{"id":16831814,"url":"https://github.com/flosell/iamspec","last_synced_at":"2025-11-07T04:30:35.109Z","repository":{"id":51311170,"uuid":"105440245","full_name":"flosell/iamspec","owner":"flosell","description":"[WIP/PoC] RSpec Tests for AWS IAM using the AWS Policy Simulator - inspired by serverspec.","archived":true,"fork":false,"pushed_at":"2021-05-29T11:06:10.000Z","size":47,"stargazers_count":17,"open_issues_count":3,"forks_count":5,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-10T20:57:22.778Z","etag":null,"topics":["aws","hacktoberfest","iam","rspec","spec","testing"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/flosell.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-10-01T12:22:12.000Z","updated_at":"2024-06-15T09:32:34.000Z","dependencies_parsed_at":"2022-09-14T11:12:13.499Z","dependency_job_id":null,"html_url":"https://github.com/flosell/iamspec","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flosell%2Fiamspec","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flosell%2Fiamspec/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flosell%2Fiamspec/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/flosell%2Fiamspec/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/flosell","download_url":"https://codeload.github.com/flosell/iamspec/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239517079,"owners_count":19652071,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","hacktoberfest","iam","rspec","spec","testing"],"created_at":"2024-10-13T11:45:29.250Z","updated_at":"2025-11-07T04:30:35.051Z","avatar_url":"https://github.com/flosell.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# IAMSpec\n\nRSpec Tests for AWS IAM using the AWS Policy Simulator - inspired by serverspec.\n\n**Caution: WIP and proof of concept: Don't expect everything to work perfectly, make sense or be maintained going forward** - However, I'm interested in feedback, drop me a line if this feels useful to you!\n\n## Why?\n\nThe other day, after making some changes to our projects IAM configuration, I told my colleague: _\"It should work now\"_. When he tried it, it didn't. No worries, I found the mistake, fixed it and on second try, it worked. \n\nBut something kept nagging me: As a developer, I don't usually tell people \"it _should_ work\". I write tests, I _know_ it works. But somehow, I didn't do that in an area that counts, identity and access management. IAMSpec is my attempt in filling this gap.\n \n## FAQ\n\n### What does it do? \n\nIt automates dealing with the AWS Policy Simulator. It allows you to write tests against your IAM configuration\n\n### Does it support everything I can do in IAM? \n\nNo. It uses the AWS Policy Simulator in the background so iamspec can only check what's supported by the Policy Simulator.\n\nFor example, assume role policies seem to be ignored. \n\n### Does it support Terraform/CloudFormation/...?\n \nIAMSpec runs your tests against the state in IAM, therefore it is independent from some tool. It is meant to run after you applied your changes in your favorite tool. \n\n### So it will only tell me after I broke something? \n\nYes, unless you set up a separate \"staging accounts\" where you test your IAM config before rolling it out. Support for testing policy-files separately might be added in the future to at least partly solve this issue. \n\n### Can I extend it? \n\nSure, you can write your own syntactic sugar based on `GenericAction` and `GenericType`. And if you think others can profit from your extension, why not send in a pull request?\n\n## Installation\n\nAdd this line to your application's Gemfile:\n\n```ruby\ngem 'iamspec',:git =\u003e 'https://github.com/flosell/iamspec.git'\n```\n\nAnd then execute:\n\n    $ bundle\n\nOr install it yourself as:\n\n    $ gem install iamspec\n\nThen add it to your `spec_helper`\n\n    require \"iamspec\"\n\n## Usage\n\nWrite your first test: \n\n```ruby\ndescribe('Using syntactic sugar') do\n  describe iam_user('some_user_with_admin_permissions') do\n      it { should be_allowed_to assume_role('Administrator') }\n  end\nend\n# OR \ndescribe(\"Using a generic resource\") do\n  describe generic_policy_source(\"arn:aws:iam::#{SOME_ACCOUNT_ID}:user/some_user_with_admin_permissions\") do\n    it { should be_allowed_to perform_action('sts:AssumeRole').with_resource(\"arn:aws:iam::#{SOME_ACCOUNT_ID}:role/Administrator\") }\n  end\nend\n```\n\nSee [`integration_spec.rb`](spec/integration_spec.rb) for more examples\n\n## TODO\n\n* [ ] clean things up\n* [ ] add documentation\n* [ ] release on RubyGems\n* [ ] more syntactic sugar\n* [ ] spec directly against policy JSON\n\n## Development\n\nThe `go`-script is your central entrypoint. Call it without arguments to see what's available.\n\nThe integration-tests require an AWS account with certain IAM resources set up. Use the `go` script to apply the `example_infra` terraform code to do this (don't use a production account!)\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at https://github.com/flosell/iamspec.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflosell%2Fiamspec","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fflosell%2Fiamspec","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fflosell%2Fiamspec/lists"}