Repokid |
- Remove permissions granting access to unused services from the inline policies of IAM roles in an AWS account
|
Cloudsplaining |
- Scans accounts for violations of Least Privilege and identifies policies that can lead to Privilege Escalation, Data Exfiltration, Resource Exposure, and Infrastructure Modification
|
AirIAM |
- Compiles AWS IAM usage and leverages that data to create a least-privilege IAM Terraform that replaces the exiting IAM management method
|
CloudTracker |
- Helps find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies
|
AWS Key Disabler |
- A small lambda script that will disable access keys older than a given amount of days
|
SkyArk |
- Discover most privileged entities in the target AWS/Azure environments, including Shadow Admins
|
SkyWrapper |
- Analyzes behaviors of temporary tokens
- Aims to find suspicious creation forms and uses of temporary tokens to detect malicious activity in the account
- The tool analyzes the AWS account, and creating an excel sheet includes all the currently living temporary tokens
|
red-shadow |
- Scan your AWS IAM Configuration for shadow admins in AWS IAM based on misconfigured deny policies not affecting users in groups
|
aa-policy-validator |
- Validate all your Customer Policies against AWS Access Analyzer
|
terraform-iam-policy-validator |
- A command line tool that validates AWS IAM Policies in a Terraform template against AWS IAM best practices
|
aws-sso-reporter |
- This tools uses the AWS SSO API to list all users, accounts, permission sets etc. and dumps it into a CSV file for additional parsing or viewing
|