This is an issues-only repo for iamfast, a toolset which generates AWS IAM policies from application code.
npm i -g iamfast
You can also install iamfast as a Visual Studio Code extension.
Execute iamfast with the first argument being the file or directory to be scanned.
iamfast yourfile.js
iamfast supports the following programming languages:
- JavaScript (v2/v3 SDK)
- Python 3 (Boto3 SDK)
- Go (v1/v2 SDK)
- Java (v2 SDK)
The following programming languages are planned:
- PHP (v3 SDK)
- C/C++ (v1 SDK)
- Rust (v1 SDK)
- .NET/C# (v3/v4 SDK)
- Ruby (v1 SDK)
--format: Sets the format of the output, currently supporting json (default), yaml, hcl and sam
--inclusions: Specify the mode for external code inclusions, currently supporting file (default), project, organization, external and all
--context: Specify the mode for contextual information, used for account ID, region etc., currently supporting none (default) and local
--profile: The profile to use for contextual information
> cat tests/js/test1.js
// Load the AWS SDK for Node.js
var AWS = require('aws-sdk');
// Set the region
AWS.config.update({region: 'us-east-1'});
// Create the DynamoDB service object
var ddb = new AWS.DynamoDB({apiVersion: '2012-08-10'});
var params = {
TableName: 'CUSTOMER_LIST',
Item: {
'CUSTOMER_ID' : {N: '001'},
'CUSTOMER_NAME' : {S: 'Richard Roe'}
}
};
// Call DynamoDB to add the item to the table
ddb.putItem(params, function(err, data) {
if (err) {
console.log("Error", err);
} else {
console.log("Success", data);
}
});
> iamfast tests/js/test1.js
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "dynamodb:PutItem",
"Resource": [
"arn:aws:dynamodb:us-east-1:123456789012:table/CUSTOMER_LIST"
]
}
]
}