Skip to content

Capture the used AWS IAM permissions using AWS client-side monitoring (CSM) from your GitHub actions workflow.

Notifications You must be signed in to change notification settings

marcofranssen/setup-iamlive

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

Setup IAM Live

This Github action installs iamlive and allows to capture the used AWS IAM permissions using client-side monitoring (CSM).

Usage

Install only

Only installs iamlive

env:
  AWS_CSM_ENABLED: 'true'

steps:
  - uses: marcofranssen/[email protected]
    with:
      iamlive-version: v1.1.11
  - run: ./iamlive --background --sort-alphabetical --output-file iamlive-policy.json
  - run: |
      aws s3 mb s3://test-bucket
      aws s3 ls
  - if: ${{ always() }}
    run: |
      echo "Waiting 60 secs for iamlive to process all the permissions"
      sleep 60
      while ps -ef | grep iamlive | grep -v grep
      do
        kill -s SIGTERM `ps -ef | grep iamlive | grep -v grep | awk '{print $2}'`
        sleep 1
      done
      cat iamlive-policy.json
  - if: ${{ always() }}
    uses: actions/upload-artifact@v3
    with:
      name: iamlive-policy.json
      path: iamlive-policy.json

Autocapture

Starts iamlive automatically in the background and uses the post execution step to shutdown iamlive and upload the policy document.

env:
  AWS_CSM_ENABLED: 'true'

steps:
  - uses: marcofranssen/[email protected]
    with:
      iamlive-version: v1.1.11
      auto-capture: true
      output-file: iamlive-policy.json
  - run: aws s3 ls

About

Capture the used AWS IAM permissions using AWS client-side monitoring (CSM) from your GitHub actions workflow.

Topics

Resources

Stars

Watchers

Forks

Sponsor this project

 

Packages

No packages published