
AWS IAM Manager – Users, Groups, Policies as a Code with one simple Lambda - rwilinski
https://github.com/RafalWilinski/aws-iam-manager
======
rwilinski
Hi Everyone,

At netguru.co we have to provide access for over 100 developers to different
AWS accounts. Doing it from console or CLI was kind of a pain so I came up
with this solution.

Basically, it "mirrors" structure from selected Github repository into AWS IAM
Users, Groups and Policies. Everyone can request access to AWS account by
creating pull request which must be Approved by a devops/cloud architect. Once
merged, message will be send to SNS and then to Lambda which will take care of
keeping everything synchronized.

Right now it does not support Cross-Account Access & Roles but I'm planning to
implement it.

Let me know what do you think.

~~~
Dunedan
As Serverless already allows managing of IAM resources through the generic
CloudFormwation resource support, where do you see the advantage of your
approach instead of monitoring a Git repo and executing _serverless deploy_
for each change in there?

~~~
rwilinski
That's pretty good idea, I haven't thought about it.

I think that my format is easier to understand. You don't have to use `Ref`s
and weird `Fn::Join`s which may be not obvious for developers which are not
experienced with CF.

------
mooreds
How are users and/or programs affected by the dropping and recreating of
policies?

Does that interrupt access at all?

