MII: Machine Identity Intelligence — discover and risk-score IAM roles, OIDC federations, and CI/CD tokens across AWS

MII: Machine Identity Intelligence — discover and risk-score IAM roles, OIDC federations, and CI/CD tokens across AWS



Tópico: MII: Machine Identity Intelligence — discover and risk-score IAM roles, OIDC federations, and CI/CD tokens across AWS
Categoria: Tutoriais | Programação & Tecnologia
Idioma Principal: Português (Conteúdo de Tecnologia)

Descrição do Conteúdo / Informações:
-------------------------------------------------------------------------
Released an open-source tool for a problem I kept hitting: no visibility into machine identities.

CyberArk's 2025 report found machine identities outnumber humans 82:1. Every IAM role, every OIDC federation from CI/CD to AWS, every service account — they pile up with no one monitoring them.

MII connects to your AWS account (read-only) and:

Discovers every IAM role and trust relationship

Maps them into a directed trust graph

Scores each one 0-100 (admin permissions, cross-account trust, staleness, etc.)

Simulates blast paths — "if this identity is compromised, what's the damage?"

Measures trust debt — unnecessary permissions accumulated over time

Generates remediation plans with specific AWS CLI commands

Also supports GitLab CI/CD identity discovery (finds OIDC federations to AWS).

Docker Compose for local dev, Terraform for AWS deployment (EC2 + CloudFront).

MIT licensed: https://github.com/josephtui767-cloud/MII

Happy to answer questions about the architecture or methodology.