IAM Armor Static analyzer for AWS IAM policies in Terraform
View on GitHub

Quickstart

Get IAM Armor running in minutes with the open-source CLI.

Install

# Python 3.11+
pip install iamarmor

Optional launchers:

pipx install iamarmor
uvx iamarmor scan .

uvx runs the tool on-demand without installation; pipx installs it in an isolated environment for repeated use.

Run your first scan

iamarmor scan .

Run against a specific path:

iamarmor scan modules/iam/

JSON output for CI and automation:

iamarmor scan . --format json

Add config (optional)

Create .iamarmor.yml at your repo root:

version: 1
severity_threshold: low
fail_on: high
rules:
  ignore: [IAM004]

CI integration

- name: Scan IAM policies
  run: |
    pip install iamarmor
    iamarmor scan . --fail-on high

Next steps