Open-Awesome
CategoriesAlternativesStacksSelf-HostedExplore
Open-Awesome

© 2026 Open-Awesome. Curated for the developer elite.

TermsPrivacyAboutGitHubRSS
  1. Home
  2. Terraform
  3. terraform-iam-policy-validator

terraform-iam-policy-validator

MIT-0Pythonv0.0.9

A CLI tool that validates AWS IAM policies in Terraform templates against AWS IAM best practices and custom checks.

GitHubGitHub
348 stars33 forks0 contributors

What is terraform-iam-policy-validator?

IAM Policy Validator for Terraform is a command-line tool that analyzes AWS IAM policies defined in Terraform templates. It validates these policies against AWS IAM best practices using IAM Access Analyzer, helping identify security misconfigurations before deploying infrastructure. The tool supports both standard policy checks and custom checks for specific security requirements.

Target Audience

DevOps engineers, security engineers, and cloud infrastructure developers who use Terraform to manage AWS resources and need to ensure IAM policies follow security best practices.

Value Proposition

Developers choose this tool because it integrates AWS's native IAM analysis directly into Terraform workflows, providing automated security validation that catches policy issues early. It offers granular control over validation rules and supports custom security checks beyond standard best practices.

Overview

A command line tool that validates AWS IAM Policies in a Terraform template against AWS IAM best practices

Use Cases

Best For

  • Validating IAM policies in Terraform templates before deployment
  • Checking for public access in S3 bucket policies defined as code
  • Ensuring IAM roles don't grant excessive permissions in infrastructure
  • Comparing new IAM policies against existing reference policies for access changes
  • Preventing deployment of Terraform code with critical security findings
  • Integrating IAM security validation into CI/CD pipelines for AWS infrastructure

Not Ideal For

  • Projects using non-AWS cloud providers or multi-cloud Terraform configurations
  • Terraform templates that heavily rely on computed resources for IAM policy definitions
  • Organizations with strict budgets avoiding AWS service charges for custom policy checks
  • Environments requiring offline IAM policy validation without AWS API dependencies

Pros & Cons

Pros

AWS Native Validation

Uses AWS IAM Access Analyzer directly, providing up-to-date security checks aligned with AWS best practices and reducing manual policy review.

Custom Security Checks

Supports custom checks for new access, critical permissions, and public access via IAM Access Analyzer, enabling tailored security policies beyond standard validation.

Terraform Workflow Integration

Parses IAM policies from Terraform plan JSON files, allowing validation early in the development cycle without deploying resources.

Granular Finding Control

Offers configurable blocking findings and ignore rules by code or resource, minimizing false positives and enabling flexible enforcement in CI/CD.

Cons

Cost for Custom Checks

Custom policy checks incur AWS charges per validation, as highlighted in the README, which can become significant for large or frequent deployments.

Computed Resources Gap

Fails to validate policies with Terraform computed resources, a admitted limitation that leaves a security blind spot for dynamic IAM configurations.

AWS Service Dependency

Relies entirely on AWS IAM Access Analyzer APIs, requiring consistent network access, proper permissions, and subjecting validation to AWS service availability and rate limits.

Frequently Asked Questions

Quick Stats

Stars348
Forks33
Contributors0
Open Issues10
Last commit1 year ago
CreatedSince 2022

Tags

#cli-tool#terraform#infrastructure-as-code#devsecops#aws-iam

Built With

P
Python
b
boto3

Included in

Terraform6.3k
Auto-fetched 1 day ago

Related Projects

terraformerterraformer

CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code

Stars14,558
Forks1,838
Last commit3 months ago
InfracostInfracost

Cloud cost intelligence for engineers, AI coding agents, and CI/CD 💰📉 Shift FinOps Left!

Stars12,386
Forks679
Last commit5 days ago
TerragruntTerragrunt

Terragrunt is a flexible orchestration tool that allows Infrastructure as Code written in OpenTofu/Terraform to scale.

Stars9,682
Forks1,208
Last commit2 days ago
atlantisatlantis

Terraform Pull Request Automation

Stars9,162
Forks1,288
Last commit1 day ago
Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a projectStar on GitHub