keLP - Keeping Everything Least Privileged

Motivation

In the world of cloud computing, ensuring least privilege access is crucial for maintaining security and compliance. I developed keLP (Keeping Everything Least Privileged), a tool designed to automate the process of granting least privilege IAM roles for serverless applications in AWS.

What is keLP?

keLP is an open-source tool aimed at simplifying IAM role management by automating the analysis and assignment of the necessary permissions for your AWS Lambda functions. It reads your function definitions from your Infrastructure as Code (IaC), deploys and executes your Lambdas using localstack, and then analyzes the resulting API calls captured by CloudTrail to determine the exact permissions needed. This will ensure that the IAM roles are least privileged, because it will only grant permissions that were actually used.

Key Features

 

• Automated IAM Role Assignment: keLP automates the tedious process of creating and updating IAM roles, ensuring that each function only has the permissions it truly needs.
• Seamless Integration: Easily integrate keLP with your existing CI/CD pipeline.
• Security Compliance: Helps maintain security best practices by enforcing least privilege policies.

Installation and Usage

Getting started with keLP is straightforward. You can install it via pip:

1pip install aws-kelp

To use keLP, simply run the following command to analyze your Lambda functions and update IAM roles:

1kelp -v

Contribution and Community

keLP is open-source, and contributions are welcome! Whether it’s reporting bugs, requesting features, or submitting pull requests, the community’s involvement is crucial to the project’s success.

Conclusion

keLP is a powerful tool for anyone managing serverless applications in AWS. By automating the IAM role management process, it not only saves time but also enhances the security of your applications. Check out the project on GitHub and contribute to making cloud security more efficient and effective.