iamlive-docker

Run iamlive as a Docker container.

To read more about how iamlive works, see Determining AWS IAM Policies According To Terraform And AWS CLI

Requirements

Getting Started

Run iamlive

Git clone this repo, or curl relevant files

curl -L --remote-name-all https://raw.githubusercontent.com/unfor19/iamlive-docker/master/{Dockerfile,.dockerignore,Makefile,entrypoint.sh,generate_ca.sh} && \
chmod +x entrypoint.sh generate_ca.sh

Terminal #1: Build the Docker image
```
make build
```

Terminal #2: Run the Docker image for the first time

make run
# Runs in the background ...
# Average Memory Usage: 88MB

Terminal #1: Copy CA certificate from the container to host; To keep ca.pem valid for future runs, do not remove the iamlive-docker container.
```
make copy
```

Proxy IAM Requests Through iamlive

Terminal #1: Set AWS credentials

export AWS_PROFILE=MY_AWS_PROFILE

export AWS_ACCESS_KEY_ID=MY_AWS_ACCESS_KEY_ID

export AWS_SECRET_ACCESS_KEY=MY_AWS_SECRET_ACCESS_KEY

Terminal #1: Set required environment variables HTTP_PROXY, HTTPS_PROXY and AWS_CA_BUNDLE

export \
    HTTP_PROXY=http://127.0.0.1:80 \
    HTTPS_PROXY=http://127.0.0.1:443

AND

export AWS_CA_BUNDLE="${HOME}/.iamlive/ca.pem"

Terminal #1: Test it by making calls to AWS, using the CLI is the easiest way

aws s3 ls

Terminal #2: iamlive output after aws s3 ls

 {
     "Version": "2012-10-17",
     "Statement": [
         {
             "Effect": "Allow",
             "Action": [
                 "s3:ListAllMyBuckets"
             ],
             "Resource": "*"
         }
     ]
 }

Terminal #1: Stop the iamlive container
```
make stop
```
Terminal #2: Start iamlive container again (no need to invoke make copy)
```
make start
```
Terminal #1: Do your thing again ;)

Authors

Created and maintained by Meir Gabay

License

This project is licensed under the DBAD License - see the LICENSE file for details