April 18, 2023
IAM
Curtis Castrapel

Introducing IAMbic: Multi-cloud IAM-as-code

We're excited to announce the open-source launch of IAMbic, a multi-cloud IAM control plane designed to simplify IAM management in a GitOps workflow. IAMbic streamlines the management of cloud identities, permissions, and access by presenting everything in a human-readable, as-code format. Key features include Universal Cloud Identity, Dynamic AWS Permissions, Temporary Access, and Drift prevention.

Hey everyone, Curtis here. We're excited to announce the open-source launch of IAMbic (IAM, but in code), a multi-cloud control plane that simplifies IAM management in a GitOps workflow. It’s like Terraform for Cloud IAM, but way easier. See for yourself on GitHub.

During my time on Netflix’s Cloud Security team, we faced the challenge of managing IAM at scale. We had to manage shared user roles with different permissions for dev and prod accounts, grant temporary access to developers to test new services (which we forgot to remove), protect sensitive policies from misconfiguration, and help users with IAM. Things only got more complex as we added more employees, AWS accounts, applications, and cloud resources. It was like playing Clue to find IAM misconfigurations, Jenga to carefully remove temporary/unused permissions, and Tetris to organize the right access rules for each user and app. These tasks were time consuming and made us dread being on-call. 

As permissions piled up, the mental burden of maintenance increased, and security risks and mistakes grew over time. We knew it was only a matter of time before an over-provisioned developer caused critical infrastructure to fail, or even worse, for a sensitive application role to be compromised.

We created IAMbic to solve these problems by making it easy to unify all cloud identities, going beyond access to manage complex cloud permissions, tracking access all the way from users to cloud resources, and presenting everything in a human-readable, as-code, and open-source format. 

IAMbic supports bidirectional syncing and round-trip capabilities in a GitOps workflow, and includes the following key features:

  • Universal Cloud Identity: Integrate identities from AWS IAM and Identity Center, Okta, Azure AD, and Google Workspace with more to come.
  • Dynamic AWS Permissions: Multi-account roles with different permissions and access rules on different accounts.
  • Temporary Access: Declaratively define and automate expiration dates for cloud access, fine-grained permissions, and identities.
  • Drift prevention: Prevent out-of-band changes to IAM resources you want to be exclusively managed via IAMbic, like cookie-cutter roles or sensitive identity provider groups.

We’re just getting started on our journey to change the way cloud IAM is managed. We’re huge fans of open source and eager to grow together through your feedback and contributions. Try out IAMbic by following the Getting Started guide. We’d love to chat and hear about your experiences in our Slack community.

Curtis Castrapel

Noq Founder
linkedin twittergithub

Latest articles

browse all posts
IAM
August 10, 2023

The Hidden Danger of GitHub OIDC and How to Protect Your AWS Roles

Concerned about potential IAM role vulnerabilities from misconfigured trust policies? Identify them easily with IAMbic.

Steven Moy
read more
IAM
May 30, 2023

SCPs: Protecting Your AWS Environment (and your job)

IAMbic, the open-source tool for managing distributed IAM permissions, has expanded its support to include AWS compliance guardrails through Service Control Policies (SCPs). SCPs provide policy governance in AWS, acting as a protective barrier for AWS resources. Users can now efficiently track changes, rollback between different IAM versions, and automatically correct out-of-band changes for important resources. Additionally, IAMbic supports a GitOps workflow, allowing you to implement IAM and SCP changes via PR reviews for improved governance. Continue reading for examples of SCPs, and practical guidance on applying them safely.

Curtis Castrapel
read more
IAM
May 16, 2023

Tailor AWS Identity Center (SSO) Permissions Per Account with IAMbic

In this post, we’ll use IAMbic to create an AWS SSO permission set with different permissions per account while preventing drift. The end result? Manage your AWS SSO permission sets alongside the rest of your IAM with IAMbic, and tailor both access and fine-grained cloud permissions.

Curtis Castrapel
read more

The First IAM Ops Platform for AWS

Learn More

Interested in Noq?

Get in touch with our team to learn more!

Book A Demo
Get Early Access

Automating IAMOps
for AWS

hello@noq.dev
for job inquiries

© 2022 All Rights Reserved Noq Software, Inc. | Privacy Policy | Term & Conditions

HomeCompanyCareersContact
twittergithub
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
 Deny Accept