A static analysis tool for Infrastructure as Code (IAC) such as Terraform and CloudFormation. I contributed the underlying logic behind the AWS IAM Security scanning rules.

Sensitive AWS API Calls That Return Credentials and Data

Worried about AWS IAM permissions that allow you to access data (like S3 objects, CodeCommit code, others) or return credentials in their response? I've updated my list of these potentially dangerous API calls and you can read about them here.


An AWS IAM Security Assessment tool that identifies violations of least privilege & creates a risk-prioritized report.

Policy Sentry

Generate Secure IAM Policies Automagically

Automating Least Privilege in AWS IAM with Policy Sentry

Introduction to Policy Sentry, an easy way to create least privilege policies by copying/pasting ARNs into a YAML file.