Skip to content

Latest commit

 

History

History
57 lines (46 loc) · 1.42 KB

README.md

File metadata and controls

57 lines (46 loc) · 1.42 KB

Setup IAM Live

This Github action installs iamlive and allows to capture the used AWS IAM permissions using client-side monitoring (CSM).

Usage

Install only

Only installs iamlive

env:
  AWS_CSM_ENABLED: 'true'

steps:
  - uses: marcofranssen/[email protected]
    with:
      iamlive-version: v1.1.11
  - run: ./iamlive --background --sort-alphabetical --output-file iamlive-policy.json
  - run: |
      aws s3 mb s3://test-bucket
      aws s3 ls
  - if: ${{ always() }}
    run: |
      echo "Waiting 60 secs for iamlive to process all the permissions"
      sleep 60
      while ps -ef | grep iamlive | grep -v grep
      do
        kill -s SIGTERM `ps -ef | grep iamlive | grep -v grep | awk '{print $2}'`
        sleep 1
      done
      cat iamlive-policy.json
  - if: ${{ always() }}
    uses: actions/upload-artifact@v3
    with:
      name: iamlive-policy.json
      path: iamlive-policy.json

Autocapture

Starts iamlive automatically in the background and uses the post execution step to shutdown iamlive and upload the policy document.

env:
  AWS_CSM_ENABLED: 'true'

steps:
  - uses: marcofranssen/[email protected]
    with:
      iamlive-version: v1.1.11
      auto-capture: true
      output-file: iamlive-policy.json
  - run: aws s3 ls