{"id":17962145,"url":"https://github.com/skyzyx/policy-gen","last_synced_at":"2025-04-03T18:44:16.418Z","repository":{"id":40255134,"uuid":"493416883","full_name":"skyzyx/policy-gen","owner":"skyzyx","description":"Wrapper for `iamlive`.","archived":false,"fork":false,"pushed_at":"2022-05-17T23:37:06.000Z","size":12,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-01T18:15:22.524Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/skyzyx.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-05-17T21:19:38.000Z","updated_at":"2022-05-19T07:05:39.000Z","dependencies_parsed_at":"2022-08-17T21:45:37.389Z","dependency_job_id":null,"html_url":"https://github.com/skyzyx/policy-gen","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skyzyx%2Fpolicy-gen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skyzyx%2Fpolicy-gen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skyzyx%2Fpolicy-gen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/skyzyx%2Fpolicy-gen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/skyzyx","download_url":"https://codeload.github.com/skyzyx/policy-gen/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247061142,"owners_count":20877165,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-29T11:14:10.319Z","updated_at":"2025-04-03T18:44:16.395Z","avatar_url":"https://github.com/skyzyx.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# PolicyGen: An IAM Policy Genenerator Wrapper\n\nSimple Bash wrapper for [`iamlive`](https://github.com/iann0036/iamlive) that can be chained from tools like [AWS Vault] or [AWS Okta].\n\n## Requirements\n\n* Bash\n* [AWS CLI](https://github.com/aws/aws-cli/tree/v2)\n* [jq](https://stedolan.github.io/jq/)\n* [iamlive](https://github.com/iann0036/iamlive)\n\n## Install\n\nYou should install `policy-gen` into your `$PATH`. Use `sudo` if appropriate.\n\n```bash\ncurl -sSLf https://github.com/skyzyx/policy-gen/raw/main/policy-gen -o /usr/local/bin/policy-gen\nchmod +x /usr/local/bin/policy-gen\n```\n\n## Usage\n\nUsing AWS credentials for things that are not the AWS CLI is studpidly complex. A better solution is one that supports both the AWS CLI in addition to other applications written using AWS SDKs (or otherwise support AWS environment variables).\n\n| Tool | Use-case |\n|-|-|\n| [AWS Vault] | For everybody. Also has native support for AWS SSO. |\n| [AWS Okta] | For those who use Okta as an enterprise SSO solution for their AWS accounts. |\n\n```bash\n# Pattern\naws-vault exec {profile} -- policy-gen -- {command}\naws-okta exec {profile} -- policy-gen -- {command}\n```\n\nIf you already have a `default` profile or otherwise have AWS environment variables set, you can simply prefix your command.\n\n```bash\n# Pattern\npolicy-gen -- {command}\n```\n\nThis doesn't work with `aws --profile {profile}` because `policy-gen` needs to be able to obtain the credentials from the environment _before_ calling the `aws` CLI tool.\n\n## Output\n\nThis will write a JSON file to the current directory — `required-permissions.policy.json` — containing an IAM policy for the command that was run.\n\n  [AWS Vault]: https://github.com/99designs/aws-vault\n  [AWS Okta]: https://github.com/fiveai/aws-okta\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskyzyx%2Fpolicy-gen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fskyzyx%2Fpolicy-gen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fskyzyx%2Fpolicy-gen/lists"}