Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I found trying to manage and reason about AWS access control super confusing (especially across accounts), so I built a lightweight tool to dump and load IAM config to yaml files. https://github.com/99designs/iamy

It has recently started becoming popular quite organically, so I might just write a blog post on it soon.



are there any advantages over CloudFormation?


Oh and by the way it was actually your https://cloudonaut.io/your-single-aws-account-is-a-serious-r... post that indirectly inspired this tool, so thanks!

We consolidated users into a bastion account, ran into annoyances with CFN, and have been using iamy ever since for change management across all our accounts (more of a writeup at https://99designs.com.au/tech-blog/blog/2015/10/26/aws-vault...)


I'd say the biggest advantage is that it slots in easily to an existing environment that is not necessarily managed strictly.

I've found depending on how strict your change management policies are, IAM creds can collect cruft over time as people push new policies in ad-hoc. So iamy is handy for such a situation

- iamy can sync in both directions - pull and push IAM config. So you can easily pull down the ad-hoc changes

- In order to use CFN you need to have access, so there is a chicken-egg scenario if you want to manage ALL users in config

- iamy gives you a nice execution plan of aws cli commands, CFN can be opaque

And iamy does ignore any resource managed by CFN, so it works well as complimentary tool.


I see. Nice to know about your tool!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: