IAM Armor Open-source IAM & cloud-permissions security scanner
View on GitHub

Self-Host Guide

Run IAM Armor locally or in CI using the open-source CLI.

IAM Armor runs fully offline and does not require AWS credentials.

Installation

pip install iamarmor

Requires Python 3.11+. Check the iamarmor package for current requirements.

CLI usage

iamarmor lint ./terraform/
iamarmor lint ./terraform/ --format json
iamarmor lint ./terraform/ --format sarif

Exit codes

CodeMeaning
0No findings above configured threshold
1Findings at or above fail_on threshold
2Usage or configuration error
3Internal CLI error

GitHub Actions

name: IAM Policy Check
on: [pull_request]
jobs:
  iam-scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.12'
      - run: pip install iamarmor
      - run: iamarmor lint . --fail-on high

Source code

github.com/iam-armor/iamarmor