GitHub Repository

Cloud IAM security guard — scan AWS IAM policies for risks in seconds

10 starsPython

Pasu- Open-Source CLI AWS IAM Analyzer Tool

Name: Pasu- Open-Source CLI AWS IAM Analyzer Tool
Availability: InStock
Author: nkimeducaiton

by nkimeducaiton·Mar 9, 2026·2 points·0 comments

Visit Project View on HN

AI Analysis

●●SolidSolve My ProblemNiche Gem

Auto-fixes dangerous IAM policies with least-privilege replacements in seconds.

Strengths

•Auto-fix command generates least-privilege replacement policies with before/after risk scores.
•Plain English explanations make IAM policies understandable for non-technical stakeholders.
•No API key or AWS account setup required for local policy analysis.

Weaknesses

•IAM security analyzers already exist with Prowler, ScoutSuite, and PMapper.
•One star on GitHub suggests limited community validation and production testing.

Post Description

I built Pasu, a CLI tool that scans AWS IAM policies for security risks.

- 30+ detection rules (privilege escalation, public S3, dangerous actions) - Plain English explanations for non-technical people - No API key needed for local analysis - JSON/SARIF output for CI/CD - pip install pasu

GitHub: https://github.com/nkimcyber/pasu-IAM-Analyzer

Would love feedback from anyone managing AWS IAM policies.

Similar Projects

Security●Mid

Free Tool to Analyze Content Security Policies

Free CSP analyzer when Google's CSP Evaluator already does this.

Cozy

itsdevdaniel

2017d ago

Security●●Solid

A single security policy for both AWS CloudFront and Cloudflare Workers

YAML-to-code compiler for CDN security, but CloudFront+CF already have native policy tools.

Big BrainSolve My Problem

einshutoin

104mo ago

Developer Tools●●Solid

Atlasphere – Live Infrastructure Diagrams

Auto-generates AWS diagrams from read-only IAM scans with versioned change history.

Solve My ProblemSlick

andreygrehov

31175d ago

Security●●Solid

MCP-scan – Security scanner for MCP server configs

First security scanner for MCP configs as the protocol gains adoption.

Niche GemShip It

AbanoubRodolf

102mo ago

Infrastructure●●Solid

I'm building an AWS cost CLI and need your feedback about it

It scans AWS for idle EC2/EBS/S3 artifacts and compares your month-to-date spend to the same window last month so you can spot anomalies fast. Rich terminal tables + structured JSON output and MFA-role support make it easy to drop into CI/CD or FinOps workflows, but the feature set overlaps heavily with existing tools like Cloud Custodian and Trusted Advisor.

Niche GemSolve My Problem

elC0mpa

114mo ago

Security●Mid

Data Hogo – scan your repo for security issues

Polished UI but Snyk and Semgrep already dominate this space.

Slick

efecto1920

202mo ago