GitHub - jawadkho/aws-iam-sync: Synchronise AWS IAM policies, roles, groups and users from local json files

jawadkho / aws-iam-sync Public

forked from rvedotrc/aws-iam-sync

Notifications You must be signed in to change notification settings
Fork 0
Star 0

Synchronise AWS IAM policies, roles, groups and users from local json files

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 58 Commits
test		test
.gitignore		.gitignore
.jshintignore		.jshintignore
README.txt		README.txt
aws-data-utils.js		aws-data-utils.js
aws-iam-sync.js		aws-iam-sync.js
consistency-checker.js		consistency-checker.js
dry-run-iam.js		dry-run-iam.js
executor.js		executor.js
got-finder.js		got-finder.js
group-writer.js		group-writer.js
iam-collector.js		iam-collector.js
options-parser.js		options-parser.js
package.json		package.json
policy-writer.js		policy-writer.js
role-writer.js		role-writer.js
sync-engine.js		sync-engine.js
user-writer.js		user-writer.js

Repository files navigation

Sync IAM users/groups/roles/policies.

e.g. for handling JML

Things it should be able to do:

 - dry-run mode

 - only-apply-matching-changes mode?

 - create/update/delete managed policies

 - create/update/delete roles (name+path)
   - set role's inline policies (but "none" would do)
   - set role's attached policies

 - create/update/delete groups
   - set group's inline policies (but "none" would do)
   - set group's attached policies

 - create/update/delete users
   - set user's inline policies (but "none" would do)
   - set user's attached policies
   - set user's group memberships

In case case, need list of entities (and all their properties),
as well as some predicate for "is entity within this domain".
All wanted entities must match this predicate.
Found entities that match the predicate that aren't wanted will be deleted.

Create in the above order; delete in reverse order.

node --use-strict aws-iam-sync.js -w ./path/to/wanted.json -s ./path/to/scope.js [-n]