Skip to content
cloud

GitHub Action

"iamlive" Action For GitHub Actions

v0.5.0 Latest version

"iamlive" Action For GitHub Actions

cloud

"iamlive" Action For GitHub Actions

Capture the used AWS IAM permissions using client-side monitoring (CSM) from your GitHub actions workflow

Installation

Copy and paste the following snippet into your .yml file.

              

- name: "iamlive" Action For GitHub Actions

uses: marcofranssen/[email protected]

Learn more about this action in marcofranssen/setup-iamlive

Choose a version

Setup IAM Live

This Github action installs iamlive and allows to capture the used AWS IAM permissions using client-side monitoring (CSM).

Usage

Install only

Only installs iamlive

env:
  AWS_CSM_ENABLED: 'true'

steps:
  - uses: marcofranssen/[email protected]
    with:
      iamlive-version: v1.1.11
  - run: ./iamlive --background --sort-alphabetical --output-file iamlive-policy.json
  - run: |
      aws s3 mb s3://test-bucket
      aws s3 ls
  - if: ${{ always() }}
    run: |
      echo "Waiting 60 secs for iamlive to process all the permissions"
      sleep 60
      while ps -ef | grep iamlive | grep -v grep
      do
        kill -s SIGTERM `ps -ef | grep iamlive | grep -v grep | awk '{print $2}'`
        sleep 1
      done
      cat iamlive-policy.json
  - if: ${{ always() }}
    uses: actions/upload-artifact@v3
    with:
      name: iamlive-policy.json
      path: iamlive-policy.json

Autocapture

Starts iamlive automatically in the background and uses the post execution step to shutdown iamlive and upload the policy document.

env:
  AWS_CSM_ENABLED: 'true'

steps:
  - uses: marcofranssen/[email protected]
    with:
      iamlive-version: v1.1.11
      auto-capture: true
      output-file: iamlive-policy.json
  - run: aws s3 ls