/MAMIP

[MAMIP] Monitor AWS Managed IAM Policies Changes

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

🔊 MAMIP - Monitor AWS Managed IAM Policies

[Prod] MAMIP - GitHub Actions

MAMIP is a tool that monitors changes in AWS Managed IAM Policies and provides automated notifications through multiple channels.

🔍 Features

  • Automated monitoring of AWS Managed IAM Policies
  • Policy validation using AWS Access Analyzer
  • Multiple notification channels
  • Tracking of deprecated policies
  • Serverless architecture using ECS Fargate (Spot)

🖐 Usage

Four Ways to Get Notified

  1. Social Media

  2. GitHub Notifications

    • Enable "Releases Only" notifications
  3. AWS SNS Topic

    aws sns subscribe \
      --topic-arn arn:aws:sns:eu-west-1:567589703415:mamip-sns-topic \
      --protocol email \
      --notification-endpoint your-email@example.com
  4. RSS Feed

✅ Policy Validation

Each AWS Managed Policy is automatically validated using AWS Access Analyzer Policy Validation. Validation findings are stored in the findings folder.

👴 Deprecated Policies

The repository maintains a list of deprecated policies that are no longer actively managed by AWS. Policy validation is only performed on current AWS-managed policies.

⏰ Schedule

The monitoring service runs on ECS Fargate (Spot) with configurable schedules. Current settings can be found in the Terraform configuration.

📐 Architecture

Schema ECS Fargate

🎖️ Credits

Special thanks to Scott Piper for the original concept. This project extends his idea by:

  • Automating the monitoring process
  • Adding multiple notification channels
  • Implementing policy validation
  • Tracking deprecated policies

📄 License

This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.