https://github.com/iamfastio/iamfast

Repository for iamfast questions and issues
https://github.com/iamfastio/iamfast

access-control ast authorization aws cloud go iam identity java javascript least-privilege policy python security

Last synced: 2 months ago
JSON representation

Repository for iamfast questions and issues

• Host: GitHub
• URL: https://github.com/iamfastio/iamfast
• Owner: iamfastio
• Created: 2021-01-30T03:58:16.000Z (over 4 years ago)
• Default Branch: readme
• Last Pushed: 2025-03-28T12:03:08.000Z (3 months ago)
• Last Synced: 2025-04-06T02:35:18.534Z (2 months ago)
• Topics: access-control, ast, authorization, aws, cloud, go, iam, identity, java, javascript, least-privilege, policy, python, security
• Homepage:
• Size: 8.34 MB
• Stars: 175
• Watchers: 6
• Forks: 11
• Open Issues: 2
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# iamfast



## About

This is an issues-only repo for **iamfast**, a toolset which generates IAM policies from application code.

## Installation

```

npm i -g iamfast

```

You can also install iamfast as a [Visual Studio Code extension](https://marketplace.visualstudio.com/items?itemName=iamfast.iamfast-vscode).

## Usage

Execute `iamfast` with the first argument being the file or directory to be scanned.

```

iamfast yourfile.js

```

iamfast supports the following programming languages:

* JavaScript (AWS v2/v3 SDK, Azure SDK, Google Cloud SDK)

* Python 3 (Boto3 SDK, Azure SDK, Google Cloud SDK)

* Go (AWS v1/v2 SDK, Azure SDK, Google Cloud SDK)

* Java (AWS v2 SDK, Google Cloud SDK)

The following programming languages are planned:

* PHP

* C/C++

* Rust

* .NET/C#

* Ruby

#### Optional Flags

**--format:** Sets the format of the output, currently supporting `json` (default), `yaml`, `hcl` and `sam`

**--inclusions:** Specify the mode for external code inclusions, currently supporting `file` (default), `project`, `organization`, `external` and `all`

**--context:** Specify the mode for contextual information, used for account ID, region etc., currently supporting `none` (default) and `local`

**--profile:** The profile to use for contextual information

## Example

```

> cat tests/js/test1.js

// Load the AWS SDK for Node.js

var AWS = require('aws-sdk');

// Set the region 

AWS.config.update({region: 'us-east-1'});

// Create the DynamoDB service object

var ddb = new AWS.DynamoDB({apiVersion: '2012-08-10'});

var params = {

  TableName: 'CUSTOMER_LIST',

  Item: {

    'CUSTOMER_ID' : {N: '001'},

    'CUSTOMER_NAME' : {S: 'Richard Roe'}

  }

};

// Call DynamoDB to add the item to the table

ddb.putItem(params, function(err, data) {

  if (err) {

    console.log("Error", err);

  } else {

    console.log("Success", data);

  }

});

```

```

> iamfast tests/js/test1.js

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Effect": "Allow",

            "Action": "dynamodb:PutItem",

            "Resource": [

                "arn:aws:dynamodb:us-east-1:123456789012:table/CUSTOMER_LIST"

            ]

        }

    ]

}

```