{"id":30240448,"url":"https://github.com/hypothesis/iamsync","last_synced_at":"2025-08-15T04:38:56.729Z","repository":{"id":48981257,"uuid":"380167017","full_name":"hypothesis/iamsync","owner":"hypothesis","description":"AWS IAM SSH Access and Authorization","archived":false,"fork":false,"pushed_at":"2023-03-23T09:57:32.000Z","size":16,"stargazers_count":1,"open_issues_count":3,"forks_count":0,"subscribers_count":9,"default_branch":"main","last_synced_at":"2023-03-23T11:15:55.427Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hypothesis.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-06-25T07:59:48.000Z","updated_at":"2021-09-18T04:14:08.000Z","dependencies_parsed_at":"2022-09-12T23:42:29.567Z","dependency_job_id":null,"html_url":"https://github.com/hypothesis/iamsync","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"purl":"pkg:github/hypothesis/iamsync","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hypothesis%2Fiamsync","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hypothesis%2Fiamsync/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hypothesis%2Fiamsync/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hypothesis%2Fiamsync/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hypothesis","download_url":"https://codeload.github.com/hypothesis/iamsync/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hypothesis%2Fiamsync/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270524456,"owners_count":24600195,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-15T02:00:12.559Z","response_time":110,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-08-15T04:38:42.555Z","updated_at":"2025-08-15T04:38:56.718Z","avatar_url":"https://github.com/hypothesis.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS IAM SSH Access and Authorization - IAMSYNC\n\nA tool that generates and maintains local Linux user accounts using AWS IAM as a source of truth. Users added and removed from eligible IAM user groups will be able to login using SSH once a public ssh key has been added to their AWS account.\n\n#### Parameters\n\n**--config**\n\nPath to configuration file.\n\n**--log**\n\nPath to log file.\n\n**--verbose**\n\nIncrease output level.\n\n#### Requirements\n\n- Python3.6 or greater\n- Boto3\n- PyYaml\n\n### Configuration\n\n`iamsync.py` by default reads configuration from `/etc/iamsync.yml`. Here is an example entry:\n\n```\niamsync:\n  - iam_group: \u003cgroup_name\u003e\n    sudo_rule: \u003csudo_rule\u003e\n    local_gid: \u003cgroup_id\u003e\n```\n\nA number of `iam_group` blocks with separate `sudo_rule` and `local_gid` entries can be defined to provide a granular access solution.\n\n#### Configuration file format\n\n**iamsync**\n\nThe key identifier for iamsync config in the iam.yml configuration file. Required. Do not change.\n\n**iam_group**\n\nThe IAM user group you would like to sync with the local Linux server. A Linux user group with the same name as the IAM user group will be created.\n\n**sudo_rule**\n\nSudo rule that defines the level of privilege give to `iam_group`.\n\n**local_gid**\n\nThe Linux group identifier applied to the local Linux group to be created.\n\n#### Configuration example\n\nThe example defines a solution were two groups `support` and `engineering` have been given access with slightly different privileges. Users in the `support` group have the ability to run `/bin/su - postgres` to inherit the `postgres` user account. Users in the `engineering` group have the ability to run `all` commands. Essentially providing `engineering` users will `root` level access.\n\n```\niamsync:\n  - iam_group: support\n    sudo_rule: \"ALL= NOPASSWD: /bin/su - postgres\"\n    local_gid: 1024\n  - iam_group: engineering\n    sudo_rule: \"ALL=(ALL) NOPASSWD:ALL\"\n    local_gid: 1025\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhypothesis%2Fiamsync","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhypothesis%2Fiamsync","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhypothesis%2Fiamsync/lists"}