Skip to content

Capture the used AWS IAM permissions using AWS client-side monitoring (CSM) from your GitHub actions workflow.

Notifications You must be signed in to change notification settings

hsdp-smulford/setup-iamlive

 
 

Repository files navigation

Setup IAM Live

This Github action installs iamlive and allows to capture the used AWS IAM permissions using client-side monitoring (CSM).

Usage

Install only

Only installs iamlive

env:
  AWS_CSM_ENABLED: 'true'

steps:
  - uses: marcofranssen/[email protected]
    with:
      iamlive-version: v0.48.0
  - run: ./iamlive --background --sort-alphabetical --output-file iamlive-policy.json
  - run: |
      aws s3 mb s3://test-bucket
      aws s3 ls
  - if: ${{ always() }}
    run: |
      echo "Waiting 60 secs for iamlive to process all the permissions"
      sleep 60
      while ps -ef | grep iamlive | grep -v grep
      do
        kill -s SIGTERM `ps -ef | grep iamlive | grep -v grep | awk '{print $2}'`
        sleep 1
      done
      cat iamlive-policy.json
  - if: ${{ always() }}
    uses: actions/upload-artifact@v3
    with:
      name: iamlive-policy.json
      path: iamlive-policy.json

Autocapture

Starts iamlive automatically in the background and uses the post execution step to shutdown iamlive and upload the policy document.

env:
  AWS_CSM_ENABLED: 'true'

steps:
  - uses: marcofranssen/[email protected]
    with:
      iamlive-version: v0.48.0
      auto-capture: true
      output-file: iamlive-policy.json
  - run: aws s3 ls

About

Capture the used AWS IAM permissions using AWS client-side monitoring (CSM) from your GitHub actions workflow.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 100.0%