Question 1

How does AirIAM compare to terraforming for AWS IAM migration?

Accepted Answer

AirIAM focuses on least-privilege migration and unused resource detection, while terraforming is a general export tool. AirIAM provides more targeted IAM optimization, integration with security tools like Checkov, and automated cleanup scripts.

Question 2

How to install AirIAM on Windows?

Accepted Answer

Use pip with 'pip install airiam' and ensure Python is in your PATH, as the README highlights path issues in the FAQ. Brew installation is MacOS-only, but pip works cross-platform for Windows, Linux, and Mac.

Question 3

What AWS IAM permissions are needed to run AirIAM?

Accepted Answer

AirIAM requires read permissions for IAM entities and usage data, such as iam:Get* and iam:List* actions. For full migration, admin access is recommended to modify IAM resources and import them to Terraform state.

Question 4

Can AirIAM handle IAM roles with instance profiles?

Accepted Answer

Yes, AirIAM scans all IAM resources including roles and instance profiles, and includes them in the Terraform output if they are in use based on the last-used threshold. However, it may tag these resources during migration.

Question 5

How to revert changes if AirIAM makes a mistake?

Accepted Answer

Review the generated Terraform code before applying it. To revert, use Terraform's state management or backups, but since AirIAM modifies IAM entities directly during import, testing in non-prod environments first is crucial.

Question 6

Does AirIAM support AWS Organizations or multiple accounts?

Accepted Answer

The README doesn't explicitly mention AWS Organizations; it focuses on single account profiles via the -p flag. For multi-account setups, you'd likely need to run AirIAM separately per account or script it, which adds complexity.

AirIAM

What is AirIAM?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions