Saving and sourcing credentials:
Credulous needs to be able to find out the IAM username and
AWS account alias (if one is set), in order to save or sourceg
the current credentials without the use of theg
--force option. This corresponds to an IAM policy
like this:
{
"Statement": [
{
"Sid": "PermitUserSeeOwnDetails",
"Action": [
"iam:GetUser",
"iam:ListAccessKeys",
"iam:ListAccountAliases"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}"
}
]
}
Rotating credentials: For Credulous to be able to rotate your credentials, your IAM user needs to have the rights to create and delete your own Access Keys. This corresponds to an IAM policy that looks like:
{
"Statement": [
{
"Sid": "ManageOwnAccessKeys",
"Action": [
"iam:CreateAccessKey",
"iam:DeleteAccessKey",
"iam:ListAccessKeys",
"iam:GetUser"
],
"Effect": "Allow",
"Resource": "arn:aws:iam::*:user/${aws:username}"
}
]
}
Yes! We like contributions! You could help out in one of a few ways:
credulous.io site look better, the source is in the credulous-www repository (we are not designers)