GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → keikoproj → iam-manager

keikoproj / iam-manager

Licence: Apache-2.0 license
AWS IAM role management for K8s cluster using kube builder "Operator" framework

Programming Languages

go
31211 projects - #10 most used programming language
Makefile
30231 projects

Labels

kubernetesawssecurityiamcrd-controllerkubebuilderiam-rolesirsaiam-manager

Projects that are alternatives of or similar to iam-manager

konsumerator
Kafka Consumer Operator. Kubernetes operator to manage consumers of unbalanced kafka topics with per-partition vertical autoscaling based on Prometheus metrics
Stars: ✭ 20 (-51.22%)
Mutual labels:  crd-controller, kubebuilder
KubeService
A simple Kubernetes⎈ CRD controller build on kubebuilder for micro-service management.
Stars: ✭ 20 (-51.22%)
Mutual labels:  crd-controller, kubebuilder
Awsprocesscreds
Process credential providers for AWS SDKs and Tools
Stars: ✭ 123 (+200%)
Mutual labels:  iam
Complete Aws Iam Reference
Complete AWS IAM Reference
Stars: ✭ 236 (+475.61%)
Mutual labels:  iam
Iamy
A cli tool for importing and exporting AWS IAM configuration to YAML files
Stars: ✭ 200 (+387.8%)
Mutual labels:  iam
Syncope
Apache Syncope
Stars: ✭ 134 (+226.83%)
Mutual labels:  iam
Osiam
MIT licensed Open Source Identity and Access Management implementing OAuth 2.0 and SCIMv2.
Stars: ✭ 205 (+400%)
Mutual labels:  iam
Startup Aws Iam Roles
A list of typical positions in a startup and their policies for IAM AWS.
Stars: ✭ 118 (+187.8%)
Mutual labels:  iam
scim
Golang Implementation of the SCIM v2 Specification
Stars: ✭ 108 (+163.41%)
Mutual labels:  iam
Awesome Iam
👤 Identity and Access Management Knowledge for Cloud Platforms
Stars: ✭ 186 (+353.66%)
Mutual labels:  iam
Keymaker
Lightweight SSH key management on AWS EC2
Stars: ✭ 221 (+439.02%)
Mutual labels:  iam
Home
Welcome to Janssen: the world's fastest cloud native identity and access management platform
Stars: ✭ 176 (+329.27%)
Mutual labels:  iam
Kube Aws Iam Controller
Distribute different AWS IAM credentials to different pods in Kubernetes via secrets.
Stars: ✭ 137 (+234.15%)
Mutual labels:  iam
Pomerium
Pomerium is an identity-aware access proxy.
Stars: ✭ 2,860 (+6875.61%)
Mutual labels:  iam
Aws Iam Authenticator
A tool to use AWS IAM credentials to authenticate to a Kubernetes cluster
Stars: ✭ 1,713 (+4078.05%)
Mutual labels:  iam
Authing
🔥Authing - IDaaS/IAM solution that can Auth to web and mobile applications.
Stars: ✭ 247 (+502.44%)
Mutual labels:  iam
Cipheridaas
CipherIDaaS —— Open-source IDaaS/IAM product by CipherChina , Hangzhou .
Stars: ✭ 121 (+195.12%)
Mutual labels:  iam
Theidserver
OpenID/Connect server based on IdentityServer4
Stars: ✭ 170 (+314.63%)
Mutual labels:  iam
Drf Access Policy
Declarative access policies/permissions modeled after AWS' IAM policies.
Stars: ✭ 200 (+387.8%)
Mutual labels:  iam
CrownLabs
Kubernetes-based Remote Laboratories
Stars: ✭ 96 (+134.15%)
Mutual labels:  kubebuilder
View All Similar Projects ➔

iam-manager

Maintenance PR slack

version Build Status codecov Go Report Card

AWS IAM role management for K8s namespaces inside cluster using k8s CRD Operator.

Security:

Security will be a main concern when we design a solution to create/update/delete IAM roles inside a cluster independently. iam-manager uses AWS IAM Permission Boundary concept along with other solutions to secure the implementation. Please check AWS Security for more details.

Supported Features

Following features are supported by IAM Manager

IAM Roles Management
IAM Role for Service Accounts (IRSA)
AWS Service-Linked Roles
Default Trust Policy for All Roles
Maximum Number of Roles per Namespace
Attaching Managed IAM Policies for All Roles
Multiple Trust policies

iam-manager config-map

This document provide explanation on configmap variables.

Additional Info

iam-manager is built using kubebuilder project and like any other kubebuilder project iam-manager also uses cert-manager to manage the SSL certs for webhooks.

Usage:

Following is the sample Iamrole spec.

apiVersion: iammanager.keikoproj.io/v1alpha1
kind: Iamrole
metadata:
  name: iam-manager-iamrole
spec:
  # Add fields here
  PolicyDocument:
    Statement:
      -
        Effect: "Allow"
        Action:
          - "s3:Get*"
        Resource:
          - "arn:aws:s3:::intu-oim*"
        Sid: "AllowS3Access"
  AssumeRolePolicyDocument:
    Version: "2012-10-17"
    Statement:
      -
        Effect: "Allow"
        Action: "sts:AssumeRole"
        Principal:
          AWS:
            - "arn:aws:iam::XXXXXXXXXXX:role/20190504-k8s-kiam-role"

To submit, kubectl apply -f iam_role.yaml --ns namespace1

Installation:

Simplest way to install iam-manager along with the role required for it to do the job is to run install.sh command.

Update the allowed policies in allowed_policies.txt and config map properties config_map as per your environment before you run install.sh.

Note: You must be cluster admin and have exported KUBECONFIG and also has Administrator access to underlying AWS account and have the credentials exported.

example:

export KUBECONFIG=/Users/myhome/.kube/admin@eks-dev2-k8s  
export AWS_PROFILE=admin_123456789012_account
./install.sh [cluster_name] [aws_region] [aws_profile]
./install.sh eks-dev2-k8s us-west-2 aws_profile

To enable web hook or/and also update your installation of iam-manager to work with kiam please check Installation for detailed instructions.

Contributing

Please see CONTRIBUTING.md.

Developer Guide

Please see DEVELOPER.md.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].