Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/iann0036/iamfast

AWS IAM policy generation from application code
https://github.com/iann0036/iamfast

ast aws iam iam-policy

Last synced: 2 days ago
JSON representation

AWS IAM policy generation from application code

Host: GitHub
URL: https://github.com/iann0036/iamfast
Owner: iann0036
License: gpl-3.0
Created: 2021-01-30T03:58:16.000Z (almost 4 years ago)
Default Branch: main
Last Pushed: 2024-01-08T09:51:04.000Z (12 months ago)
Last Synced: 2024-05-01T14:10:14.184Z (8 months ago)
Topics: ast, aws, iam, iam-policy
Language: JavaScript
Homepage:
Size: 7.73 MB
Stars: 159
Watchers: 7
Forks: 9
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # iamfast

:construction: EXPERIMENTAL :construction:

> IAM policy generation from application code

> [!IMPORTANT]  

> Update December 2024: Development has restarted with a new parsing library, for performance reasons

## Installation

```

npm i -g iamfast

```

You can also install iamfast as a [Visual Studio Code extension](https://marketplace.visualstudio.com/items?itemName=iann0036.iamfast).

## Usage

Execute `iamfast` with the first argument being the file or directory (currently slow, not yet recommended) to be scanned.

```

iamfast yourfile.js

```

iamfast [supports](#development-progress) the following programming languages:

* JavaScript (v2/v3 SDK)

* Python 3 (Boto3 SDK)

* Go (v1/v2 SDK)

* Java (v2 SDK)

* PHP (v3 SDK)

* C/C++ (v1 SDK)

* Rust (v1 SDK)

* .NET/C# (v3/v4 SDK)

* Ruby (v1 SDK)

#### Optional Flags

`--format `: Sets the format of the output, currently supporting `json` (default), `yaml`, `hcl` and `sam`

## Example

```

> cat tests/js/test1.js

// Load the AWS SDK for Node.js

var AWS = require('aws-sdk');

// Set the region 

AWS.config.update({region: 'us-east-1'});

// Create the DynamoDB service object

var ddb = new AWS.DynamoDB({apiVersion: '2012-08-10'});

var params = {

  TableName: 'CUSTOMER_LIST',

  Item: {

    'CUSTOMER_ID' : {N: '001'},

    'CUSTOMER_NAME' : {S: 'Richard Roe'}

  }

};

// Call DynamoDB to add the item to the table

ddb.putItem(params, function(err, data) {

  if (err) {

    console.log("Error", err);

  } else {

    console.log("Success", data);

  }

});

```

```

> iamfast tests/js/test1.js

{

    "Version": "2012-10-17",

    "Statement": [

        {

            "Effect": "Allow",

            "Action": "dynamodb:PutItem",

            "Resource": [

                "arn:aws:dynamodb:us-east-1:123456789012:table/CUSTOMER_LIST"

            ]

        }

    ]

}

```

## Test

To run tests:

```node

npm test

```

## Development Progress

### General

- [ ] Gather test cases

- [ ] Environment variable referencing in SAM output

- [ ] Online tool for quick evaluation

- [ ] GitHub app

- [ ] Variable redeclaration

### JavaScript

- [ ] Lexing & parsing with ANTLR

- [ ] Custom tree walker

- [ ] Identify standard SDK definitions

- [ ] Identify SDK region

- [ ] Identify advanced SDK definitions

- [ ] Identify client instantiations

- [ ] Identify client calls

- [ ] Identify client calls with advanced method chaining

- [ ] Identify resource instantiations (AWS.S3.ManagedUpload, AWS.DynamoDB.DocumentClient)

- [ ] Identify resource calls

- [ ] Interpret call arguments (top-level, static)

- [ ] Interpret call arguments (top-level, variable)

- [ ] Interpret call arguments (deep, static)

- [ ] Interpret call arguments (deep, variable)

- [ ] Track literal variables

- [ ] Track object variables

- [ ] Track environmental variables

- [ ] Understand scope (build the call stack)

- [ ] Cross-file relationships

- [ ] Understand entrypoints and code accessibility

- [ ] Performance tuning

### Python

- [ ] Lexing & parsing with ANTLR

- [ ] Custom tree walker

- [ ] Identify standard SDK definitions

- [ ] Identify SDK region

- [ ] Identify advanced SDK definitions ("as x" etc.)

- [ ] Identify client instantiations

- [ ] Identify client calls

- [ ] Identify client calls with advanced method chaining

- [ ] Identify resource instantiations

- [ ] Identify resource calls

- [ ] Interpret call arguments (top-level, static)

- [ ] Interpret call arguments (top-level, variable)

- [ ] Interpret call arguments (deep, static)

- [ ] Interpret call arguments (deep, variable)

- [ ] Track literal variables

- [ ] Track object variables

- [ ] Track environmental variables

- [ ] Understand scope (build the call stack)

- [ ] Cross-file relationships

- [ ] Understand entrypoints and code accessibility

- [ ] Performance tuning

### Go

- [ ] Lexing & parsing with ANTLR

- [ ] Custom tree walker

- [ ] Identify standard SDK definitions

- [ ] Identify SDK region

- [ ] Identify advanced SDK definitions

- [ ] Identify client instantiations

- [ ] Identify client calls

- [ ] Identify client calls with advanced method chaining

- [ ] Interpret call arguments (top-level, static)

- [ ] Interpret call arguments (top-level, variable)

- [ ] Interpret call arguments (deep, static)

- [ ] Interpret call arguments (deep, variable)

- [ ] Track literal variables

- [ ] Track object variables

- [ ] Track environmental variables

- [ ] Understand scope (build the call stack)

- [ ] Cross-file relationships

- [ ] Understand entrypoints and code accessibility

- [ ] Special waiter logic in SDK (*ActiveV2)

- [ ] Performance tuning

### Java

- [ ] Lexing & parsing with ANTLR

- [ ] Custom tree walker

- [ ] Identify standard SDK definitions

- [ ] Identify SDK region

- [ ] Identify advanced SDK definitions

- [ ] Identify client instantiations

- [ ] Identify client calls

- [ ] Identify client calls with advanced method chaining

- [ ] Interpret call arguments (top-level, static)

- [ ] Interpret call arguments (top-level, variable)

- [ ] Interpret call arguments (deep, static)

- [ ] Interpret call arguments (deep, variable)

- [ ] Track literal variables

- [ ] Track object variables

- [ ] Track environmental variables

- [ ] Understand scope (build the call stack)

- [ ] Cross-file relationships

- [ ] Understand entrypoints and code accessibility

- [ ] Performance tuning

### C++

- [ ] Lexing & parsing with ANTLR

- [ ] Custom tree walker

- [ ] Identify standard SDK definitions

- [ ] Identify SDK region

- [ ] Identify advanced SDK definitions

- [ ] Identify client instantiations

- [ ] Identify client calls

- [ ] Identify client calls with advanced method chaining

- [ ] Interpret call arguments (top-level, static)

- [ ] Interpret call arguments (top-level, variable)

- [ ] Interpret call arguments (deep, static)

- [ ] Interpret call arguments (deep, variable)

- [ ] Track literal variables

- [ ] Track object variables

- [ ] Track environmental variables

- [ ] Understand scope (build the call stack)

- [ ] Cross-file relationships

- [ ] Understand entrypoints and code accessibility

- [ ] Performance tuning