| Name | iamx JSON |
| Version |
0.1.0
JSON |
| download |
| home_page | None |
| Summary | IAM Policy Explainer - Local-first IAM policy analyzer with deterministic risk detection |
| upload_time | 2025-08-20 06:35:58 |
| maintainer | None |
| docs_url | None |
| author | None |
| requires_python | >=3.8 |
| license | MIT |
| keywords |
analyzer
aws
devops
iam
policy
security
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# iamx - IAM Policy Explainer
A local-first IAM policy analyzer that scans AWS IAM JSON policies, detects risky patterns deterministically, explains them in plain English, assigns severity levels, and suggests least-privilege fixes.
## 🎯 Why iamx?
Copy-pasting IAM policies into ChatGPT is unsafe, inaccurate, and doesn't scale for bulk analysis. Manual policy review is time-consuming and error-prone.
**iamx solves these problems:**
- ✅ **Accuracy first** - Static parser + deterministic rules (no hallucinations)
- ✅ **Human-readable explanations** - Plain English descriptions of risks
- ✅ **Bulk scanning** - Process multiple policies efficiently
- ✅ **CI/CD integration** - GitHub Actions with configurable thresholds
- ✅ **Privacy-first** - Local by default, optional AI summaries
- ✅ **Multiple outputs** - Markdown, JSON, and interactive web reports
## 🚀 Features
### Core Analysis
- **Deterministic pattern detection** - No AI hallucinations, consistent results
- **Risk severity classification** - Critical/High/Medium/Low based on impact
- **Plain English explanations** - Understandable descriptions of each finding
- **Least-privilege suggestions** - Specific recommendations for policy improvements
### Supported Patterns
- Overly permissive actions (`*` permissions)
- Wildcard resources without restrictions
- Cross-account access patterns
- Administrative actions detection
- Data access actions analysis
- Missing resource restrictions
- Sensitive service permissions
### Output Formats
- **CLI** - Terminal output with color-coded results
- **Web UI** - Interactive local web interface
- **Markdown** - Detailed reports for documentation
- **JSON** - Machine-readable output for CI/CD
- **GitHub Actions** - Automated policy reviews in PRs
## 🛠️ Installation
```bash
# Clone the repository
git clone https://github.com/yourusername/iamx.git
cd iamx
# Install dependencies
pip install -e .
# Or install directly from PyPI (when published)
pip install iamx
```
## 📖 Quick Start
### CLI Usage
```bash
# Analyze a single policy file
iamx analyze policy.json
# Analyze multiple policies
iamx analyze policies/*.json
# Generate detailed report
iamx analyze policy.json --output report.md --format markdown
# Set severity threshold for CI
iamx analyze policy.json --fail-on high
```
### Web UI
```bash
# Start the local web interface
iamx web
# Open http://localhost:8080 in your browser
```
### GitHub Actions Integration
```yaml
name: IAM Policy Review
on: [pull_request]
jobs:
iamx:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run iamx
uses: yourusername/iamx-action@v1
with:
path: 'policies/'
fail-on: 'high'
output: 'iamx-report.md'
```
## 📊 Example Output
```
🔍 Analyzing IAM Policy: admin-policy.json
❌ CRITICAL: Overly Permissive Actions
The policy grants '*' permissions on all resources for ec2:* actions.
This allows full EC2 control including instance termination and data access.
Recommendation: Replace with specific actions like:
- ec2:DescribeInstances
- ec2:StartInstances
- ec2:StopInstances
⚠️ HIGH: Missing Resource Restrictions
The policy allows s3:GetObject on any S3 bucket without restrictions.
This could expose sensitive data across all buckets.
Recommendation: Add resource ARN restrictions:
"Resource": "arn:aws:s3:::my-bucket/*"
✅ LOW: Consider Adding Conditions
The policy doesn't require MFA for administrative actions.
Recommendation: Add MFA condition for sensitive operations.
```
## 🏗️ Architecture
```
iamx/
├── core/ # Core analysis engine
├── cli/ # Command-line interface
├── web/ # Web UI components
├── rules/ # Policy analysis rules
├── reports/ # Report generators
├── github/ # GitHub Actions integration
└── tests/ # Test suite
```
## 🤝 Contributing
We welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.
### Development Setup
```bash
# Clone and setup development environment
git clone https://github.com/yourusername/iamx.git
cd iamx
pip install -e ".[dev]"
# Run tests
pytest
# Run linting
black .
flake8 .
```
## 📄 License
MIT License - see [LICENSE](LICENSE) for details.
## 🙏 Acknowledgments
- Built with modern Python tooling and best practices
- Designed for the security and DevOps community
- Inspired by the need for better IAM policy analysis tools
Raw data
{
"_id": null,
"home_page": null,
"name": "iamx",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "analyzer, aws, devops, iam, policy, security",
"author": null,
"author_email": "iamsteve0 <sefthuko28.projects@gmail.com>",
"download_url": "https://files.pythonhosted.org/packages/c5/de/bd1427804627c6b1545a0cafbd427cf6d60024a884f67e6804abd58cd8ef/iamx-0.1.0.tar.gz",
"platform": null,
"description": "# iamx - IAM Policy Explainer\n\nA local-first IAM policy analyzer that scans AWS IAM JSON policies, detects risky patterns deterministically, explains them in plain English, assigns severity levels, and suggests least-privilege fixes.\n\n## \ud83c\udfaf Why iamx?\n\nCopy-pasting IAM policies into ChatGPT is unsafe, inaccurate, and doesn't scale for bulk analysis. Manual policy review is time-consuming and error-prone.\n\n**iamx solves these problems:**\n- \u2705 **Accuracy first** - Static parser + deterministic rules (no hallucinations)\n- \u2705 **Human-readable explanations** - Plain English descriptions of risks\n- \u2705 **Bulk scanning** - Process multiple policies efficiently\n- \u2705 **CI/CD integration** - GitHub Actions with configurable thresholds\n- \u2705 **Privacy-first** - Local by default, optional AI summaries\n- \u2705 **Multiple outputs** - Markdown, JSON, and interactive web reports\n\n## \ud83d\ude80 Features\n\n### Core Analysis\n- **Deterministic pattern detection** - No AI hallucinations, consistent results\n- **Risk severity classification** - Critical/High/Medium/Low based on impact\n- **Plain English explanations** - Understandable descriptions of each finding\n- **Least-privilege suggestions** - Specific recommendations for policy improvements\n\n### Supported Patterns\n- Overly permissive actions (`*` permissions)\n- Wildcard resources without restrictions\n- Cross-account access patterns\n- Administrative actions detection\n- Data access actions analysis\n- Missing resource restrictions\n- Sensitive service permissions\n\n### Output Formats\n- **CLI** - Terminal output with color-coded results\n- **Web UI** - Interactive local web interface\n- **Markdown** - Detailed reports for documentation\n- **JSON** - Machine-readable output for CI/CD\n- **GitHub Actions** - Automated policy reviews in PRs\n\n## \ud83d\udee0\ufe0f Installation\n\n```bash\n# Clone the repository\ngit clone https://github.com/yourusername/iamx.git\ncd iamx\n\n# Install dependencies\npip install -e .\n\n# Or install directly from PyPI (when published)\npip install iamx\n```\n\n## \ud83d\udcd6 Quick Start\n\n### CLI Usage\n\n```bash\n# Analyze a single policy file\niamx analyze policy.json\n\n# Analyze multiple policies\niamx analyze policies/*.json\n\n# Generate detailed report\niamx analyze policy.json --output report.md --format markdown\n\n# Set severity threshold for CI\niamx analyze policy.json --fail-on high\n```\n\n### Web UI\n\n```bash\n# Start the local web interface\niamx web\n\n# Open http://localhost:8080 in your browser\n```\n\n### GitHub Actions Integration\n\n```yaml\nname: IAM Policy Review\non: [pull_request]\njobs:\n iamx:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v3\n - name: Run iamx\n uses: yourusername/iamx-action@v1\n with:\n path: 'policies/'\n fail-on: 'high'\n output: 'iamx-report.md'\n```\n\n## \ud83d\udcca Example Output\n\n```\n\ud83d\udd0d Analyzing IAM Policy: admin-policy.json\n\n\u274c CRITICAL: Overly Permissive Actions\n The policy grants '*' permissions on all resources for ec2:* actions.\n This allows full EC2 control including instance termination and data access.\n \n Recommendation: Replace with specific actions like:\n - ec2:DescribeInstances\n - ec2:StartInstances\n - ec2:StopInstances\n\n\u26a0\ufe0f HIGH: Missing Resource Restrictions\n The policy allows s3:GetObject on any S3 bucket without restrictions.\n This could expose sensitive data across all buckets.\n \n Recommendation: Add resource ARN restrictions:\n \"Resource\": \"arn:aws:s3:::my-bucket/*\"\n\n\u2705 LOW: Consider Adding Conditions\n The policy doesn't require MFA for administrative actions.\n \n Recommendation: Add MFA condition for sensitive operations.\n```\n\n## \ud83c\udfd7\ufe0f Architecture\n\n```\niamx/\n\u251c\u2500\u2500 core/ # Core analysis engine\n\u251c\u2500\u2500 cli/ # Command-line interface\n\u251c\u2500\u2500 web/ # Web UI components\n\u251c\u2500\u2500 rules/ # Policy analysis rules\n\u251c\u2500\u2500 reports/ # Report generators\n\u251c\u2500\u2500 github/ # GitHub Actions integration\n\u2514\u2500\u2500 tests/ # Test suite\n```\n\n## \ud83e\udd1d Contributing\n\nWe welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.\n\n### Development Setup\n\n```bash\n# Clone and setup development environment\ngit clone https://github.com/yourusername/iamx.git\ncd iamx\npip install -e \".[dev]\"\n\n# Run tests\npytest\n\n# Run linting\nblack .\nflake8 .\n```\n\n## \ud83d\udcc4 License\n\nMIT License - see [LICENSE](LICENSE) for details.\n\n## \ud83d\ude4f Acknowledgments\n\n- Built with modern Python tooling and best practices\n- Designed for the security and DevOps community\n- Inspired by the need for better IAM policy analysis tools\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "IAM Policy Explainer - Local-first IAM policy analyzer with deterministic risk detection",
"version": "0.1.0",
"project_urls": {
"Documentation": "https://github.com/iamsteve0/iamx#readme",
"Homepage": "https://github.com/iamsteve0/iamx",
"Issues": "https://github.com/iamsteve0/iamx/issues",
"Repository": "https://github.com/iamsteve0/iamx"
},
"split_keywords": [
"analyzer",
" aws",
" devops",
" iam",
" policy",
" security"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "a4fd7ba670bbdfde42caf8ea443da941d085239848ebb2a6b7433baa388e06de",
"md5": "10433815f68fff44a6e024bccb605155",
"sha256": "0af787d0c30e511099268aeef36e1a8f248dec7180a7649cb0f470487615db5b"
},
"downloads": -1,
"filename": "iamx-0.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "10433815f68fff44a6e024bccb605155",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 31598,
"upload_time": "2025-08-20T06:35:57",
"upload_time_iso_8601": "2025-08-20T06:35:57.397014Z",
"url": "https://files.pythonhosted.org/packages/a4/fd/7ba670bbdfde42caf8ea443da941d085239848ebb2a6b7433baa388e06de/iamx-0.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "c5debd1427804627c6b1545a0cafbd427cf6d60024a884f67e6804abd58cd8ef",
"md5": "55af376f8e2c9425cf8225bbb973e8a6",
"sha256": "cdc5b83f9002d116dda8926bb9c047c839dfba5b108426174709249412ef7a62"
},
"downloads": -1,
"filename": "iamx-0.1.0.tar.gz",
"has_sig": false,
"md5_digest": "55af376f8e2c9425cf8225bbb973e8a6",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 31363,
"upload_time": "2025-08-20T06:35:58",
"upload_time_iso_8601": "2025-08-20T06:35:58.963003Z",
"url": "https://files.pythonhosted.org/packages/c5/de/bd1427804627c6b1545a0cafbd427cf6d60024a884f67e6804abd58cd8ef/iamx-0.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-20 06:35:58",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "iamsteve0",
"github_project": "iamx#readme",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "iamx"
}
