...
awscli-login – Access Keys for AWS CLI Using Cornell Two-Step Login - Shibboleth- 99designs/aws-vault – A vault for securely storing and accessing AWS credentials in development environments
- rapid7/awsaml – Awsaml is an application for providing automatically rotated temporary AWS credentials.
- RiotGames/key-conjurer – Temporary Credential Service
- aws-rotate-key – Easily rotate your AWS access key
- synfinatic/aws-sso-cli – Tool to make it easier to use AWS SSO for the CLI and web console.
- toshke/aws-keys-sectool – Tool that helps to lock down IAM access keys by adding IP-restrictions to IAM policies.
- aws/rolesanywhere-credential-helper – rolesanywhere-credential-helper implements the signing process for IAM Roles Anywhere's CreateSession API and returns temporary credentials in a standard JSON format that is compatible with the
credential_processfeature available across the language SDKs. - tuladhar/cleanup-aws-access-keys – tool to search and clean up unused AWS access keys
IAM/Resources Policy
- AWS Policy Generator – The AWS Policy Generator is a tool that enables you to create policies that control access to Amazon Web Services (AWS) products and resources.
- salesforce/policy_sentry – IAM Least Privilege Policy Generator
- duo-labs/cloudtracker – CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
- goldfiglabs/rpCheckup – rpCheckup is an AWS resource policy security checkup tool that identifies public, external account access, intra-org account access, and private resources
- iann0036/iamlive – Generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy
- Netflix/repokid – Repokid removes permissions granting access to unused services from the inline policies of IAM roles in an AWS account
- aminohealth/wonk - tool that analyzes IAM policies and minimizes them to fit under IAM policy length limits
- aws.permissions.cloud – uses a variety of information gathered within the IAM Dataset and exposes that information in a clean, easy-to-read format
- ermetic/access-undenied-aws – parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable remediation steps
- https://aws.permissions.cloud/ – comprehensive list of IAM actions, permissions, and API methods
- BishopFox/iam-vulnerable – Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
- PaloAltoNetworks/IAM-Deescalate – Helps mitigate privilege escalation risk in AWS identity and access management
- duo-labs/parliament – AWS IAM linting library to find malformed json, incorrect prefix and action names, incorrect resources or conditions for the actions provided, etc.
...