OPEN SOURCE

Analyze IAM
Permissions

Stop guessing IAM permissions. Point iamatic at a Terraform repo or plan file and get back the exact policy your deployer needs — instantly.

Get Started View on GitLab

Parse Terraform Code

Analyze .tf files to extract IAM policy documents and understand what permissions your infrastructure declares.

Analyze Terraform Plans

Feed in terraform plan JSON output to see exactly what IAM changes will be made before you apply.

Multiple Output Formats

Get output as human-readable text, structured JSON, or Terraform code for further automation.

Install

Choose your preferred method

Go Install

Quickest way to get started

go install gitlab.com/skyline-labs/iamatic@latest

Docker

Run without installing Go

docker pull registry.gitlab.com/skyline-labs/iamatic:latest

Build from Source

Clone and build yourself

git clone git@gitlab.com:skyline-labs/iamatic.git

How It Works

Input Terraform. Get IAM analysis.

resource "aws_iam_role" "lambda_exec" {
  name = "lambda_exec_role"
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Action = "sts:AssumeRole"
      Effect = "Allow"
      Principal = {
        Service = "lambda.amazonaws.com"
      }
    }]
  })
}

resource "aws_iam_policy" "s3_read" {
  name        = "s3-read-only"
  description = "Read access to S3 buckets"
  policy      = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Effect   = "Allow"
      Action   = ["s3:GetObject", "s3:ListBucket"]
      Resource = "*"
    }]
  })
}

Output

$ iamatic analyze ./
IAM (3 actions)
  s3:GetObject
  s3:ListBucket
  sts:AssumeRole

Total: 3 unique IAM actions across 2 services

# Ready to use

Ready?

Start analyzing your Terraform infrastructure and know exactly what IAM permissions your deployments need.

Read the Docs

Analyze IAMPermissions