iamatic

Examples

Real-world examples of using iamatic in different scenarios.

1

Basic Usage

Analyze all Terraform files in a directory

Command

iamatic analyze ./infra/

Output

IAM (4 actions)
  logs:CreateLogGroup
  logs:CreateLogStream
  logs:PutLogEvents
  sts:AssumeRole

Total: 4 unique IAM actions across 2 services
2

Analyze Plan File

See exactly what IAM changes a plan will make

Command

terraform plan -out plan.tfplan
terraform show -json plan.tfplan > plan.json
iamatic analyze -p plan.json

Output

IAM Role (creating): new_lambda_role
  sts:AssumeRole

IAM Policy (creating): dynamodb_read
  dynamodb:GetItem
  dynamodb:Scan

IAM Policy (destroying): old_s3_access
  ✗ Removed
3

CI/CD Integration

Check for overly permissive IAM in your pipeline

Command

iamatic analyze -o json -f iam-analysis.json

# Check for wildcard resources
if grep -q '"Resource": "*"' iam-analysis.json; then
  echo "Warning: Found wildcard in IAM resources"
  exit 1
fi
4

GitLab CI

Add IAM analysis to your GitLab CI pipeline

Command

.iamatic:
  image: golang:latest
  before_script:
    - go install gitlab.com/skyline-labs/iamatic@latest

iam_analysis:
  extends: .iamatic
  script:
    - iamatic analyze -o json -f iam-report.json
  artifacts:
    paths:
      - iam-report.json