AWS IAM Manager – Users, Groups, Policies as a Code with one simple Lambda (github.com)
Hi Everyone,

At netguru.co we have to provide access for over 100 developers to different AWS accounts. Doing it from console or CLI was kind of a pain so I came up with this solution.

Basically, it "mirrors" structure from selected Github repository into AWS IAM Users, Groups and Policies. Everyone can request access to AWS account by creating pull request which must be Approved by a devops/cloud architect. Once merged, message will be send to SNS and then to Lambda which will take care of keeping everything synchronized.

Right now it does not support Cross-Account Access & Roles but I'm planning to implement it.

Let me know what do you think.

As Serverless already allows managing of IAM resources through the generic CloudFormwation resource support, where do you see the advantage of your approach instead of monitoring a Git repo and executing serverless deploy for each change in there?

How are users and/or programs affected by the dropping and recreating of policies?

Does that interrupt access at all?

