Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/marcofranssen/setup-iamlive
Capture the used AWS IAM permissions using AWS client-side monitoring (CSM) from your GitHub actions workflow.
https://github.com/marcofranssen/setup-iamlive
aws github-actions hacktoberfest iam iamlive
Last synced: 21 days ago
JSON representation
Capture the used AWS IAM permissions using AWS client-side monitoring (CSM) from your GitHub actions workflow.
- Host: GitHub
- URL: https://github.com/marcofranssen/setup-iamlive
- Owner: marcofranssen
- Created: 2022-07-13T18:00:10.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-04-30T07:23:50.000Z (7 months ago)
- Last Synced: 2024-05-01T21:17:23.651Z (7 months ago)
- Topics: aws, github-actions, hacktoberfest, iam, iamlive
- Language: TypeScript
- Homepage:
- Size: 4.37 MB
- Stars: 8
- Watchers: 4
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
README
# Setup IAM Live
This Github action installs [iamlive][] and allows to capture the used AWS IAM permissions using client-side monitoring (CSM).
## Usage
### Install only
Only installs `iamlive`
```yaml
env:
AWS_CSM_ENABLED: 'true'
steps:
- uses: marcofranssen/[email protected]
with:
iamlive-version: v1.1.11
- run: ./iamlive --background --sort-alphabetical --output-file iamlive-policy.json
- run: |
aws s3 mb s3://test-bucket
aws s3 ls
- if: ${{ always() }}
run: |
echo "Waiting 60 secs for iamlive to process all the permissions"
sleep 60
while ps -ef | grep iamlive | grep -v grep
do
kill -s SIGTERM `ps -ef | grep iamlive | grep -v grep | awk '{print $2}'`
sleep 1
done
cat iamlive-policy.json
- if: ${{ always() }}
uses: actions/upload-artifact@v3
with:
name: iamlive-policy.json
path: iamlive-policy.json
```
### Autocapture
Starts `iamlive` automatically in the background and uses the post execution step to shutdown `iamlive` and upload the policy document.
```yaml
env:
AWS_CSM_ENABLED: 'true'
steps:
- uses: marcofranssen/[email protected]
with:
iamlive-version: v1.1.11
auto-capture: true
output-file: iamlive-policy.json
- run: aws s3 ls
```
[iamlive]: https://github.com/iann0036/iamlive "Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy"