Press enter or click to view image in full size
AWS Identity and Access Management is a powerful tool for isolating AWS resources and enforcing a least privilege architecture. Like many other powerful tools, there’s a steep learning curve that can make getting started tough.
Terrafam allows you to define IAM users, groups, roles and the access policies associated with them in an incredibly terse declarative yml syntax. With a simple python script, you can generate terraform configuration and create the IAM resources in your AWS account.
To use, create any or all of three files (users.yml, roles.yml, and groups.yml) and define the access policies. Here’s some examples of how those access policies can look:
users.yml
example-user:
managed: [“AdministratorAccess”]You can specify AWS managed policies to grant common groups of permissions. For instance, this configuration creates the example-user IAM user and then grants theAdministratorAccess managed policy.
roles.yml
example-role:
s3:
read-and-write: [“some-bucket”]
read: [“another-bucket”]
dynamodb:
read: [“some-table”]You can give read, write, or read-and-write access to S3, DynamoDB, or SNS resources. This set of resources is based on what we use most frequently at Clever and is only a…