iamy/go.yml/main?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v5.1.1 not signed: https://api.github.com/repos/envato/iamy/releases/190498898","Warn: release artifact v5.1.0 not signed: https://api.github.com/repos/envato/iamy/releases/111358784","Warn: release artifact v5.0.1 not signed: https://api.github.com/repos/envato/iamy/releases/76441453","Warn: release artifact v5.0.0 not signed: https://api.github.com/repos/envato/iamy/releases/74060892","Warn: release artifact v4.1.1 not signed: https://api.github.com/repos/envato/iamy/releases/69813301","Warn: release artifact v5.1.1 does not have provenance: https://api.github.com/repos/envato/iamy/releases/190498898","Warn: release artifact v5.1.0 does not have provenance: https://api.github.com/repos/envato/iamy/releases/111358784","Warn: release artifact v5.0.1 does not have provenance: https://api.github.com/repos/envato/iamy/releases/76441453","Warn: release artifact v5.0.0 does not have provenance: https://api.github.com/repos/envato/iamy/releases/74060892","Warn: release artifact v4.1.1 does not have provenance: https://api.github.com/repos/envato/iamy/releases/69813301"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T14:47:48.022Z","repository_id":14446916,"created_at":"2025-08-18T14:47:48.022Z","updated_at":"2025-08-18T14:47:48.022Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279576618,"owners_count":26194094,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-18T02:00:06.492Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T15:25:05.397Z","updated_at":"2025-10-18T17:20:41.733Z","avatar_url":"https://github.com/envato.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# IAMy\n\nIAMy is a tool for dumping and loading your AWS IAM configuration into YAML files.\n\nThis allows you to use an [Infrastructure as Code](https://en.wikipedia.org/wiki/Infrastructure_as_Code) model to manage your IAM configuration. For example, you might use a github repo with a pull request model for changes to IAM config.\n\nThis code was originally developed by 99designs ([origin upstream](https://github.com/99designs/iamy.git)), we recognise and appreciate the enormous effort they have put into this tool.\nThis particular version has been cloned to allow Envato to rapidly develop the features that are important to our use of this tool, we are following the existing semver arrangements for the repository, but we've appended a envato build tag.\n\n# Additional features\n\nFeatures added to this fork include:\n- .iamy-version file support, [Original PR](https://github.com/99designs/iamy/pull/63)\n- Flags to skip resources by tag (`--skip-tagged the-tag-name` and `--skip-cfn-tagged`)\n- .iamy-flags file support for default flags. Flags are appended to command line supplied flags. Example .iamy-flags file\n  contents: `--skip-tagged=iamy-ignore`.\n- `iamy fmt`, which formats files to match the result of `iamy pull`\n- Add support for specifying [MaxSessionDuration](https://aws.amazon.com/about-aws/whats-new/2018/03/longer-role-sessions/) on a role\n\n# Upcoming features\n\nThe additional features we are likely to add to this fork are:\n- support for organizations, ous and scps\n\n# Installation\n\n```\nbrew tap envato/envato-iamy\nbrew install envato/envato-iamy/iamy\n```\n\n# Development Status\n\nUnder active development, pull requests welcome.  Open issues for discussions please.\n\n## How it works\n\nIAMy has two main subcommands.\n\n`pull` will sync IAM users, groups and policies from AWS to YAML files\n\n`push` will sync IAM users, groups and policies from YAML files to AWS\n\nFor the `push` command, IAMy will output an execution plan as a series of [`aws` cli](https://aws.amazon.com/cli/) commands which can be optionally executed. This turns out to be a very direct and understandable way to display the changes to be made, and means you can pick and choose exactly what commands get actioned.\n\n### Other features\n\n- `fmt` will reformat all relevant files to match the output of `iamy pull`. This is particularly useful for using IAMy for drift detection, as you can use it as a PR check, and/or reformat files before performing a diff.\n\n## Getting started\n\nYou can install IAMy on macOS with `brew install iamy`, or with the go toolchain `go get -u github.com/99designs/iamy`.\n\nBecause IAMy uses the [aws cli tool](https://aws.amazon.com/cli/), you'll want to install it first.\n\nFor configuration, IAMy uses the same [AWS environment variables](http://docs.aws.amazon.com/cli/latest/userguide/cli-environment.html) as the aws cli. You might find [aws-vault](https://github.com/99designs/aws-vault) an excellent complementary tool for managing AWS credentials.\n\n\n## Example Usage\n\n```bash\n$ iamy pull\n\n$ find .\n./myaccount-123456789/iam/user/joe.yml\n\n$ mkdir -p myaccount-123456789/iam/user/foo\n\n$ touch myaccount-123456789/iam/user/foo/bar.baz\n\n$ cat \u003c\u003c EOD \u003e myaccount-123456789/iam/user/billy.blogs\nPolicies:\n- arn:aws:iam::aws:policy/ReadOnly\nEOD\n\n$ iamy push\nCommands to push changes to AWS:\n        aws iam create-user --path /foo --user-name bar.baz\n        aws iam create-user --user-name billy.blogs\n        aws iam attach-user-policy --user-name billy.blogs --policy-arn arn:aws:iam::aws:policy/ReadOnly\n\nExec all aws commands? (y/N) y\n\n\u003e aws iam create-user --path /foo --user-name bar.baz\n\u003e aws iam create-user --user-name billy.blogs\n\u003e aws iam attach-user-policy --user-name billy.blogs --policy-arn arn:aws:iam::aws:policy/ReadOnly\n```\n\n## Accurate cloudformation matching\n\nBy default, iamy will use a simple heuristic (does it end with an ID, eg -ABCDEF1234) to determine if a given resource is managed by cloudformation.\n\nThis behaviour is good enough for some cases, but if you want slower but more accurate matching pass `--accurate-cfn`\nto enumerate all cloudformation stacks and resources to determine exactly which resources are managed.\n\n## Inspiration and similar tools\n- https://github.com/percolate/iamer\n- https://github.com/hashicorp/terraform\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenvato%2Fiamy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fenvato%2Fiamy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenvato%2Fiamy/lists"}